Home    Cyber-Attacks Target Small Business - What You Need to Know     Cyber-Attacks Target Small Business – What You Need to Know 

Cyber-Attacks Target Small Business – What You Need to Know 

February 27th, 2017


Cyber Attacks Are On The Rise

Much of today’s discussion regarding cyber attacks is centered on large, national corporations. Recognizable companies such as Target, Wendy’s, LinkedIn, Oracle, and Yahoo have all had well-publicized breaches, costing millions of dollars and putting consumer’s personal information at risk. But cyber-attacks and data breaches can have an even greater impact on small to medium business owners, as costs in downtime, loss of business, defense and correction can be crippling.

As a small business owner, you may be thinking that a cyber-attack or data breach won’t impact you, but the statistics are astounding…1 in 10 small businesses are at risk of being victimized by some form of cyber-crime and studies show that an estimated 43% of cyber-attacks target small business. Small-to-medium businesses are an easy target for this type of crime because most do not have the infrastructure in place to defend against an attack.

In this digital era, almost every company large and small employs some type of online/digital format to conduct their business. Technology is so prevalent in our society; the average person spends 10 hours a day online. Cyber and data breaches make for tantalizing sci-fi movie plots and just recently Jack In The Box made light of email hacking, with a commercial about a stolen bacon butter recipe.

Bottom line, even if your digital and online footprint is small, you and your business are at risk. Cyber-attacks come from multiple threats; Malware (Trojans, viruses and worms), Phishing, Denial of Service, Ransomware and any one of these can cause serious business interruptions and worse, if intellectual property or customer’s private information is stolen and disseminated improperly.

The latest cyber threat to businesses is Ransomware. This malware is designed to specifically encrypt and/or lock your files, leaving you helpless and unable to access anything, thus forcing you to pay out enormous sums to have it removed. This criminal activity has been around for over 10 years but is being seen more and more frequently in the United States. According to a study done by Symantec, ransomware infections in 2016 ranged between 23,000 and 35,000 per month, with more than $200 million being paid out to criminals, not to mention the billions lost in downtime. The Ponemon Institute reports that in 2017, ransomware attacks have increased by 300% over 2016, topping out at 4000 ransomware attacks per day in 2017 YTD.

Cyber-Attack Claim Examples

A telecommunications contractor, with 150 employees and almost zero online presence, was recently victim of a ransomware breach that required them to pay $50k to unlock their files, files needed to run the business. That cost didn’t include their revenue loss from the downtime caused by their data being inaccessible.

Another small business owner, with less than 30 employees, experienced a similar hack and had to pay almost $40k. The $40k payout was for their E-business and that first breach was followed by another, which caused lost business in the amount of $350k over a 4-month period.

Neither of these companies had cyber-liability insurance and had to make these ransomware payments out of pocket.

The Solution

Understanding that cyber liability is real and not just limited to online/digital breaches is imperative. Printed customer information sitting out on a desk is just as susceptible to a breach as a network ransomware virus or Phishing hack.

Here are two things every business owner should do to safeguard their data.

  1. Know the risks and implement a data protection strategy to limit potential damage:
  • Apply encryption technology to servers, desktops, laptops and mobile devices and keep anti-virus software up to date.
  • Install internal controls to monitor your systems.
  • Train employees on proper handling and protection of sensitive data and passwords.
  • Back-up your data on a daily basis.
  1. Invest in Cyber coverage:
  • Widely accessible in the insurance marketplace, these polices provides an extra layer of security.
  • Do your homework and be wary of online offers, which sometimes promise a quick fix. Cyber policies should be tailored to your personal business and a quick fix, in theory, could cost you as much or more as a data breach.
  • Consult with a knowledgeable insurance broker who can explain Cyber Liability insurance in detail, provide a comprehensive review of your exposure risks, and adapt coverage to your individual business needs.

Cyber Liability insurance is one of the most affordable lines of coverage, and the only type that applies to data breaches.

It’s important to be prepared. As the staggering statistics of cyber threats and data breaches show, it can happen to anyone and any business, at any time.

Chris Morse

Vice President - Commercial Lines

Having a greater understanding of specific industries, such as Cyber and Privacy, gives Chris the unique ability to advise on coverage questions that most brokers don't have the experience to answer.


COVID-19 Resource Page

Brown & Brown Insurance of California’s goal is to provide insights and tools to help employers handle new situations arising from COVID-19. We continue to add resources to our Coronavirus Resources webpage as we receive updates from our Risk Management Team.