LicenseLogix | Hiscox

How to Protect Your Business From Cyber Attacks

Originally published on

Cyber attacks are constantly in the news, and the largest ones often make headlines. But no business is immune, and small businesses may be even more vulnerable than their larger counterparts. According to the 2021 Hiscox Cyber Readiness Report, small businesses averaged five cyber attacks in the last 12 months. The total average cost of these attacks was $25,612.

Here's what you need to know to protect your business from this evolving threat.

What is Cyber Security Insurance?

Cyber security insurance protects your businesses against computer-related crimes and losses. This includes targeted attacks, like malware, ransomware and phishing, as well as accidental losses like a misplaced laptop that contains sensitive client information.

See: A Cyber Security Expert Answers Your Ransomware Questions

Cyber security insurance can cover the cost to recover data that has been lost due to a hack, the cost to notify parties affected by a breach, money lost to a phishing attack, or even a ransom.

Cyber security insurance policies often include access to crisis management experts with specialized experience in cyber incident response. This is important because, as a small business owner, it's likely you don't have a lot of experience in cyber attacks. While you may be experiencing your first incident, these experts have seen it all, and they know just what to do. Having a team of experienced professionals on your side can be critically important when it comes to protecting your business.

Who Needs Cyber Security Insurance?

If you take credit cards, collect or store data on customers or employees, or have a website, you should have cyber security insurance. Businesses with employees who work remotely are particularly vulnerable, so it's doubly important to protect yourself if your staff works from home.

What does Cyber Security Insurance Cover?

Cyber security insurance covers the costs associated with several different kinds of cyber incidents, including:

Breach costs, which include the costs associated with responding to a breach, like the forensic costs to determine that your system was compromised, the cost to notify individuals who may be been affected, the cost of credit protection services, and crisis management and public relations costs.

For example, suppose a medical office's network is infected with malware and sensitive patient information is compromised. Cyber insurance could cover the cost to notify the patients whose data is at risk and provide credit monitoring services, if required.

Extortion costs, including response costs and payments associated with a network-based ransom demand. The costs associated with "doxxing," or revealing sensitive information to the public, may also be covered.

Here's an example. An employee at a financial services firm receives an email that appears to be from a vendor, with a link to open an invoice. The employee clicks the link, and launches malware that shuts down the firm's system. The firm gets a ransomware demand, along with a message saying that if the ransom is not paid, the personal financial information of all the firm's clients will be made public. This company's cyber security policy includes access to a team of experts, who help them manage the threat and get their system back up and running.

Cyber crime, such as social engineering, reverse social engineering, and funds transfer fraud.

Here's an example of social engineering. A bookkeeper gets an email that appears to be from the owner of the company, who is traveling. The email asks the bookkeeper to wire transfer a large sum of money to a bank account immediately, for a confidential project. The bookkeeper, eager to comply with the boss's wishes, sends them money. But the email is fraudulent, and the money is sent to a bank account controlled by cyber criminals. The company's cyber policy could cover the lost funds.

How can I keep my business safe?

All businesses should have a plan for cyber security. The cyber security experts at Hiscox recommend a three-step approach.

1. Prevent an attack from happening in the first place. This starts with training yourself and your employees to recognize fraudulent emails (phishing), and to use secure passwords. Two-factor or multi-factor authentication and use of a virtual private network (VPN) can help keep the company safe when employees work from home. Well-trained employees can act like a "human firewall" to prevent cyber criminals from gaining access to your system.

2. Detect an attack early. The sooner you realize you've been hacked, the sooner you can act to contain the damage. Employee training plays a role here as well – if you see something that doesn't look right, or if you think you may have clicked on a link you shouldn't have, say something.

3. Mitigate the damage. Having the right cyber security insurance policy in place can make a big difference. You'll have access to experts who know just how to contain a breach and make the required notifications. And you could be covered for the financial damage that hackers can do.

To find out more about cyber security insurance, and to get a quote for your business, go to You can also learn more about general liability insurance, professional liability insurance, workers compensation insurance, and more.