Workers’ compensation insurance is a requisite purchase for almost all small businesses across the United States. It’s typically sold alongside BOP policies - business owner’s insurance that combines both property and liability coverage into one package – and general liability insurance, and it’s seen as a core element in any small business insurance portfolio.
As the business risk landscape evolves, so too should that small business insurance portfolio. Today - in the era of technology, the internet, and COVID-19 pandemic-induced remote working – there’s one insurance product, in particular, that all businesses regardless of size should be factoring into their risk management equation: cyber insurance.
Aaron Basilius (pictured), senior vice president of cyber at AmTrust Insurance, commented: “At AmTrust, our agents and business partners who are out in the field selling workers’ compensation and BOP policies to small businesses often ask: ‘Do you have a cyber solution that we can also provide to our clients?’ That’s a reflection of the fact that cyber risk – while it’s a standalone line of business within insurance – is not a discrete risk in real life. It’s an everyday risk that touches nearly every part of businesses’ operations and, as a result, is becoming a huge part of overall business risk today.
“It’s virtually impossible nowadays to do business and not rely on a constant connection to the internet and technology on a connected network. Because of that, there is certainly more awareness of cyber risk … and an increasing interest in cyber insurance. Although small businesses understand that cyber risk is becoming more and more present in their business, it’s not always easy to know what to do about it. For insurance to continue to be relevant to employers and businesses that have a growing cyber risk in virtually all aspects of their business activities, as an industry we need to provide sustainable insurance solutions that thoughtfully address those risks.”
Small businesses are exposed to cyber risk from multiple angles. Almost every business holds some form of personally identifiable information (PII), whether of their employees, their customers or others on their customers’ behalf. And businesses face potentially significant costs, fines and damages if that data is hacked by a third party or improperly disclosed to or accessed by others.
Businesses can also face significant costs and liabilities if PII is collected, used or retained improperly. In addition, every business is vulnerable to cyberattacks that could cause significant damage. For example, one of the fastest growing exposures businesses face is ransomware that infects their computers and networks so that they can’t access the data, programs and systems they rely on to do business. This has resulted in businesses suffering widespread damage, costs, loss of revenue and even bankruptcy. And for small businesses that offer technology-related services to third parties, there is an additional level of exposure from clients who may hold them contractually liable for cyber-related incidents.
The reality is, small businesses have the same exposure to cyber risk as large businesses, but on a different scale. Unfortunately, although small businesses are increasingly purchasing cyber insurance, the cyber insurance penetration rate in the small business community does not yet reflect the size of the exposure. Basilius said there are a number of reasons for that: “One reason is that cyber insurance can be perceived as complex relative to other more traditional lines of insurance like workers’ compensation and that perceived complexity can be a barrier to purchase.
“I think another reason for the lower uptake rate is that we, as an insurance industry, have not done a good enough job of educating and helping small businesses understand what the risks are and how they might practically impact their businesses. When cyber security incidents are discussed in the media, the overwhelming focus of coverage is on those cyber incidents that impact large and sophisticated businesses. The truth is that small businesses are regularly and significantly impacted by cyber loss and there is insurance to help them.”
This is where insurance agents play a key role, according to Basilius. Oftentimes, agents that are familiar placing workers’ compensation or BOP policies might not be as familiar with cyber policies and, as a result, may be less comfortable talking to their clients about cyber risk. This is only natural, with cyber being a relatively new and “complex” solution, and it’s something that the market must work through together, Basilius stressed. Cyber insurers need to not only educate the end-clients, but also partner with the agent community to help those clients understand the risks and common loss scenarios, how cyber insurance responds to risks and losses, and how they can take advantage of the value-added services that typically come with policies to help insureds with their risk mitigation.
“Ultimately, what we’re trying to do at AmTrust is provide solutions for small businesses to meet all of their risk management needs,” Basilius added. “Workers’ compensation is definitely one solution where we’ve had tremendous success in meeting the needs of our insureds and our small business clients. And cyber insurance is another way of meeting those needs. At AmTrust, we recognize the need to help small business insureds with their cyber exposures, and to do it in a way that works well with the solutions we have historically provided, whether that is workers’ compensation, liability, BOP, or our other policies. We understand small business and are committed to partnering with our clients and their agents on right-sized cyber solutions that help them manage risk and focus on growing their business.
“Cyber insurance needs to be part of that conversation today. We must help small businesses understand cyber risk, and we must work with them to give them comfort [in cyber risk management] and provide resources for small business insureds to address their risks. As we take those messages to the small business community and to the agents that service small businesses, I think we’ll continue to see a dramatic increase in the purchase of cyber insurance in the small business space.”