Picture this scenario: An employee clicks on an email from a co-worker who’s already left for the day. Nothing in the email subject line to suggest it’s a phishing attempt or anything more malicious. So the employee clicks on the link in the email.
In a matter of minutes, maybe seconds, hackers start attacking the company’s systems, databases, email, the whole enchilada. IT doesn’t detect the ransomware attack until early the next morning.
Now the company is forced to “pull all their guys out of the field, all their salespeople, even some ex-employees, to help recreate customer data. … [The firm ends up spending] $60,000 replacing servers, laptops, and phones. They also were down for two or three weeks, not making any money.”
Brian Mahon, a cyber insurance counselor with EHD Insurance, shared this true-to-life story of a Pennsylvania distribution center to attendees at the Greater Reading Chamber Alliance. To make the situation worse, the company in question was in the middle of acquiring another business. So the ransomware attack also put the other business’s customers’ data in jeopardy – talk about not getting off to a good start with new clients!
Mahon talks to bank CEOs who tell him “cyber risk is the number one concern they have. [Some worry] cyber insurance may not even exist in the future” because of the financial costs. The risks of a cyber attack are certainly steep:
- the average data breach costs a company upwards of $200,000, according to a 2019 report by insurance carrier Hiscox, and
- about 60% of small businesses fail within six months of a significant data breach, warns the National Cybersecurity Alliance.
Hard to put a price on peace of mind
Mahon’s company EHD is one of many insurance carriers offering cybersecurity insurance policies. Companies pay a monthly premium like other kinds of insurance and can file a claim if they’re hacked.
A standard policy covers “the costs of business interruptions and lost hardware, data recovery, and notifying customers of a breach, as well as third-party liability coverage if an affected customer sues a company that was breached,” according to The Reading Eagle. “Some policies even expand their coverage to lawsuits that arise from a company’s social media activity, public relations expenses following an incident, and regulatory fines.”
Underwriting for cyber protection reached $10 billion in 2021. Forbes expects a 150% increase in cybersecurity policies by 2025.