The most common cyber risk myths debunked

In the digital era, where cyber threats loom large over businesses of all sizes, understanding the landscape of cyber risk management is crucial. What can your business do to reduce the risk of a cyber attack and how can insurance help? To answer this question and help you navigate the world of cybercrime, we look at some of the most common cyber risk myths and debunk them with statistics and examples.

Myth #1: Your data doesn’t need to be backed up regularly.

When you back up your data, you create a copy that can be recovered in the event of a cyber attack. Proper back up storage involves saving your information to a separate system, such as an external drive or USB stick.

If your business falls victim to ransomware, which locks you out of your own data, the hackers responsible may attempt to hold it for ransom. If you happened to back up all your information a day before the cyber attack, your business would be in a better position to recover.

However, if your r last backup was a month ago, there’s a greater chance that you’ll be locked out of important data, making it much harder for your business to resume operations. Ideally, your backed-up data is recent enough that you don’t need to pay the ransom to get your locked data back. Instead, you can simply proceed with your backup version.

Myth #2: Customer data only needs to be protected if it’s related to financial information.

Many cyber breaches involve accessing and stealing data that’s vulnerable and exposed, whether they’re files, documents, or other sensitive information. This could be your information or your customers. Examples of types of data that could be stolen from you include:

• Financial information, such as credit card or bank details
• Confidential business information, such as login credentials and passwords
• Personal health records, such as medication requirements
• Sensitive personal information, such as addresses and phone numbers
• Intellectual property, such as copyrighted materials, patents, and trademarks

Even though businesses may be more likely to protect customer data of a financial nature, the reality is that all customer data is worth protecting equally. This is because hackers and other criminals don’t need financial information to seriously damage a person’s finances.

If a cybercriminal obtains credit card information, how long is their window of opportunity to use it for illegal activity? While it could take a month or two for customers and companies to realize a card was compromised, the card can be cancelled quickly. However, what if that same hacker was able to gain access to names, emails, and home addresses, then checked online sources such as social media sites to gather enough personal information to commit identity theft? That kind of crime can take victims years to recover from.

Myth #3: A class-action lawsuit is the biggest risk to a business whose customer information has been hacked.

If your customer data gets leaked to the public and the customers impacted decide not to file a class action suit, does that mean the business is in the clear? The answer, unfortunately, is absolutely not.

Cyber attacks, even without class action or other lawsuits, can severely damage a company’s reputation. Existing and potential customers may distance themselves from the hacked business as a precaution. Enlisting reputation-management professionals to handle the crisis can be a significant cost. Recovering your compromised data from the cyber criminals and restoring it to your systems isn’t something you’ll want to do alone, and will require the assistance of IT professionals. Since it may take a while to get your business back up and running after a cyberattack, the amount of potential revenue lost during that process can quickly add up.

In short, lawsuits are a risk to businesses that have undergone a cyber attack but they aren’t necessarily the only one, as other risks can be quite problematic as well.

Myth #4: A business that stores electronic data isn’t better off with cyber insurance.

Many small business owners believe they don’t need cyber risk or data breach insurance, or they haven’t thought about purchasing this coverage.

The reason cyber insurance is worth thinking about and getting is because it can help a business with every scenario mentioned above. If you forget to back up your data or have your information stolen, insurance can help you recover and get back to business as quickly as possible. If you need to hire a reputation-management professional after your business gets hacked, insurance can help you cover the costs. If you can’t operate while getting your business back up and running following a cyber attack, business interruption insurance can be included in your policy. Even if you end up facing litigation as a result of your customer data being leaked, insurance can help with the legal fees.

Protect your business with a tailored cyber risk insurance policy

The reality is that any business, regardless of their size or resources, could be the victim of a cyber attack. Our team can work with you to make sure your policy addresses your cyber risks. Visit our cyber risk and data breach coverage page to get started today!

This blog is provided for information only and is not a substitute for professional advice. We make no representations or warranties regarding the accuracy or completeness of the information and will not be responsible for any loss arising out of reliance on the information. Terms, conditions and exclusions apply to coverage. See policy for details.