As businesses continue to store more data on computers and the internet, there continue to be cybercriminals who see opportunities to exploit security flaws. In 2020, daily ransomware attacks increased by 50%. Some of the biggest cyber attacks occurred just this year; Colonial Pipeline was the target of the largest attack on a US energy system and Acer reported the largest known ransom demand from a cyberattack, at $50 million. From 2015 to 2020, ransomware damages increased 7,000-fold, from $24 million to $170 billion. Let’s examine the role of cyber insurance.
A Growing Issue
Why is this problem growing? Simply put, the opportunities for cybercriminals are everywhere. By 2023, 5.3 billion people worldwide will have internet access. World data will more than triple by 2022, with half that data stored in the cloud. When data is shared across apps and between cloud services, it is made more vulnerable to attack.
In the most famous cyber attack cases that target large corporations, the chaos and confusion rarely results in a company’s downfall. For small to midsize businesses (SMBs), on the other hand, cyber attacks are a common, easily fatal experience. Last year, 2 in 3 SMBs fell victim to at least one cyber attack. Of those who suffered, 3 in 5 went out of businesses within 6 months after a data breach or hack. A successful cyber attack costs its victim more than money. When systems are shut down, business operations halt. Orders are delayed or unfulfilled. Customers are never pleased to hear a familiar business has suffered a data breach; many stop shopping at victimized locations.
The Role of Cyber Insurance
What can businesses of all sizes do to heal from this terrible assault on their operations? They can purchase cyber insurance for their business. For SMBs, cyber insurance policies typically cover up to $1 million in damages. Damages include profit losses from halted operations or immediate harm to reputation, liabilities arising from contract penalties and media fines, and lawsuits that range from class-actions to regulatory investigations. Cyber insurance isn’t exhaustive; physical property damaged by a cyberattack is not replaced, and stolen intellectual property is not protected. Despite this, many companies view cyber insurance as worthwhile.