Posted by Amanda at Varay on Dec 21, 2020 10:00:00 AM

We don’t know about you, but the increased time at home in 2020, (along with the fact that Halloween wasn’t long ago), has led to some great scary movie nights. 

But there’s one thing almost every movie victim forgets to do in the chaos of preparing for the spooky threat they know is looming around the corner. 

They don’t lock the front door!!

We may not be home defense experts, but if Freddie is scratching around outside the house, locking the front door should be the first move. (Quickly followed by grabbing the whole family, jumping in a car, and getting the &^#% out of dodge.)

It’s so easy for us to see the glaring missteps victims make in horror films, but many small business owners don’t realize they’re making the exact same mistake when it comes to their company’s cyber security. 

Here’s why. 

Cyber liability insurance is a great tool to help small business owners recover from a devastating cyber attack, but unfortunately, it’s led to complacency in building a strong cyber security structure. They see it as a safety net that catches and cleans up the aftermath of any attack, but the reality is, cyber liability insurance is your last-ditch effort to protect your business, not your primary defense

What is cyber liability insurance?

Before we keep going, let’s unpack what cyber liability insurance is and why it’s not your primary cyber security solution. 

Cardboard background with the middle section torn back to reveal “Cyber Insurance” in red letters.

Cyber liability insurance is pretty much just what it sounds like — it’s insurance that protects you and your business from the aftermath (and ensuing liability) following a cyber attack on your business. To be clear, we’re not arguing the importance of having cyber liability insurance for your small business. It’s an important recovery tool to invest in! But the reality is, it doesn’t cover the cost, damage, and stress caused by a cyber attack like most small business owners think. Limitations of cyber liability insurance

Though every company’s cyber liability insurance plan is different, all plans share some common limitations that you need to know about going in. The most surprising limitation is the Act of War clause that could nullify your insurance claim depending on the type, scope, and details of the cyber attack your business has experienced. 

If your insurance company labels your cyber attack as an Act of War, they are released from any responsibility to provide an insurance payout for damages caused by the attack. Now, we’re not suggesting every insurance company is just waiting to nullify your claim with this clause, but it’s important for you to know that the cyber liability insurance “security blanket” isn’t as good as it used to be. 

So, to avoid being hung out to dry by your insurance company after a devastating cyber attack, it’s imperative that you know your policy and ask detailed, scenario-driven questions to ascertain your level of protection in the event of a number of possible attacks. 

That’s why cyber liability insurance isn’t and shouldn’t be your first line of defense. Instead, invest in the best defense: cyber security

First line of defense? Developing a cyber security plan.

Honestly, it's hard to warn business owners of this reality before they learn the hard way that they need an enhanced cyber security plan. And there's a good reason for that — cyber security is expensive! However, the risks incurred by a cyber attack are much more costly, especially when it’s not a guarantee that cyber liability insurance can bail you out. 

Did you know that as a small business owner, you are the primary target for a cyber attack like phishing or uploading stolen credentials to the dark web? That’s because as the owner, you have the most confidential access to every aspect of your business, and attackers know that business owners will often compromise security for efficiency. 

Instant (and free) tips to improve your online business security: 

Though we can’t make every cyber security measure as efficient as you might like, there are some practical, incredibly helpful steps that you can take right now at low to no cost to your business. 

In looking at the NIST framework that we referenced in this earlier blog post, we can’t over-emphasize how important it is that at a minimum, every business owner implements tools for the Protect layer of cyber security as soon as possible: 

Circle with 5 colored, curved, trapezoid-shaped segments: Blue labeled “Identify,” purple labeled “Protect,” orange labeled “Detect,” red labeled “Respond,” green labeled “Recover.”

Here are a few low-to-no cost tools that we recommend implementing for your business today:

Additional recommendations for improving your online business security: 

As with anything, the more you invest in your cyber security, the stronger it will be. And since cyber security is your first line of defense (instead of cyber liability insurance), it’s worth taking the financial leap to protect your business! Here are additional recommendations with monthly cost estimates that we highly recommend for your business: 

  • Next-Gen Anti-virus: Estimated cost of $2 per user per month. If someone is in your house, you want to be warned about it before going downstairs to grab a midnight snack. Though traditional anti-virus does protect against viruses, it won't tell you if someone got past your system. That’s where Next-Gen Anti-Virus steps in
  • SOC, or Security Operations Center: Estimated cost of $5 per user per month. Though cyber attacks occur in the digital world, behind the screen is a real person making real decisions that lead to your door. SOC is an active scanning tool that looks for the behavior patterns of your attackers in order to detect attacks before they happen. 
  • SIEM, or Security Information Event Management: Estimated cost of $28 per user per month. We’ve covered SIEM in-depth in previous blog posts, but in summary, it’s an incredible cyber security tool that protects your enterprise business from cyber attacks while empowering you to exceed compliance requirements. 

Now that you’ve finished this post, are you looking for more help in assessing your cyber liability insurance or strengthening your cyber security plan? Check out Varay’s resources to create your own customized cyber defense strategy, and schedule a free, confidential cyber security meeting to discuss your business needs. 

Topics: security, business, phishing, ransomware, cybersecurity, compliance, business insights, disaster recovery & business continuity