Small Businesses Buying Less Cyber Insurance

Despite intense media attention around cyber risks, fewer small businesses are buying cyber liability insurance.

Insureon, an insurance provider for small businesses, announced that since the data breach at Target late last year, only five percent of non-IT clients have sought to protect themselves against cyber risk. In the months before the Target story broke, nine percent were looking at it.

The company says that small businesses shouldn’t be fooled, by media coverage, into thinking that only big names like Target or Stubhub get hacked.

Read: Ten Arrested Over Data Breach, Money Laundering

“The reality is that small businesses get hacked far more often than big ones,” said Ted Devine, CEO of insureon. “But you’re not going to turn on the evening news and hear about the florist on the corner getting breached.”

Devine added that assuming a business won’t be hacked because it’s small is like assuming a bully won’t steal another kid’s lunch money because there’s a bank on the corner. “There are small-time hackers, too,” said Devine. “And they’re going after smaller businesses.”

Read: Insurance Industry Lagging at Cyber Risk: Report

This misperception of data breach exposure has been documented elsewhere, too. Verizon’s 2014 DBIR Report notes that, while media reporting “makes quite a splash… from a frequency standpoint, [hacking] largely remains a small-and-medium business issue.”

Insureon did find one positive trend: while small businesses have been less likely to buy cyber insurance since the Target breach, they’ve been more likely to choose higher coverage limits. Before Target, 93 percent chose the minimum policy limit; in the months since, that number has shrunk to 85 percent.

Insureon recommends that small businesses revisit their exposure and their state data breach laws. Florida, for example, just passed a law that fines up to $500,000 for data breaches.

This story was originally published by Canadian Insurance Top Broker.