Do you think your business is so small that it is safe from cyber-attacks? No matter how small your business, if you have a computer and a customer list, you are vulnerable to being hacked. Most hackers in this day and age realise that larger organisations are taking every means possible to protect themselves and their customer data with sophisticated software tools and resident IT experts. So hackers have set their sights on smaller, more vulnerable organisations.

Yet the problem is far from hypothetical. Research by the National CyberSecurity Alliance shows that at least half of all cyber-attacks now target small businesses, defined as those with fewer than 250 employees. Even more alarming, multiple reports show that half of all small businesses have already been breached—often without even the knowledge of company leadership. Sadly, about 60 percent of small businesses affected by these attacks are so damaged that they end up going out of business within six months.

Your Company Is Responsible for Protecting Your Client’s Sensitive Information 

If you store information about your clients or customers on your network, you have a legal responsibility to them to ensure that their private and confidential information is kept safe. This also includes information about your employees that may be stored on your company network. There are third-party businesses that can provide protection against threats to your company’s sensitive information. However, you can still be held liable for a security breach in your network even if you have hired one of these companies. 

Businesses that do not collect personal information are still at risk of having its computer systems held for ransom. This can result in downtime, loss of revenue to your business, and additional costs to get your business back up and running. 

A cyber insurance policy can help protect your business financially in the event of an attack. Policies can differ widely and there are no set minimum criteria, so you’ll have to work closely with your agent to find the policy that’s best for your organisation. Here are some basic coverage areas to consider:

  • Third-party damage covering violations committed by a subcontractor you hire, such as a mail-order house or fulfillment center
  • Business interruption, in the event that damage to your computer systems leaves your company unable to function for some period of time
  • Credit monitoring services, allowing customers suffering data exposure to periodically check their credit status 
  • Disaster recovery costs, which may include expenses for forensic IT professionals, accountants, attorneys, and advisors
  • Crisis management, to help contain any bad publicity stemming from the breach 
  • Social engineering fraud, which can result when hackers trick trusted employees or vendors into disclosing sensitive information
  • Extortion, which includes threats by foreign entities that can only be satisfied through large cash payments

Since cyber liability is a fairly new area of insurance and is changing every year, be sure you work with an agent that is sufficiently knowledgeable about this complex field. For more information or to discuss your specific needs, please contact Brenda Fletcher (, Cyber Risk Specialist at Benson Kearley IFG. 

Click here to learn more about cyber insurance.

By Brenda Fletcher