Why do cyber liability claims cost so much?

Insureon Staff.
By Insureon Staff
November 13, 2020
There has never been a greater risk of cyberattacks against small businesses, and the costs have never been higher. Learn why cyber claims are so expensive, and how cyber liability insurance can help protect your business.
Server room with padlock representing cyber security

Your small business likely depends on data to operate. That data could include anything from sales projections to sensitive information about customers and vendors. Without proper security measures in place, you may be open to attacks by cybercriminals. And the costs of a cyber liability claim can be enormous.

A data breach or other cyber incident can have long-term effects on your business. It takes companies approximately 200 days to identify a security breach and about 70 days to contain a breach. Recovery can be a lengthy, expensive process.

Credit monitoring service costs can add up for several years. And less obvious expenses from cyberattacks such as damage to your reputation, lost future opportunities, and lower valuation are harder to quantify but just as real.

As costs add up, some businesses won’t be able to survive. In fact, 60% of small businesses go under within six months of a cyberattack.

Fortunately, cyber liability insurance can protect your business from these potentially devastating costs.

Why is a cyber claim so expensive?

Recovering from a cybersecurity incident will drain your business of both time and money. Every state requires that you quickly notify parties whose personal information was affected. If you don’t, you could face steep fines and penalties.

In most states, you must also investigate and correct the security flaw that led to the breach. The costs of fixing weak cybersecurity can be huge and often the reason why many small businesses have flimsy security in the first place.

But the costs don’t stop there. Expenses can continue to add up months or even years down the road.

Common cyber liability claim costs

A study from the IBM/Ponemon Institute found that data breaches cost businesses $242 per stolen record on average. That means the average U.S. data breach costs more than $8 million.

Common costs of a data breach or ransomware attack include:

  • Business interruption/lost revenue: Most businesses rely on technology to operate efficiently. But a cyberattack can take down your tech, leaving you unable to offer services or make sales.
  • Investigating and eliminating security weaknesses: Hiring experts to find and fix a security flaw can cost you big bucks. A forensic examination by a reputable firm can cost anywhere from $200 to $1,500 per hour, according to Zurich Financial Services Group.
  • Public relations costs: As soon as you learn of a data breach, you need to start damage control. A PR firm can be essential to protect your business’s reputation.
  • Regulatory fines/penalties: Regulators are cracking down on companies that fail to protect consumer data, no matter their size. Penalties for negligence can range from massive fines to jail time.
  • Customer notification costs: Following a data breach, you must contact any affected party. Notification requirements vary by state, but costs range from $0.50 to $5 per notice, according to Zurich.
  • Credit monitoring: Your business will also need to cover credit monitoring services for all affected parties for at least two years. Credit monitoring can cost anywhere from $10 to $30 per individual per year, according to Zurich.
  • Reputational damage/lost customers: Even with the best PR, your business’s reputation will take a hit after a breach. It’s hard to measure lost business, but expect it to impact your company’s bottom line.
  • Potential lawsuits from customers or clients: Lawsuits are always a risk after a data breach. According to NetDiligence’s 2019 Cyber Claims Study, the average cost for legal defense was $740,000, while the average legal settlement was $2 million.
Protect your business with cyber liability insurance

Examples of cyber liability claims and their costs

Here are a few scenarios to demonstrate how cyber costs can quickly add up:

As an example, say a missed Windows software patch at a landscaping company allows a hacker to break in and steal information on 1,200 customers. Cyber insurance claim costs would include:

  • Finding and repairing the cause of the breach
  • Notifying customers
  • Credit monitoring for those customers for two to three years
  • Fines or penalties

Or suppose an accounting firm employee falls for a phishing scam and ransomware encrypts files across the company’s network. A message demands payment within three days or data will be lost forever. The company decides to pay, and the company regains access after four days of downtime. Costs could include:

  • Hiring experts to negotiate with hackers
  • Lost productivity as owners/management deal with the attack
  • Paying the extortion demand
  • Lost business due to business interruption
  • Missed deadlines, project delays, and broken contracts for your existing business
  • Loss of both customers and new opportunities due to reputational damage

Or let’s say you own an IT consulting firm and misconfigure your client’s firewall. They suffer a data breach and sue. You could be responsible for paying:

  • All your client’s financial losses
  • The costs of your damaged reputation and lost business
  • Defense costs and legal fees

The best way to safeguard your business from outrageous cyber costs is with the right insurance protection.

How do I protect my business from these risks?

Understanding your risks is the first step to protecting your business from cyber threats. Talk with the contractors or employees who run your websites or IT networks to learn about any potential weaknesses and try to correct them. In the long run, investing in cybersecurity can be a much cheaper option than paying the costs from a cyberattack.

The best way to safeguard your business from outrageous cyber costs is with the right insurance protection.

Your business likely has a general liability insurance policy, which will cover the costs of third-party injuries, third-party property damage, and advertising injuries. But it typically doesn’t cover cyber claims.

For that, you’ll need cyber liability insurance. A cyber liability policy can help cover costs such as customer notification, fraud monitoring services, and legal costs if a client blames your company for failing to prevent a data breach.

There are two kinds of cyber coverage:

Most business owners add first-party cyber liability insurance coverage to their general liability policy.

But tech pros who recommend software or handle network security usually opt for technology errors and omissions insurance (tech E&O). This bundle includes third-party cyber liability insurance and also errors and omissions insurance for protection during lawsuits over data breaches, professional errors, contract disputes, and more.

Even the best cybersecurity can’t eliminate the risk of a data breach or other cyber event. And you’ll want to take extra care if you’re responsible for a client’s systems. To protect your business from the steep costs of a cyber claim, make sure your business has the right coverage in place.

 

Complete Insureon’s easy online application today to compare quotes for business insurance from top-rated U.S. carriers. Once you find the right policy for your small business, you can begin coverage in less than 24 hours.

Save money by comparing insurance quotes from multiple carriers