VIEWPOINT: Cybercrime and small business: The question is not if but when

Tucker Lounsbury of the NBT Insurance team on Monday, June 12, 2023 in Norwich, NY. (PHOTO BY ALEX LELAND)

Cyberattacks on small- and medium-sized businesses (SMB) continue to rise and will only intensify over the next few years. With the increased prevalence and cost of attacks, the absence of a safety net like cyber insurance is no longer an option SMBs can afford. Assessing the threat Ransomware is one of the most-common forms of […]

Already an Subcriber? Log in

Get Instant Access to This Article

Become a Central New York Business Journal subscriber and get immediate access to all of our subscriber-only content and much more.

Cyberattacks on small- and medium-sized businesses (SMB) continue to rise and will only intensify over the next few years. With the increased prevalence and cost of attacks, the absence of a safety net like cyber insurance is no longer an option SMBs can afford.

Assessing the threat

Ransomware is one of the most-common forms of hacking and includes the cybercriminal holding files or devices hostage in exchange for payment. Unfortunately, bad actors know that SMBs, in general, are less likely to have the full spectrum of safeguards in place, leaving them particularly vulnerable to this growing threat. According to Astra, ransomware attacks have risen by 13 percent in the past five years, with an average cost of $1.85 million per incident. By 2031, it is predicted that a ransomware attack will happen every two seconds. While training employees and requiring measures like strong passwords, regular password resets, and multi-factor authentication are critical lines of defense, these steps are no longer enough.

Establishing a safety net

As an added layer of security, businesses — large and small — should invest in appropriate cyber-liability and modern crime-insurance policies. Cyber insurance typically refers to two forms of critical coverage: privacy exposures, which covers third-party liability if personal information is stolen or compromised; and related first-party expense coverage, which helps businesses mitigate the costs of damages and recovery resulting from a cyber-attack, which can be costly. Modern crime policies protect physical theft of money that might be the focus of the bad actors targeting business networks. The vast majority of businesses cannot effectively recover from cyberattacks without the incident-response expertise, breach-management services, and financial security that these insurance policies provide. Increasingly, businesses and other entities are requiring vendors to carry this type of insurance before entering into or renewing contracts. Businesses should essentially consider this type of protection the same way as other “must-haves” of doing business, such as property insurance, general-liability insurance, and workers’ compensation. Cyber insurance has a reputation of being expensive — even cost-prohibitive. But rates have come down in recent years as most SMB have invested in cyber risk management and related security tools. The cost of a cyber-insurance policy is a small price to pay compared to the potential financial and reputational losses resulting from an uncovered cyberattack. When considering coverage, businesses can expect insurance carriers to evaluate the nature of the business and corresponding risk and hazard level; security infrastructure, in-house (firewalls, security software, policies and procedures) and outside (vendor/third-party risk); data sensitivity and volume; and other factors to determine the most appropriate coverage options and pricing. In today’s digital age, the threat posed by bad actors is ever-present and constantly evolving. No business, regardless of size or industry, is immune to these risks. Investing in cybersecurity and crime insurance is not just a precaution — it’s a necessity.      
Tucker Lounsbury is president of NBT Insurance Agency. A certified insurance counselor, he has more than 30 years of experience and counsels NBT Insurance Agency clients on the best protection to fit their unique needs.
Tucker Lounsbury: