As the world becomes increasingly digital, small businesses face new risks in cyberspace with increasing frequency and severity. As cyber exposures evolve, it is imperative that agents understand the risks faced by their customers and how to effectively protect them.

Cyber exposures can come from malicious attacks by hackers, unauthorized releases, such as when emails are sent to the wrong recipients, and lost or stolen devices, like laptops or cell phones. These data breaches expose personally identifiable information (PII), like Social Security numbers, health records and credit card or bank account numbers.

These cybersecurity risks pose a serious threat to small businesses, which usually have limited resources to prevent and recover from a data breach.

As trusted advisors, independent agents are well-positioned to guide their customers through evaluating risks and creating coverage solutions that offer the right level of protection. Here's what independent agents should know about the cyber insurance market:

1) Data breaches and cyberattacks are increasing rapidly. As PII becomes more lucrative and ubiquitous, the prevalence of cyberattacks and data breaches has increased. Since the beginning of the COVID-19 pandemic, the problem has only worsened. The FBI's Internet Crime Complaint Center found that cyberattacks increased 100% between March 2020 and May 2021, during which time 1 million complaints were submitted. And according to a study by the U.S. Small Business Administration, 88% of small business owners felt their business was vulnerable to a cyberattack. 

2) Cyberattacks are very costly and can cause businesses to permanently close. Data breaches and cyberattacks create huge costs for small businesses. In some cases, they are so insurmountable that the business is forced to permanently close.

Businesses incurred an average cost of $180 per record of customer PII in 2021, according to the IBM and the Ponemon Institute's 2021 Cost of a Data Breach Report. These costs are driven by direct costs like hiring a forensic accountant to assess the scope of the breach; paying for credit monitoring services for affected customers; regulatory penalties; legal defense fees; paying a call center or hiring additional staff to handle customer questions about the data breach; and hiring a public relations firm to reestablish credibility.

But there are also indirect costs that further damage a small business and can create a long-term revenue drain. Customers will be lost because of the breach, and the business' reputation will be damaged. As a result, the business will have to undertake increased customer acquisition costs to compensate for the perceived “untrustworthiness" and diminished goodwill.

3) Understand coverage limits to avoid coverage gaps. Agents should be hyperaware of limits. Cyber policies differ between carriers, and each carrier offers a unique set of coverages and sublimits. Agents need to be careful that their clients have comprehensive coverage that will fit their business' needs.

Sublimits related to reputational harm, loss of business income, regulatory fines and payment card industry fines are just a few examples of areas that could be included in a policy, but a low sublimit could end up as a gap in coverage when a claim occurs. 

4) Independent agents should treat cyber insurance like a core line of business. A business doesn't need a large web presence or a minimum amount of revenue to be at risk of a data breach or cyberattack. Any business with an email address is vulnerable.

Independent agents are best equipped to safeguard their customers against the devastating loss that a data breach or cyberattack can cost their business. Agents have a responsibility to educate their customers on the value of cyber insurance and recognize it as a core line of business.

Cyber prevention and education are areas that agents and brokers have the greatest opportunity to add value to the client relationship. Most small businesses don't have the resources to hire third-party organizations for training or to pay for other tools and services, such as web scanning that help identify potential vulnerabilities. As trusted advisors, agents can bridge the knowledge and access gap to help clients proactively avoid a loss.