The headlines are full of stories about cyberattacks on big companies, but the truth is, no business in Michigan is safe. Cybercrime is not a distant threat—it's a problem happening right here at home, affecting local governments and businesses. A recent study shows that more than 40% of small businesses in our state have no plan to protect themselves from a cyberattack. This lack of preparation turns a digital threat into a potential real-world disaster.

The True Cost of a Cyberattack

Many people think a cyberattack is just an IT issue, but the financial damage goes far beyond the initial hit. The average cost of a single data breach is about $4.9 million globally. This can easily put a company out of business. In fact, over 60% of small businesses are forced to shut down within six months of a successful cyberattack.

A cyberattack costs you in many ways:

• Lost Revenue and Downtime: If your computer systems are shut down, you can't do business. This means lost sales and a complete halt to your daily work.
• Expensive Recovery: You'll have to pay for IT experts to investigate the attack and fix your systems. You might even have to pay a ransom to get your data back, as one Metro Detroit medical practice did, paying over $150,000. Other large companies have paid even more, with one recent example involving a $22 million ransom payment.
• Legal Fees and Fines: Michigan law requires you to tell customers when their personal information is stolen.This process can be costly and time consuming.  If you don't follow the rules, you can face large government fines and costly lawsuits from angry customers.
• Damaged Reputation: Customers and business partners lose trust in you after a data breach. This can make it difficult to find new clients and can harm your business for a long time.

Your Essential Protection: What Cyber Insurance Covers

Cyber insurance is a modern solution for a modern problem. It's designed to protect your business from the unique and complex risks of the digital world. A strong policy offers two types of protection:

1. First-Party Coverage: Protecting Your Business Directly

This part of the policy helps you with your own losses and costs. It helps pay for:

• Breach Response & Remediation: Coverage for response and remediation costs associated with a breach. This includes legal fees, customer notification, IT/digital forensics, restoration of data, and crisis media relations, among others.
• Cyber Business Interruption: Covers the financial losses you incur when your network is down due to a cyber attack.
• Dependent Business Interruption: Coverage for financial losses when a 3rd party provider experiences a cyber event that causes you disruption. 3rd parties often include cloud providers or other software/services/hosting providers.
• Ransomware/Cyber Extortion: Coverage for the costs to respond to a cyber extortion (ransomware) event, including forensics experts to investigate the attack, experienced negotiators, and sometimes ransom payments in virtual currencies.
• Invoice Manipulation: Coverage for the release or distribution of a fraudulent invoice or fraudulent payment instructions to a third party as a result of a cyber-event.

2. Third-Party Coverage: Protecting You from Lawsuits

This coverage shields you from the costs that come from lawsuits by other people, like your customers or partners. It helps pay for:

• Cyber/Privacy Liability: Covers defense costs and indemnity for claims against you related to cyber events / data breaches.
• Regulatory Defense & Fines: Defense and indemnity coverage for claims brought by federal, state, local or a foreign governing body related to privacy regulations, data breaches, cyber events, and fines and penalties.
• PCI Fines & Assessments: Coverage for assessments, fines or penalties imposed by banks or credit card companies due to non-compliance with the Payment Card Industry Data Security Standard (PCI DSS).
• Media Liability: Defense and indemnity for claims of libel, slander, copyright infringement, trademark infringement, invasion of privacy, etc.

A Partner in Prevention

The best cyber insurance policies don't just pay out after an attack—they help you stop attacks from happening in the first place. This makes them a true partner in your business security. These proactive services can include:

• Employee Training: Many policies provide training and tests to help your staff recognize and avoid cyber threats like phishing emails.
• Risk Assessments: Some insurers offer to scan your systems to find weak spots before hackers and cyber criminals can exploit them.
• Proactive System Monitoring: Ongoing and regular scanning to monitor for security vulnerabilities. If any issues are flagged, the carrier will proactively notify the insured and offer assistance to reduce the risk.
• Expert Cybersercurity Advice: Open access to cybersecurity experts to ask questions about your company’s security measures. This is usually access is provided via phone, chat, or email.

The Bottom Line

A cyber insurance policy can cost as little as $650-$1,000 per year.  When you compare this small cost to the potential for millions of dollars in losses from a single attack, the choice becomes clear.³ The question isn't whether your business can afford cyber insurance—it's whether you can afford to be without it.

Let Redwood Insurance Solutions help you build a stronger, more resilient business. Contact us for a free consultation to discuss your company's cyber security needs.