BYOD: It's Not Technically Yours, But it Could Become Your Big Problem

BYOD is a way of life for many small businesses, but that doesn’t mean it has to cost you a fortune if your network is infiltrated or your employee’s devices are lost or stolen. Increasingly insurers around the country are offering insurance to protect a business from those and many other cyber risks.

“If an employees’ device gets hacked or gets corrupted the company is liable,” says Ted Devine, Chief Executive of TechInsurance, the online insurance agent for small businesses. “For small businesses that’s a huge deal.”

A data breach or a disruption in computer systems at any company will be costly, but for a small business it could mean the end to the entire company. While there are safeguards small business’ can take to limit their chances of being a target, Devine says cyber insurance can give a small business peace of mind without breaking the bank.

“Cyber liability is a very fast growing product area of the insurance landscape,” says Devine. “Most major markets now have some form of cyber policy or endorsement to an existing policy.”

And there are reasons it’s a growing area. According to the Department of Homeland Security, 40% of all cyber-attacks target businesses with less than 500 employees. A Symantec study found that 74% of small businesses reported attacks from 2009 to 2010 with an average cost of around $190,000 per attack.

Cyber liability insurance isn’t going to cost a fortune but it also isn’t going to be super cheap. The Insurance Information Institute says it can cost a few thousand dollars for base coverage for a small business to several hundred thousand dollars for comprehensive coverage for large corporations.  Devine says a number of his clients pay less than $1,000, with the typical policy coming in around $500 a year.

The types of risks cyber insurance covers usually include the loss or corruption of data, business interruption costs, liability expenses, crisis management costs, data breach expenses and the settlement of cyber extortion. Part of the application process with some insurers is a free online and/or onsite security assessment, which happens prior to purchasing the coverage. This not only helps the underwriters but is valuable information for the company trying to assess its risk, says the Insurance Information Institute.

According to Devine, small businesses should also consider taking out errors and omissions insurance. This type of coverage will protect against claims that the company was negligent in carrying out its duties.

“If, for instance, loss or theft of a mobile device resulted in exposure of customer data or inability to complete a time-sensitive project, Errors and Omissions Insurance would protect against related expenses and liability,” he says.

Before a small business starts shopping for cyber insurance, Devine says it needs to determine its potential risk. Where are the potential threats coming from, what type of data needs to be protected and what plans are already in place in the event of a data failure or data breach, are some of the things that should be considered in the assessment.  Once the company understands its exposures, then and only then can it realistically determine how much coverage it will need.

The financial stability of the insurance provider is also important when determining which insurer to choose. After all with insurance the small business is leveraging someone else’s balance sheet to cover its risk. If the insurer is on shaky financial footing then there’s a chance it may not be able to cover any claims. That’s why Devine says to go with a company that has a good rating from companies like A.M. Best Co., which rates insurers on their balance sheet, operating performance and profile.

If the company is going to deal with an insurance agent, it’s equally important that agent sells cyber insurance policies on a regular basis and not only dabbles in it here and there. The company also wants to find an agent in its industry whether its construction or technology, because every industry has different needs and risks, says Devine.

“Talk to an expert even if it’s a small firm,” he says. “An expert will help you understand the wording of each carrier and what is covered.”