Skip to main contentClick to view our Accessibility Statement or contact us with accessibility-related questions.

glasses with binary code

The Prospect of Cyberattacks Got You Nervous? Cyber Insurance Can Help (If You Meet the Requirements, That Is)

What unites many small- and medium-sized businesses regardless of industry? The tendency to underestimate their own vulnerability to cybercriminals – and therefore the need to take proactive security measures.

The truth is that cybercriminals are always going for easy targets – and too often SMBs offer precisely that temptation. Fortunately, cybersecurity insurance is increasingly available to companies large and small, offering a needed layer of protection and a comforting backstop for if the worst happens.

So what’s the catch?

Being insurable means taking some foundational steps so that you can invest in this protective mechanism – as with anything else, insurance companies need to see you nailing the basics in order to view you as eligible. In this piece, we outline what cybersecurity insurance is, why you might want it, and how to take the first steps forward to embracing cybersecurity fundamentals.

What SMBs are up against

What’s the difference between large and small companies with respect to cybersecurity? It’s not size – it’s money. Large Fortune 500 and Global 2000 businesses have the means and the technical talent to shore up their defenses and strengthen their cybersecurity posture; SMBs typically don’t. This is why larger companies saw a bit of a decrease in attacks in 2021 – and it’s also why mid- and small-sized businesses experienced more, according to research by insurer Hiscox. Simply put, the attackers are seeking the faster, lower-effort path with SMB targets – and they’re finding it.

Other experts confirm this trend: cybercriminals are three times as likely to attack these small businesses, contributing substantially to the overall economic gut punch of such intrusions (currently projected to reach $10.5T by 2025).

What’s more: the majority of SMB owners expressed unconcern about the possibility of cyberattacks and confidence in their ability to weather any possible cyber storm, despite research that says exactly the opposite.

What cyber insurance companies are looking for

To get cyber insurance coverage, more and more companies will require some serious cyber hygiene. Every SMB should consider these factors:

Correctly configuring the services your business commonly uses.

One expert noted that more than 80 percent of ransomware attacks are directly correlated to cloud services configuration errors – and posited that cyberinsurance carriers will “require more stringent security controls and policies to contain this threat vector.”

Conducting a risk assessment and creating an incident response plan.

This ensures SMBs understand both their strengths and their vulnerable areas – and have anticipated ways to mitigate the impact of an attack. These also demonstrate a welcome proactive posture to the insurer.

Taking common-sense precautions.

Insurers are actively looking to see that companies have instituted measures which address the most significant areas of concern. For example, ransomware attacks increased 80 percent year over year, prompting a “mandate to enforce multi-factor authentication (MFA) across all admin access in a network environment as well as protect all privileged accounts.”

What SMBs should look for in cybersecurity insurance

It’s true that SMBs have to clear a couple of hurdles to get cybersecurity insurance but it’s equally necessary to ensure the coverage received is comprehensive. In other words, don’t sign up for just any insurance policy.

The Federal Trade Commission (FTC) offers some useful guidance. Must-haves include coverage for data breaches, cyberattacks on data held by vendors and other third parties, network breaches, cyberattacks that occur anywhere in the world, and terrorist acts. Nice-to-haves include the duty to defend, which means the insurer will defend a business in a lawsuit or regulatory investigation.

Consider two different kinds of coverage, the agency urges:

First party: This “protects your data, including employee and customer information” and pays for things like forensic investigatory services plus fees, fines and penalties related to any attacks.

Third party: This “generally protects you from liability if a third party brings claims against you” and includes elements like payments to consumers and litigation costs.

6 ways to be smarter with cybersecurity

When it comes to cybersecurity, there’s no reason to wait to do the smart things that protect a business. The Cybersecurity & Infrastructure Security Agency (CISA) recommendations are straightforward and include:

  1. Educating staff to avoid common pitfalls like phishing and conducting simulations to prepare people for what to do in a cyberattack

  2. Enforce strong password requirements for all and MFA for remote workers and admins

  3. Identifying staff to act as “surge support” to enact an incident response plan in the event of an attack

  4. Backing up critical data and regularly testing backup procedures to ensure data can get back up and running quickly

  5. Automatically updating software to ensure patches and upgrades are made in a timely manner

  6. Using a Managed Service Provider for security services, which offloads more specialized tasks and responsibilities to experts, lightening the load for SMBs

What’s next

Xerox’s cybersecurity experts have advised SMB clients in industries that range from small dental practices to large government contractors. Our assessments provide a neutral, objective, and actionable look at how you’re stacking up against your peer verticals. We pride ourselves on forging a planning partnership, where we collaborate hand-in-glove with clients like you to leverage our real-world experience and body of resources while reducing your cyber risk and meeting business objectives.

Contact us today to learn more about simple steps that will exponentially increase your business’s cybersecurity.

Fingers typing on a laptop keyboard, behind a transparent row of security icons

Xerox® IT Services

We help you manage, maintain and support your entire IT infrastructure.

We'll make sure IT doesn't hit the fan.

When IT goes wrong, everything else does too. Our managed IT services will make sure everything always runs smoothly.

Xerox® Managed Security Services

Continuously secure your business against cyber threats.

Related Articles

  • Hand on laptop showing security interface

    The Advantages of Automation

    Learn how Xerox® Robotic Process Automation Service provides customized solutions that free time and resources, unleashing businesses to dream even bigger and bolder than ever.

  • Two employees in front of a whiteboard giving each other a high five

    2024 BLI Pacesetter Business Service Awards

    Discover how Keypoint Intelligence — Buyers Lab, Inc. (BLI) acknowledged our software's prowess in workflow automation, personalization, content management solutions, and digitization services.

  • AI hardware chip

    AI Isn’t Going to Take Your Job

    Discover how AI, in the hands of human experts, revolutionizes client experiences by addressing pain points and unlocking opportunities to deliver greater value.

  • Busy, fast paced office. People walking are blurred.

    IT Staffing Solutions

    See how Xerox Staffing Solutions can help you find experts that range from project managers and executives to PowerBI/data engineers & systems administrators; with an extensive network of experienced industry experts in IT and professional services.

  • An up close image of a technology chip with blue and orange coloring.

    Xerox and ITsavvy Join Forces to Address Your IT Challenges

    Xerox and ITsavvy's IT solutions are bringing IT services to more areas across the US, Canada, and U.K. with Generative AI, cybersecurity protection, and digital transformation solutions.

  • security and quality control

    Xerox Managed IT Services’ webinar

    Watch Tracy Walder and Xerox’s Roger Gregory as they explore Chinese espionage, cyber-attacks, and cybersecurity strategies in the digital age.

Share