There are over 33 million small or medium-sized businesses (SMBs) in the U.S. – making up over 99% of all U.S. companies – and recovering from a cyberattack can be costly to these businesses.

If you are a SMB exploring cyber insurance for the first time, or perhaps you want to ensure that your current policy meets your needs, here’s some information that could help when it comes to making decisions about cyber insurance.

Proactively investing in cyber insurance can help protect your business from higher costs related to losses from a cyberattack. Downtime due to a ransomware attack, for example, is 22 days. As this is over half a month, an easy way to understand the cost of disruption to operations is to cut monthly revenue in half or even by three-forths. Not to mention the other costs related to recovery, notification, reputational damage, and more.

The Federal Trade Commission (FTC) and the National Association of Insurance Commissioners (NAIC) developed some general tips to consider when obtaining or renewing insurance coverage.

Make sure your policy includes coverage for:

• Data breaches
• Cyberattacks on your network and against the vendors and third parties that may be holding your data
• Terrorist attacks
• Breaches or attacks that happen anywhere in the world, if applicable for where you are doing business or storing, processing, or transmitting data.

2) Type of coverage:

Another consideration is first-party coverage and third-party coverage and whether you need both.

• First-party coverage protects your data, such as employee and customer information. This coverage typically includes business costs related to lost revenue, recovery efforts, notification efforts, legal counsel, forensic services, public relations, and more.
  
  
• Third-party coverage helps protect your business from liability if another entity brings a claim against you. This coverage would help with payments to customers affected, litigation, claims, accounting costs, and more.

3) Coverage vs. limits:

Many people think if they have a $1 million policy, it covers any and all events up to that amount; however, oftentimes this is the aggregate limit and there are many sub-limits you may be held to, causing issues for companies (e.g., social engineering attacks may be capped at a much smaller portion of the overall policy amount).

4) Legal Support:

It is also important to understand if your insurance provider will defend you in a lawsuit or regulatory investigation, provide coverage more than other insurance plans you may have, and if they offer a 24/7/365 breach hotline.

Remember that each business has different needs depending on size, industry, data types, and other factors. While this general information can help guide you, please work directly with your insurance provider and industry experts to ensure your policy is the best fit for your company and its associated risk.