Your Potential Liability Without Cyber Insurance

But how much could you be liable for if you end up with little or no coverage? The numbers are shocking.

Without comprehensive cyber insurance, a range of different cyber-related attacks or mistakes can harm your business in many different ways: Lost revenue, system repairs, legal fees, regulatory fines, client losses and employee turnover are all potential consequences of a cyber attack. Your exposure to these pain points is relative to the type of cyber attack you experience and the size and complexity of the business that you run.

For example, consider the type and volume of customer data that your organization handles. If you run a small to midsize business that handles very little personal client information, you may incur fewer regulatory fines for exposing customer data in the wake of an attack. However, a large medical company routinely handling large volumes of information — such as customer social security numbers, confidential patient health records and credit card information — is extremely vulnerable to fines of hundreds of dollars per customer record stolen.

Each type of organization is exposed to risk of major damage by cyber attacks in different ways.

Medical Field Risks and Possible Liability

The medical field is one of the most frequently attacked sectors in the U.S., in part because medical companies have characteristics that make them prime targets for cyber attacks: They're usually large, have deep pockets and handle vast amounts of confidential patient information.

The cost of seriously damaging attacks in the medical field can be staggering. In 2022, the average cost of a breach in the medical field was $10.1 million,¹ an amount that few companies would have been able to handle without insurance.

Healthcare companies are also more vulnerable cyberattacks because they provide essential care to their clients in a timely fashion. Most healthcare companies can't slow down operations and refuse to pay a ransom. The care must go on, resulting in many cases where insurance is forced to respond and pay the required amount. While some experts speculate that paying ransoms often encourages further attacks from cybercriminals across the world, there can often be little choice when patients' health and wellbeing are on the line.

In these situations, it's invaluable to have a policy that fully covers cyber risk, both for the safety of your company and for the health of your clients.

Small Business and Startups

Although larger companies have a lot to lose, small businesses are actually the most frequently attacked sector. Someone working at a company with fewer than 100 employees will receive 350% more social engineering attacks than a worker at a large company.² Small businesses often don't have the same breadth of resources to prepare themselves for the rising threat of cyber attacks, making them a softer target for hackers everywhere.

When entrepreneurs start a new business, the first few years are often marked by financial stress and resource scarcity, and cybersecurity can be relegated to a second tier of importance. Many of these companies don't have the time or money to create comprehensive in-house cyber defense training programs or policies, leaving the average employee with a subpar understanding of best practices when faced with sketchy emails or other nascent threats.

Phishing attacks are most common with small businesses, targeting individual employees while pretending to be a trusted vendor or associate. Once the employee lets the hacker into the system, the hacker can damage the company's systems and data. In 2021, the average cost data breaches at companies with fewer than 500 employees was $2.98 million³ — a massive amount for a fledgling company to handle on their own. Without cyber insurance, many of these small companies are at risk of going under from the repercussions of just a single attack, a risk that most large corporations don't often face.

Financial Institutions

Financial institutions stand to lose a lot from cyber attacks, especially if they don't have well-fitted insurance policies. Trojan and malware attacks consistently plague companies in the finance industry, causing massive disruption and damage. With the average finance company managing 449,855 exposed sensitive files in 2021,⁴ many are ripe for attack. At an average cost of $161 per stolen record,³ these costs rack up fast.

Banks and other organizations that manage money and personal information for so many of their clients are especially vulnerable to loss-of-revenue damages caused by cyber attacks. When a data breach is discovered, large portions of the organization are often forced to shut down, creating chaos and slowing business. While some types of cyber insurance cover these types of damages, some entry-level policies don't.

Loss of confidence in a financial institution after a data breach or other cyber attack is also a big problem. If a large data breach has recently occurred at a company, potential and existing customers may decide to take their business elsewhere.

With cyber attacks on the rise across the world, the cost of running a business without cyber coverage can be astronomical. If businesses don't protect themselves cyber insurance in today's cybersecurity climate, most would go out of business extremely quickly.

Sources

¹"Cost of a Data Breach Report 2022," IBM Corporation, Jul 2022. PDF file.

²"Spear Phishing: Top Threats and Trends ," Vol. 7, Barracuda, Mar 2022. PDF file.

³"Cost of a Data Breach Report 2021," IBM Corporation, Jul 2021. PDF file.

⁴"2021 Data Risk Report: Financial Services," Varonis, accessed 7 Sept 2022. PDF file.