Cyber Insurance is an important precautionary measure you can take for your business, but many businesses find out too late that there are some things that insurance cannot cover. If your company is hit by a malicious ransomware attack, how will that affect your reputation with clients? Will they continue to trust you with their information, or is it possible that public humiliation from cyber criminals might drive a wedge in the confidence they have in you? Many times, cyber insurance has no clause for reputational impact.

Just because you HAVE insurance doesn’t mean you WANT to use it. Hopefully, you have health insurance in place to cover any medical emergencies, but I doubt you’re signing up for elective open heart surgery any time soon! When it comes to cybersecurity, insurance should be a secondary measure AFTER you have made sure your network is truly SECURE.

The worst thing about hackers is that they’re good at what they do. Backups and cloud solutions are necessary measures for data restoration, but they do very little for overall security. Criminals have learned how to sit undetected in a network for an extended period of time – however long it takes to figure out where your data is being stored. Then, once they’ve launched the ransomware, they’ll often destroy backups or remove permissions completely so your data is completely inaccessible, at least, without paying handsomely for it.

Cloud stored data is often similarly targeted by cyber criminals. Unfortunately, providers are only responsible for infrastructure security, NOT for the security of the device accessing the cloud. If a device is attacked, it has access to the cloud, too.

You see it on the news every day. Major corporations and organizations losing millions of dollars and tons of private, personal information is hung out like underwear on a flagpole. Where the mainstream media has failed, however, is in covering the fact that breaches like these are happening EVERY SINGLE DAY to small and medium sized businesses like yours and mine.

Think you’re too small? What about the small, two-person law firm our security team handled a disaster recovery case for? Feeling that they had no need, or perhaps no budget for security, they left their information wide open for hackers to come in and not only steal all their client data, but to also set the ransom for the EXACT amount of money in their bank account, down to the penny. When the criminals weren’t paid quickly enough, they began taunting their client base, publicly humiliating them while they faced the devastating decision of paying the ransom or closing their doors forever.

If you have valuable information, you need to consider how you are going to protect it.

The only thing worse than having your data stolen and being held for ransom is paying that ransom and STILL not recovering your data. This is an unfortunate reality in 20% of ransomware attacks.

The truth is, ransomware is not all that sophisticated. It’s often hastily thrown together, and there are more cases than you might expect where a cybercriminal might genuinely be willing to release your information but is helpless to reverse the damage that has already been done. At best case scenario, your options even after paying that ransom would be to dish out even MORE funds towards data recovery services.

Worst of all, hackers often leave a back door. We are dealing with criminals here, folks, and if they get the impression that they might have a valuable repeat customer on their hands, they are far more likely to leave a hole for them to reenter when they get done spending all your hard-earned money.

The question is, are you willing to pay the sum just to gamble with your data?