In today’s digital age, cyber threats are evolving at a pace that many businesses struggle to keep up with. As an insurance agent, you’re on the front lines, helping your clients navigate these complex risks. Yet despite the growing threats, misconceptions about cyber insurance remain, leaving companies vulnerable to attacks that could have been mitigated with proper coverage. To help clear up the confusion, we spoke with Ed Chadwick, a specialized broker in cyber insurance from Jencap, to debunk some of the most common myths about cyber risks and how specialized insurance solutions can provide vital protection.
“Our Data Isn’t at Risk Because It’s Offsite”
One of the most pervasive misconceptions is that businesses aren’t responsible for their data if it’s stored offsite. “There’s an expectation that businesses protect that data even if they use a third party,” says Ed Chadwick. He compares it to the role of a general contractor who doesn’t hammer a single nail but is still accountable if the house catches fire. This analogy underscores the importance of understanding breach notification laws and realizing that the responsibility for data security often remains with the business, even when using external storage solutions.
Cyber insurance can step in here, covering the costs associated with breach notification, data recovery, and other first-party expenses that arise when a company’s data is compromised — even if it’s stored offsite.
“We’re Too Small to Be Targeted”
Another dangerous misconception is the belief that small businesses are too insignificant to be targeted by cybercriminals. Though that myth has been debunked repeatedly, many small business owners remain in denial. “It’s not a ‘hacker in a hoodie’ in the basement anymore,” Chadwick explains. Cyberattacks today are highly sophisticated and often target small businesses precisely because they’re perceived as easy prey. He points to the ransomware incident involving CDK, a popular third-party software platform for automobile dealers, as a prime example. The attack crippled CDK’s systems, causing significant downtime for their clients — many of whom were small businesses that thought they were too small to be targeted.
For these businesses, the impact of a cyberattack can be devastating, leading to lost revenue, damaged reputations, and even closure. Cyber insurance, including business interruption coverage, is crucial for small businesses to ensure they can recover from such an event.
“Cyber Insurance Only Covers Liability”
Many businesses mistakenly believe that cyber insurance is primarily concerned with liability — covering the costs of lawsuits and settlements after a breach. While liability coverage is important, it’s far from the only (or even the most valuable) aspect of a comprehensive cyber policy. “If you purchase a good, high-quality cyber product, the hope is that you’ll never have a liability claim,” Chadwick explains. He emphasizes that 90% of the value in a cyber policy comes from first-party coverages, such as breach response, forensics, and business interruption.
Unlike traditional liability policies, a robust cyber insurance plan doesn’t require a third party to be harmed for coverage to be triggered. This makes first-party coverages crucial for responding to the immediate fallout of a cyber incident and ensuring that the business can continue to operate.
“We Don’t Need Cyber Insurance Because We Have Crime Policies”
Some business owners mistakenly believe that their existing crime policies will cover them in the event of a cyberattack. However, this is a dangerous assumption. “Invoice manipulation and business email compromise are becoming increasingly common and aren’t usually covered by crime policies,” Chadwick warns. Crime policies typically cover internal theft but don’t address external threats like ransomware or phishing attacks that can lead to substantial financial losses and reputational damage.
Cyber insurance, on the other hand, is specifically designed to address these types of risks. By covering things like ransom payments, legal fees, and crisis management, cyber insurance provides a safety net that crime policies simply can’t offer.
“We Can Rely on Our IT Department to Handle Cyber Risks”
Finally, there’s a misconception that having a strong IT department is enough to protect against cyber risks. While IT teams play a critical role in defending against cyber threats, they can’t do it alone. “Cyber insurance isn’t just about protection; it’s about prevention,” Chadwick explains. Many cyber insurance policies offer proactive services like incident response planning, cybersecurity training, and dark web monitoring. These services complement the work of IT departments by identifying vulnerabilities before they can be exploited and providing guidance on how to mitigate risks.
For instance, some insurers offer regular security assessments and even scan external network-facing capabilities to identify potential weaknesses. A proactive approach can prevent incidents before they happen, making cyber insurance one of the most valuable investments a business can make.
Once You See the Truth, You Can’t Unsee It
In the ever-evolving landscape of cyber threats, businesses can’t afford to rely on outdated assumptions about cyber risks and insurance. Business owners can make informed decisions that protect their operations, customers, and bottom line by understanding the full scope of what cyber insurance covers — and what it doesn’t.
As Ed Chadwick from Jencap aptly puts it, “Be more concerned as a business owner about the things we don’t know about, not just the named threats.” And that’s where you come in.
By working closely with agents, Jencap provides access to comprehensive coverage through a wide network of carriers. As part of their Professional Service Lines program, Jencap works with companies like MiniCo to offer tailored cyber insurance solutions, ensuring businesses can handle these modern risks. To learn more about cyber insurance, contact us today.
