According to a report from IBM, Security Data breaches in the US cost businesses an average of more than $4 million per incident.

If that sounds scary, you are not wrong to be afraid.

Data breaches strike both large enterprises and smaller businesses as well. Small businesses are targeted mainly because they are easier victims; most businesses do not have the proper layers of cyber protection.

 What is a Data Breach?

A data breach is a data disclosure leak or a security violation that can potentially be incredibly costly. Cyber criminals use sensitive or confidential information for their gain, damaging reputations, and company finances.

For many business owners their natural reaction to cyber threats is to obtain the best cybersecurity controls and systems their budget will allow, and that is a sound business decision. But the protection does not stop there.

All enterprises-large or small-are threatened by cyber uncertainty and constantly under cyber-attack. One way to mitigate cyber-attack risk is to get insurance specially designed to respond to a cyber-attack. If you do not think you need it, you probably do.

What is Cyber Security Insurance?

Cybersecurity insurance responds to a broad range of cyber threats. Some of the common threats-and most damaging include the following:


Hackers will use malware to deny access to the organization’s data system and threaten to disclose business sensitive information publicly. A cyber insurance policy may act against extortion by providing coverage for expenses and ransom payments-which may include payments to prevent the release of Personal Identifiable Information or PII.

The FBI recommends specific actions for extortion and generally discourages victims from paying ransoms because there is no guarantee that the hackers will remove the malicious software or restore the data.

BEC and Social Engineering Attacks

Many cybersecurity policies cover Business Email Compromise (BEC) and other social engineering attacks. In a typical BEC fraud, hackers trick employees to make wire transfers to the hacker’s bank account. The hacker will use a spoofed email account from the organization’s leader or business managers to request immediate payment. Once the payment is made there is no way to recover the funds because these are not traceable. A cyber security policy can help to recover some of these funds.

Loss of Business and Money

Loss of business income due to a cyberattack and additional direct costs such as forensic expenses can be covered under cybersecurity insurance policies. In some cases, policies return losses from an attack to a third-party such as a vendor or partner. This coverage is essential given in today’s complex supply chain ecosystem.

Damaged Reputation

Many companies rely on the trust of their customers to conduct business and customers rely on the business to keep PII secure. A cyberattack can cause a significant reduction in revenue and damage the financial sheet for some time. However, the effects of a damaged reputation can be long lasting and can cause a business to close its doors due to customer mistrust.

Businesses may prevent the risk of a large economic loss from a cyberattack by implementing recommended cyber safety procedures and applying security control measures. But as we know from the IBM Data Security Report, having security measures to prevent an attack is not enough to stop breaches and prevent financial devastation. An additional layer of protection is needed to avoid severe loss to the bottom line.

At Semaphore Insurance Solutions, we go the extra mile to make sure that your business has the best insurance policy for your needs and budget. Call our insurance team at 949.305.5000 and learn more about the options we can offer you.