The rise of the internet age has done many good things for businesses. Across sizes and industries, companies are storing all types of electronic data on computers and the internet. As internet access stays on track to reach over 5 billion people in 2022, the business opportunities will only continue to grow. Yet with all these benefits comes a crucial drawback: the looming threat of cybercrime.
Cyber attacks are growing in both ferocity and volume. In 2020, a person, business, or device was attacked by ransomware every 10 seconds. That is a 50% increase over previous years. Ransomware is the most common method of attack; over the latter half of the 2010s, damages due to ransomware grew 7,000-fold. In 2015, the damage was valued at $24 million. By 2020, that number had exploded to $170 billion. By now, it should be no surprise that cybercrime can be considered the third-largest economy on Earth.
No business can count itself safe from cybercriminals. Not even the corporate giants. Meat processing giant JBS paid the largest reported ransom payment this year to the tune of $11 million. When Colonial Pipeline had its operations halted by cybercriminals, it represented the largest attack on a US energy system. Due to the globalized nature of cybercriminals and the anonymity of the internet, cybercriminals are growing bolder in their attacks. At this time, it is extremely difficult for anyone with legal authority to pursue and prosecute a cyber-criminal.
If cybercriminals can target big businesses with near-impunity, imagine what they can do to small businesses. By their own admission, many small to midsize businesses (SMBs) are unprepared to deal with cyber attacks. In the past year, 66% of SMBs were the victims of at least one cyber attack. For those targeted, the consequences can be fatal; 60% of SMBs go out of business within 6 months after a data breach or hack. The cause of their bankruptcy goes beyond initial extortion or ransom payments. Recovery of infected devices is also expensive. When systems are shut down by cybercriminals, a business’s operations are effectively halted. They cannot earn revenue. Furthermore, businesses lose the trust of their customers after a breach is announced. When serving customers, trust is everything. Losing it costs a business its lifeline.
What can businesses of all sizes do to protect themselves? Many are looking to cyber insurance policies as part of the answer. For SMBs, cyber insurance will typically cover up to $1 million in damages. “Damages” is a broad category; profit losses from reputation damage or halted operations are covered. Liabilities arising from contract penalties or media fines are covered. Lawsuits including class actions and regulatory investigations are also covered. Despite some gaps in coverage relating to physical property or long-term losses, many businesses are coming to consider cyber insurance as the difference between survival and extinction. Cyber insurance may not prevent cyber attacks, but it does offer businesses the chance at recovery.