Cyber insurance is critical in today’s threat landscape. There is always the risk of a successful compromise and a good cyber insurance policy will not only provide you enough coverage, but will give you access to resources like digital forensic, PR firms, and lawyers that specialize in data breaches. Cyber insurance has been a no-brainer for enterprise-level organizations for years now, but the small and midsized business community has lagged behind.
We conducted a survey of 100 small business leaders to better understand how they are thinking about cyber insurance, here is what we found:
47% of small businesses have cyber insurance.
It is concerning that most small businesses do not currently have a cyber policy. However, we do expect the number of cyber policies for SMBs to increase due to the growing expectation of security in today’s businesses. Some industries have begun requiring a certain level of cyber coverage to keep doing business, we expect this trend to spread to other industries and to businesses that partner with those industries.
Note: Do you have the right cyber policy? Some people believe that they have cyber insurance, but really they have an endorsement that is tacked onto a broader policy. You need a stand-alone cyber policy to get the coverage needed for a complete recovery. Regularly review your cyber policy to make sure that you have the right coverage and appropriate limits.
Of those that don’t have cyber insurance, 43% are considering it
It is reassuring that a good portion of businesses without cyber insurance are actively looking into it. It can be overwhelming to figure out how much coverage you actually need, which could lead to inaction. You should not forgo protection just because you are stuck on the details. If you need help, reach out to us and we can help you get unstuck.
50% expect their cyber premiums to increase on renewal
It is no secret that cyber insurance is becoming more expensive. Cyber insurance is relatively new and the industry is still learning. Carriers gave away cyber policies for almost nothing because they did not anticipate just how damaging cyber attacks would become. As a result, carriers have lost big on their cyber policies and the market is finally catching up to the actual risk.
81% involve their IT team in the cyber insurance questionnaire
This number should be 100%. Cyber insurance questionnaires are becoming increasingly important – the answers you provide will play a major role in your policy getting approved, how much you’ll pay in premiums, and the likelihood of claims getting approved. Major carriers have denied coverage on claims due to inaccurate information on the insured’s cyber questionnaire. E.g. saying that you have MFA on all accounts that can access privileged data, but not realizing there are a handful of accounts that no one ever uses that aren’t protected.
Bring your questionnaire to your IT team at least 90 days before it is due so that there is enough time to do it right.
Hours spent on filling out a cyber questionnaire.
- <4 Hours – 50%
- 4-8 Hours – 23%
- 8-24 Hours – 4%
- 24-40 Hours – 3%
- Unsure – 20%
Most businesses are not spending a significant amount of time on their cyber questionnaires. We expect that to change as the role of the questionnaire in policy and claim approvals becomes more significant.
Tip: Less is not more on your cyber questionnaire. If you aren’t sure how exactly to answer a question, just put down everything that you think is relevant. By providing full answers with context, your agent is signing off on what you do have by accepting your application. Giving short and potentially incomplete answers could lead to issues down the road if you make a claim.
Everything your business needs to know about cyber insurance.
Check out our webinar “Cyber Insurance Basics: Getting the Right Coverage & Preparing for a Cyber Event” to get an overview on the state of cyber insurance for SMBs directly from cyber insurance experts.