Recently a software company in Florida was hacked. The company, which brings in about $25 million in annual revenue, serves clients such as Wal-mart and Big Lots. The hackers, based in Germany, got into the company's database, stealing all of its customer information. Hiring a data-recovery firm to undo the damage cost $5 million.
Fortunately, the company's owners, who do business internationally, understood the risks of hacking. They had bought cyberinsurance with a reputable company for $2,500 per year. Once they met their $10,000 deductible, the insurance company picked up the cost of the hacking, which included business interruption and digital media liability.
This tale is a rarity. Typically, only a small percentage of small and midsized businesses buy cyberinsurance. Even tech firms, who should be aware of the risks, often take a pass. Instead, most firms will buy a general-liability policy that does not protect them in a situation like this.
That's a big mistake. The Global Entrepreneurship Index, released this week in connection with Global Entrepreneurship Week, found there is a strong correlation between a country's ranking on the list and its digital evolution. A big threat to the growth of digitally enabled businesses is cyberattacks.
Many entrepreneurs give little thought to hackers when they expand internationally, because they think their companies are too small to interest cybercriminals, but they are actually very vulnerable. Attacks targeting businesses with fewer than 250 employees have been on the upswing the past five years, and in 2015, 43 percent of all cyberattacks targeted small business, according to Symantec's 2016 Internet Security Threat Report, released earlier this year. That number rose from 18 percent in 2011.
It's not just companies' customer information that is at risk. Their intellectual property can be stolen, too — devastating the potential valuation of a start-up. That is not to mention the reputational damage that can occur. I don't know of any way companies can protect themselves from cyberattacks 100 percent of the time, but by insuring themselves against a breach, start-ups stand a good chance of recovering if the worst happens.
So what types of policies do start-ups need to protect themselves? Most often, it's cyber liability coverage. For a small business that conducts e-commerce and collects credit card information, a cyber liability policy will cost about $250 a year for $1 million worth of coverage. Often, that is plenty of coverage for a small mom-and-pop business or very small start-up. A more substantial sized, fast-growing start-up will need more coverage.
If you buy a policy, make sure the fine print does not exclude coverage you may need, such as attorney's costs in case you get sued by customers whose information was stolen in a data breach. Not every policy covers this, and you don't want to find out that yours doesn't when it's too late. Certain types of businesses, such as social networks, aren't covered by general policies, so you may have to buy a policy targeted to your industry.
Make sure your policy covers you if you do business internationally, as well. Digital technologies have made it easy to conduct transactions across borders, even in a one- or two-person start-up. If you do international transactions on an occasional basis, it's important to get a policy that covers them. Otherwise, you could end up footing the bill for a breach by hackers thousands of miles away — a scenario most start-ups can't afford.
— By Sam Meenasian, director of operations at USA Business Insurance in Burbank, California