Two recent articles shed some needed light on the risk of Cybercrime to small businesses including medical practices.
Most Small Businesses Don’t Recover From Cybercrime
The first article from the Wall Street Journal titled Most Small Businesses Don’t Recover From Cybercrime examines how many small businesses suffer from cyberattacks and the consequences of those attacks. Here are a few of the key points.
20% of all cyberattacks hit small businesses with 250 of fewer employees.
A recent study cited by the subcommittee chairman, Rep. Chris Collins, (R-NY), found though more than three-quarters of small businesses believe their companies are safe from hackers, 20% of all cyberattacks hit small businesses with 250 or fewer employees.
The average cost of a cyberattack is $6.75 million.
Dan Shapero, a CompTIA member and the founder of IT company ClikCloud, was one of the professionals testifying at the hearing. Shapero said the average cost of a data breach is $6.75 million total and $214 per compromised customer record, which could potentially send a small business into bankruptcy.
Clearly the risks to small businesses are real and the expense could put an organization out of business.
6 Reasons You Should Have Cyber Liability Insurance
The second article published by the magazine Inc., titled 6 Reasons You Should Have Cyber Liability Insurance looks at good reasons to purchase cyber liability insurance.
Highlights of the article include:
How affordable cyber insurance is:
“I’ve seen policies with premiums as low as $2,000 a year, though it can go up from there,” says Ethan Miller, partner at the San Francisco law firm Hogan Lovells. You can get coverage as high as $30 million and deductibles as low as $10,000, depending on your needs and what you’re willing to pay. Cyber liability insurance is still a fairly new concept, so there’s a lot of variation among policies, and a lot of room for negotiation.
What cyber insurance covers:
Many policies offer “first party” coverage–that is, they will pay you for things like business interruption, the cost of notifying customers of a breach, and even the expense of hiring a public relations firm to repair any damage done to your image as a result of a cyber attack. Having this cash available in the event of a crippling hack can keep the lights on till you’re able to resume your normal cash flow. A good policy can even cover any regulatory fines or penalties you might incur because of a data breach.
And don’t think cyber liability is covered by your general liability policy
Typically, a general liability policy specifically excludes losses incurred because of the Internet, Miller says. So a good cyber liability policy can pick up where your general policy leaves off.
Make sure your cyber policy covers laptops and mobile devices as well, to give yourself coverage in as many situations as you can. “Work with your broker to integrate cyber liability with your general policy and employment liability policy,” Miller advises. “You want to give yourself the most seamless coverage possible.”
In addition to cyber insurance policies, healthcare organizations and even HIPAA business associates should look into specialized cyber insurance policies that cover HIPAA related breach expenses. These specialized policies are reasonably priced and protect organizations from both cybercrimes as well as HIPAA related breaches.
One of the best ways to determine if cyber insurance makes sense for your organization is to perform a HIPAA Risk Assessment. A Risk Assessment looks at where patient data is and how it is currently being protected. It also exposes the risks to patient data. Unfortunately some risks cannot be mitigated to zero and cyber insurance can help protect organizations against these risks. Learn more about a HIPAA Risk Assessment in our free guide to better understanding the HIPAA Risk Assessment process.