Cyber Insurance Becomes Small-Business Necessity


Elizabeth Sullivan of E.G. Bowman Company, an independent insurance brokerage in New York City, was recently interviewed about small business cyber risk.1 The article is an excellent discussion of the fact that small businesses are now realizing they indeed are in need of cyber insurance. It also discusses why they need protection and how insurance will help. “A data breach can damage a small business far more than a big business because there are fewer resources and employees to handle the fallout,” says Sullivan. “It can put you out of business.”


Small businesses often think they are not at risk and therefore decline cyber insurance. This is because they do not fully appreciate the risks and how insurance will help them address that risk. They are now beginning to realize that this risk does indeed pertain to them.


If you are a senior executive of a small business, you should talk to your insurance advisor about cyber breach:

  1. Legal defence
  2. Handling customer calls
  3. Meeting regulatory compliance issues
  4. Social media liability
  5. Data recovery
  6. Crisis management
  7. System monitoring
  8. Hard copy files, etc.

Cyber is now clearly your number one business risk. Understand the problem in greater detail, and implement a risk management program appropriate for your size and type of business.

Lessons Learned

Small businesses are realizing they are exposed to cyber risks that could cause serious harm. Therefore they are looking for solutions like cyber protection from their insurance advisers. Every small business executive should be reviewing this problem with their commercial insurance adviser before a cyber incident becomes a breach headache, not after.

Cyber Insurance Becomes Small-Business Necessity

CRSP Part 1: Cyber Risk, Security & Privacy (CRSP)

“In the middle of difficulty lies opportunity.” Albert Einstein

This is the first in a series of articles about the unrelenting cyber stresses every knowledge worker and every organization now faces. In fact, even those of us who may consider ourselves outside the sphere of the digital economy are affected. These stresses affect us all. The articles will consider our fundamental notions about privacy and security, and how a cluster of businesses in Waterloo Region are offering innovative ways to help us manage these stresses.

James Clapper, Director of National Intelligence for the United States, in his 2014 annual report Worldwide Threat Assessment of the US Intelligence Community said:

“Several critical governmental, commercial, and societal changes are converging that will threaten a safe and secure online environment. In the past several years, many aspects of life have migrated to the Internet and digital networks.”

His report goes on to list the top ten global threats to the United States and its Allies. Ranked at the number one spot, ahead of terrorism and weapons of mass destruction, is cyber. That’s a sobering thought. How could cyber risk, which includes risk to our personal privacy as well as risk to our security on personal, business, and national levels, rise so swiftly to the top? Clearly we have a problem of global scale and it’s getting worse, much worse, very fast.

Starting with the January, 2015 issue of The Triangle, we will consider what both privacy and security mean to Canadians and to peoples from countries around the world. We will consider how and why the global (digital) economy is now under constant stress. And we will consider what companies in Waterloo Region are doing to help alleviate that stress so we can maintain control over our privacy, our security, and the wellbeing of everyone as we usher in the digital global village we now find ourselves living in.

By Doug Blakey, President Watsec Cyber Risk Management, & Director, Canadian Centre for Cyber Risk Management.


Cyber Exposures of Small and Mid-Size Businesses


A recent paper published by Advisen stated:

“Gone are the days when data breaches, privacy violations, and other network security incidents were only a big business problem. Countless organizations of all sizes are now victimized daily, and in many cases with crippling effect. Yet many small and midsize businesses (SMBs), typically defined as firms with fewer than 250 employees, are not aware of the risks, or choose to ignore them. This can be likened to society simply ignoring a pandemic.”

More and more alerts are being raised about the cyber risks smaller organizations face. This is in part because larger organizations are implementing stronger risk management practices, thus leaving the small and mid-size businesses at even greater risk because they are seen as the easy target.


Business executives need to be aware that:

  1. Small and mid-size businesses are now prime targets of cyber criminals.
  2. The number and type of cyber risks they now face has grown rapidly.
  3. Delegating responsibility for cyber protection to their IT team without proper senior management oversight is asking for trouble.

Message for Business Leaders

The real target for cybercrime is ill-prepared organizations since many hackers randomly look for easy targets rather than picking big companies. Since larger organizations are rapidly improving defenses, the probability that the door they find unlocked will be that of a smaller business has greatly increased. And hackers can quickly monetize anything they can take from those SMBs very quickly through online hacker e-commerce web sites.

Source: Cyber Exposures of Small and Mid-Size Businesses Advisen Paper, October 2014.