Cyber insurance 101: What small businesses need to know

April 12, 2022 | By Vicki Hyman

The pandemic pushed many businesses to beef up their online presences, digitize their operations, and let their employees work from home. Many are using their personal devices, all creating new vectors for cyber risk.

This is especially true for smaller businesses, which often don’t have the resources to provide company equipment or keep trained IT professionals on their payrolls, and many small business owners believe they're too small to be considered a target. 

The fact is, almost every small business keeps sensitive information on employees, customers or vendors, and they are vulnerable to hackers, ransomware attacks, online fraud, and other cybercrimes. A cyberattack can shut down a company’s operations and result in big losses, unexpected expenses, and damage their reputation.

“Small business owners are very busy keeping their shop up and running — they don’t prioritize cybersecurity because it’s simply not the top priority in their daily lives,” says Jonathan Anastasia, senior vice president for Security Innovation for Mastercard’s Cyber & Intelligence Solutions business. “They typically think they’re too small to be an actual target. That’s not the case. Criminals look for small enterprises that are not going to have security measures in place.”

There were on average 270 attacks per company of all sizes in 2021, a 31% increase compared to 2020, according to Accenture’s most recent State of Cybersecurity Resilience report.

At least half of all ransomware attacks, the fastest growing type of cybercrime, are on small businesses, according to the Department of Homeland Security, with complex legal, financial and reputational ramifications.

So what does cyber liability insurance cover and how can it help businesses recover from potentially devastating attacks?

For data breaches — one of the most common types of attacks facing small businesses — cyber insurance can cover the cost of determining the source of the breach and whether the information lost triggers any legal obligations. It also covers the cost of those obligations, such as notifying affected customers, establishing a call center and offering credit monitoring, as well as the cost of legal representation and any fines or penalties.

With malware and ransomware attacks, criminals gain a digital foothold in a businesses’ back end, steal data, or, with ransomware, encrypt their data and demand money to regain access. Cyber insurance can cover the cost to restore the system, from data recovery to malware removal to closing vulnerabilities to, if necessary, the ransom itself. Ransomware is the most disruptive attack, and coverage can include loss of business income.

With cyber fraud, criminals can gain access to a business’s computer system and direct funds into their own account, or use social engineering to deceive employees or executives into paying fake invoices or diverting payments. Insurance can cover help businesses recover the lost funds.

Third-party coverage helps protect businesses from cyber-related lawsuits, including government actions or even class-action lawsuits stemming from the accidental spread of malware or failure to prevent unauthorized access to a system, for example. It pays for legal costs, including attorney’s fees and settlements.

Cyber insurance isn’t a replacement for a strong defense. To learn how to protect your business and your reputation, go to the Mastercard Trust Center, a repository of cyber advice and training for businesses of all sizes and at all stages of cyber awareness, including access to an online cyber readiness program and a free cybersecurity toolkit for small business owners from the Global Cyber Alliance. 

This story was first published on April 12, 2022. It was updated on March 13, 2024, with information about additional resources. 


Mastercard Cybersecurity & Risk Summit

Industry leaders will share insights about the latest trends in cybersecurity and best practices for minimizing fraud risk and maximizing profitability at Mastercard's annual summit in Key Biscayne, Fla., April 11-14. 

Learn more
Vicki Hyman, director, communications, Mastercard