05/ 03/ 2004
By Tamara Holmes
If a hacker broke into your small business' computer network and stole a batch of stored credit card numbers, would you be prepared to handle the potential flood of lawsuits from your customers?
Unless you have cyber insurance, probably not.
Ask ten small business owners whether they have business insurance and most will likely say yes. But ask those same business owners whether they've discussed threats like computer viruses and network intrusions with their insurers, and you'll probably get some blank stares. Such an oversight can be costly, because most traditional business insurance policies don't cover cyber risks.
"If you have sensitive private data on your network or do business on the Internet, you're at risk," says Steven H. Haase, CEO of INSUREtrust.com, an Atlanta-based specialty insurance provider that's hoping to fill the gaps in high-tech coverage left by many traditional insurance policies.
Staggering statistics prove that digital dangers exist. A recent survey by the Computer Security Institute found that 85 percent of corporations and government agencies reported network security breaches in the past year. Sixty-four percent of those that reported breeches had suffered financial losses as a result.
While these statistics are focused on larger companies, small businesses should not consider themselves immune from the threats.
The fact that businesses are becoming more dependent on the Internet creates a whole new set of risks, says Haase. "And every time there's a new risk, specialty insurance products come out on the marketplace."
Part of the reason that most traditional insurance plans don't include coverage for cyber risks is because the technology revolution is a relatively new phenomenon, and insurance companies have been slow to respond. Companies are just beginning to learn how expensive a virus can be if it destroys all the data on a hard drive or network.
Costs for cyber insurance vary. Businesses can buy a policy that covers certain digital threats for a few hundred dollars, or they can spend thousands of dollars on a policy that covers the entire spectrum of high-tech dangers that exist. Haase said he expects that cyber insurance policies will become less expensive as they become more prevalent, though probably not within the next 18 months.
Following the Sept. 11 terrorist attacks, traditional business insurance costs have risen as insurance firms seek to recoup some of the losses they've racked up from claims relating to the tragedy. For that reason, some small businesses may find they don't immediately have the funds to buy additional coverage on top of their regular policies, Haase says. But there are steps small business owners can take to temporarily lessen the risk of suffering cyber-related losses:
- Business owners should back up their computers regularly in case they experience a loss of data.
- Companies that have Web sites should have an attorney look at the content on their sites to make sure it does not violate trademarks.
- Firms can build firewalls to help protect their networks from outside intruders and use updated anti-virus software to prevent viruses from spreading.
While these steps may help you ward off disaster, they only represent a short-term strategy. When a digital disaster strikes, cashing in on a cyber insurance policy may be the difference between the life and death of your company.
