269 views 3 mins 0 comments

MGM and Caesars have big cyberinsurance policies, but small businesses need cyberinsurance too

In Insurance News
September 26, 2023

At least five class-action lawsuits were filed last week against the two Las Vegas entertainment giants following data breaches reportedly by the same group of threat actors. As Digital Insurance reports, Okta, an identity and access management company used by both firms, issued an advisory in August about hackers tricking IT service staff into resetting multi-factor authentication.

On September 19, The Nevada Independent reported that a Wall Street analyst opined that the losses MGM Resorts has been experiencing could be covered by a $200 million cyber insurance policy covering ransom payments and business interruption. While small or medium businesses likely can never afford such policies, InsZone points out that cyberinsurance is absolutely essential for small businesses in today’s digital landscape. While their article is somewhat self-serving, it raises a valid point:

Contrary to the misconception that only multimillion-dollar corporations are targets, small and medium size businesses are increasingly vulnerable to cyberattacks. These attacks can wreak havoc on finances, customer trust, and overall business continuity. Cyber insurance provides a crucial safety net, helping small businesses recover from data breaches, ransomware attacks, or other cyber incidents. It can offer financial protection for legal fees, data recovery costs, and even customer notification expenses. Moreover, it can be the difference between bouncing back quickly or facing bankruptcy in the aftermath of a cyberattack. Small and medium size businesses, just like larger enterprises, need to prioritize cyber insurance to safeguard their digital assets and maintain the trust of their customers in an era where cyber threats know no boundaries.

In an article on Forbes oriented to small businesses, Dr. Byron Cole advises:

Although MGM and Caesars are large corporations, the ways in which they may have been compromised by hackers simply calling front line workers could happen to a business of any size.

Small businesses should take the followi

ng steps to protect against costly and brand-damaging cyber attacks.

  • Invest in up-to-date cyber security training for staff
  • Invest in cyber insurance
  • Have good manual processes for smoother operations in case a system is compromised

In a companion article, he also provides additional tips for small businesses, but doesn’t really dive into the difficulties of getting affordable cyberinsurance. Articles such as those by insurers like Hiscox and Vouch or articles like those by TechInsurance may help small business owners begin to understand what policies might cover and what they may not cover so the firm can make a list of questions to ask potential policy issuers, but finding an affordable policy for small businesses may not be easy.