Cyber crime doesn’t just affect data-rich companies. Every technology, even the most basic, introduces the risk of cyber attack. In fact, tools like email are commonly exploited for phishing and similar attacks. Online financial services, digital payments, remote collaboration, and other tools all create avenues of risk. And it's important to remember that cyber risk doesn’t just come from a business's technology, but extends to vendors, partners, and even employees’ behavior. All businesses need a plan for addressing cyber crime.

Cyber security tools are an important first step in mitigating and managing cyber risk. But they’re only a first step: protections can and do fail. Additionally, cyber security tools won’t protect against exposure through vendors and third parties — or your employees. Nearly half of cyber crime is a result of human error. Organizations need a comprehensive plan to protect themselves from increasing threats. Businesses need both security and insurance to be fully protected.

Traditional insurance isn’t designed to cover the broad impacts of cyber crime. Most package policies only cover third-party costs, leaving significant coverage gaps. The consequences of cyber attacks don’t stop at compensating customers for privacy violations or identity theft. Out of pocket expenses, operational interruptions, and resulting revenue loss pose major challenges following a cybersecurity attack. Cyber insurance mitigates these risks and provides solutions to help businesses rapidly restore operations at a critical time.

For business leaders just becoming familiar with cyber insurance, the cost of coverage may seem like a financial burden. The reality is, in the current cyber threat environment, businesses can’t afford not to have sufficient insurance. Cyber criminals increasingly target small businesses with sophisticated attacks. Recovery costs can be devastating. On average, the cost of a small business data breach is between $120,000 and $1.2 million. Business owners need a comprehensive plan for protection, including recovery, digital asset restoration, and crisis management. Note that cyber insurance is customized for an organization’s risk exposure and business needs to manage the expense.

Prospects may say this when they don’t clearly understand the risk of cyber threats, or the value that cyber coverage offers. But considering the frequency of attacks on businesses and the average cost of recovery, it’s not a good time to postpone action. According to IBM, it takes an average of 212 days to identify a data breach and 75 days to contain the issue. This means that a prospect could already be facing a cybersecurity issue without knowing it. 

For many businesses, an attack can be too much to overcome. There’s no such thing as beginning preparations to address cyber attacks too early — but definitely such a thing as too late. Businesses shouldn’t risk their long-term viability over a simple, reversible decision they could make today.

These responses could be a polite decline, or reflect a genuine need to better understand and digest the value and necessity of cyber insurance. Try to learn what aspects may be causing their hesitation so you can avoid pushing general selling points and directly address the relevant issues. 

Consulting a business partner or spending time evaluating significant matters such as cyber crime and coverage are understandable, valid actions. But help your client ensure that the need for discussion or consideration doesn’t slip into procrastination and avoidance; establish a plan to reconnect. Schedule a day and time for a call with the client and their business partner. This provides an opportunity to address any remaining concerns in person. In the meantime, getting the application process started can be helpful. Addressing cyber protection is a critical matter that shouldn’t be delayed.