5 Questions to Ask Small Businesses to Uncover Their Cyber Blind Spots

In an increasingly digital world, it’s important that small businesses don’t get left behind when fending off cyber threats. While a recent study by Forbes Insights and The Hanover shows that most small business owners recognize they are exposed to cyber attacks (94 percent), only 20 percent feel adequately insured against cyber risks. This “coverage gap” is driven largely by the challenges businesses face when valuing their (or other’s) digital assets and what makes them potential targets of a cyber breach in the first place.

Assessing Digital Risks

Helping businesses understand they are big enough to be targets and recognize they have ample digital assets of value to a cyber attacker is a critical first step. A second crucial step is for independent agents to guide business owners through the complexities of a cyber risk analysis so they can identify high-risk areas in their operations. Often, business owners conclude they do not have any personally identifiable information in their systems, and their analysis stops there. Unfortunately, when it comes to small commercial insurance, and especially cyber, it is more complex than that.

The following are five key questions agents can ask to determine their customers’ most significant cyber risks:

Customizing Coverage

Once digital asset risks are identified, the final step in a cyber risk analysis is determining which cyber insurance fits clients’ needs. Cyber insurance can provide coverage for first- and third-party risks, adding a level of complexity for businesses evaluating their needs. With almost every business relying on computers, optimizing policies for coverages and appropriate limits is challenging. It’s critical to consider coverages and limits that address the exposures specific to each customer’s class of business. Here are three cyber coverage types to consider, based on clients’ needs:

  1. Baseline. This coverage often is the best option for clients that do not have substantial exposures and do not require extensive protection. For instance, if a client does not collect extensive amounts of personal information and does not have highly automated and connected manufacturing systems, a “bolt-on” product could be added to their existing package policy, offering added coverage needed to protect against cyber exposures. These bolt-on coverages are generally simpler and easier to purchase, as they may not require an underwriting application.
  2. Stand-alone. For larger clients or more complex needs, stand-alone cyber coverages can provide businesses with more comprehensive coverage and greater limits. While these products generally require underwriting applications, the simple process of completing the application is often beneficial to small businesses, as questions typically involve security-related best practices.
  3. Coverage continuity. It is also important to be mindful that some cyber risks may be covered under other lines of insurance coverage. For example, false pretense coverage may be covered under a client’s crime insurance policy. However, this client could still benefit from obtaining explicit cyber coverage on a cyber-specific policy, depending on the cyber exposures they would like to cover.

When helping small business owners evaluate cyber insurance exposures and needs, agents can look at all available lines (cyber, package, crime, management liability and more) to ensure small businesses’ needs are addressed.

By placing all coverages with a single carrier, the potential for coverage friction is reduced, resulting in a better and more seamless customer experience for the insured.