A few years ago, a small business in San Diego was hit with a series of router attacks over the internet that were launched from local IP addresses. As they were protected as much as they felt they could be, they contacted the national carrier to deal with the denial of service component of the problem. After going through several levels of management, the answer that they heard was that the carrier gets about 10 million threats per day on their network and it is pretty difficult to assume that you will be given some kind of priority as a small business to have your problem explored.
Understanding that that type of threat, which was simply a script being run through several zombie computers, can escalate to actual specialists trying to actively access your Internet information was enough to drive the owners towards looking at specialized business insurance that could keep them safe from liability.
What is cyber insurance?
The most common way for small businesses to get protection is to first ensure that they have as industry security compliance on their cloud presence as possible. After they have done so, they can look at cyber insurance. Cyber insurance is a form of insurance that covers almost any type of business attack from hacking to data breaches. If you lose a client’s data or valuable data of your own, you can recover some of your losses or offset the liability with an insurance claim. Some forms of coverage also cover the loss of work time due to denial of service attacks.
Small companies are fortunate that almost 90 percent of the policies that are available provide coverage to companies inside the United States. Another nice feature is that the bulk of the policies can be priced by getting insurance quotes online.
Preparing to get a policy
As mentioned, upgrading or validating that you have industry standard security compliance is an important part of qualifying for cyber insurance. If you have an online ecommerce site, you should have encryption, a good hosting provider, and potentially a third-party service that verifies your site security. The cost of preparing for cyber insurance can be a consideration for small businesses, so if you are just starting you might consider talking to cyber insurance representatives about the requirements that they have so that you can focus on meeting their criteria.
Another area that comes into play is knowing the type of coverage that you think you will need. If you store client credit cards online in a database, you will likely focus on a different type of coverage than if you are a company that uses a third party payment processor’s site to process transactions for published material that carries copyrights.
Are they really out there?
A lot of smaller companies have not formerly had too many problems that they know of when it comes to the information that they keep online. Two trends are changing that picture. The first trend is one that has more businesses relying exclusively on computing in the cloud using other data analytics like Hadoop tools. The second is that security researchers are finding pieces of data from every size company imaginable online in what is known as the Internet ‘dark’, or an area that people use to store information that may be for sale. Gone are the days when hackers were exclusively interested in finding ways to beat security or promoting a cause. With billions of people online, the focus has shifted to money and information.
As far as attacks are concerned, in addition to outright hacking and employee theft, there are a couple other types of attack that are growing in popularity. One is stealing the anonymity from people and putting together a trail of behavior that can be used as business intelligence. The other is creating boiler rooms that are information clearinghouses of stolen data that goes on the market to whichever organization or person that will pay for it.
The net result for small businesses is a competitive disadvantage for their online offerings unless they have adequate security- and potentially some insurance protection in place. For the small business owner who hasn’t recently checked their security arrangements, 2016 is a great time to start looking at turning a disadvantage into a sales advantage by validating the notion that your client and internal data is secure.