Incidents of Extortion and Ransomware Are Up 200% for Small Businesses

Cyber attacks don't discriminate. They target more than large corporations. Is your business covered?
By: | November 20, 2019

As 2019 comes to a close, one of the most popular business trends was nothing short of unfortunate and exhausting for those it affected.

While cyber is still a growing sector of the insurance industry, the lack of awareness surrounding the importance of cyber coverage has the potential to do paramount damage to businesses. Take the headline-making breaches of the year, for example.

Cyber Crime in 2019

On April 1, 2019 Mayor Kathy Sheehan confirmed that a malware attack had hit the Albany Police Department, affecting the computer systems of patrol cars and causing a weekend-long frenzy for city officials.

Capital One fell down a similar rabbit hole in late July when cyber criminals gained access to 100 million credit card applications and accounts.

Most recently, hackers are proving they do not miss a beat in popular culture, either, as thousands of Disney+ accounts have already been accessed and stolen despite the platform launching mere days ago.

According to the 2019 Travelers Risk Index, the percentage of survey respondents from small businesses admitting that their company has been the victim of a data breach or cyber event is up 200% from 2015, yet only 51% of businesses have purchased cyber insurance.

“If you think about cyber being the top overall business concern, then why aren’t more companies who are participating in the survey buying cyber insurance?” said Tim Francis, enterprise cyber lead, Travelers.

“There is a misconception that cyber insurance is not meant for small business customers.”

Hackers Pay Attention. Do You?

In today’s digitally-driven society, no one is immune to a cyber attack. Those who think they are will likely have heavy losses that can range from data breaches and identity theft to extortion and ransomware.

Tim Francis, enterprise cyber lead, Travelers

Whether it’s opening a suspicious email and triggering a virus or having information stolen, cyber threats come in too many shapes and sizes for any one business to be entirely immune. And cost of cleanup could be higher than the attack itself.

So why don’t all companies insure their cyber security from the second they send their first email, just as you would insure your car from the moment you take it out for its first spin?

“I think part of that answer is that an awareness of cyber insurance, particularly as you move from large customers to medium and small, is less mature. It’s still a relatively new product, so most of these companies have less of an awareness of what cyber insurance is and what it can do for them,” said Francis.

Aside from ignorance of its benefits, the high price tag of cyber protection may be a deterrent for some executives, especially for small businesses with less resources.

Fortunately, the industry is modernizing solutions.

The Risk Is Not Worth the Reward

“The cost of cyber insurance is flexible; most of the time, a small business isn’t going to pay as much for a cyber insurance policy as a large corporation. The price they’re paying is commensurate with the exposure and the threats that they face.”

According to Francis, many small businesses face a challenge in offsetting cyber attacks because they don’t have in-house expertise when it comes to information security.

Cyber insurance not only protects against cyber breaches, but it also covers the cost of paying for the experts who are going to respond to it.

As the threat increases and data grows more valuable, cyber risk is creeping into the forefront of business leaders’ minds.

When you combine the newer concept of technology with the arguably ageless concept of business, it’s natural that companies will need the proper time to adjust, but the window of leeway is closing. (Just ask Capital One how much fun they had with the class action lawsuit against them.)


“A lot of systems that private sector companies are using were designed first and foremost to work efficiently and be relatively inexpensive. The security around those systems and their data was at times secondary to the primary focus of the organization, which is the work,” explained Francis on why companies are taking longer to catch up.

As affordable premiums, in-house coverage, and countless other insurance options are emerging on the market, there is a certain security in employee awareness.

On top of sufficient cyber coverage, it’s important for employees to be aware of preventative strategies that can off-set threats, such as appropriate training for those who handle sensitive information.

As some of us have learned the hard way, cyber criminals leave no stone unturned, and neither should your insurance. &

Emily Spennato is a former staff writer with Risk & Insurance.

More from Risk & Insurance

More from Risk & Insurance