Cybersecurity Insurance for Small Businesses [Overview: 2023]

by Jon Lober | NOC Technology

It's a war out there. Does your small business have its parachute on?

  • In your cubicle on the edge of the manufacturing floor, you follow your vendor’s email instructions to make a direct deposit of $46,000 to their account, only to discover three days later that they never receive the payment...


  • Cup of coffee at the ready, you sign in to your computer at your practice at 7:30AM sharp and discover a message. “All files on your computer have been encrypted. You must pay this ransom within 72 hours to regain access to your data...”


  • You own a small-town café with public Wi-Fi. You open your business mail during a mid-morning lull and discover a notice that you are being sued. One of your customers was hacked while using your internet access and is holding your business liable for their losses...


Now what?


Fund Transfer Fraud (FTF), Business Email Compromise (BEC), ransomware, cyber liability, or even (especially) good ol’ fashioned phishing can permanently close the doors of a small business. A single wayward click by one of your employees, clients, or vendors can precipitate any of our doomsday examples above.


We hope you already implement cybersecurity measures designed to prevent a cyberattack—but are you prepared for one that still manages to slip past your defenses?


Do small businesses really need cybersecurity insurance coverage?


According to the FBI, in 2022, Business Email Compromise (BEC) cost US businesses more than $2.7 billion. Insurance provider Coalition reported that ransomware claim severity reached an all-time high in the first half of 2023, with the average loss per business surpassing $365,000 in ransom payments.  


Unfortunately for SMBs, these statistics do not just reflect the financial impact of cybercrime on large corporations and enterprises. If anything, the repercussions for small businesses can be even more severe since they often operate on tighter budgets and smaller capital reserves. In fact, 60% of small businesses shut down within six months of a cyberattack.


Thanks to Hollywood, most people mistakenly assume that cyberattacks usually originate from a nefarious hacker in a hoodie sipping Red Bull at midnight. However, here in the real world, cybercrime often begins in surprisingly mundane origins and impacts nearly every sector of the economy. No business with a computer is without risk.


  • Auto dealerships can be easily compromised through a stolen laptop or tablet left unattended by a salesperson.
  • Invoices for feed and agricultural supplies at busy times of year can be spoofed, leading farmers to make hasty payments to fake entities.
  • Contractors' client databases are juicy targets for many hackers and can be accessed through third-party vulnerabilities. (Listen on Spotify to this recent podcast about how a cybercriminal abused a pool-installation contractor to scam a family out of $31,000 dollars through Zelle).  


How does cyber insurance protect small businesses?


To get an idea of how cyber insurance helps real small businesses in Missouri and across the United States, we spoke with Creig Scott, an account executive specializing in cyber coverage at SBI Insurance.


When we asked Scott how many of their clients had cyber insurance, his answer was simple – “Not enough.”


“Sure, cybercriminals might be attacking the Targets and Home Depots, but who they are really going after is the small business that is not staying up-to-date. They want to find that small business owner wearing multiple hats that just wants to pay an invoice without looking at the details and move on.”


According to Scott, most of their SMB clients elect to carry no cyber coverage at all. Those that are covered, usually only maintain a minimal offering through their business owner’s policy (BOP). Standard BOP coverage typically only covers $25-$50 thousand dollars in cyber liability, leaving small businesses completely exposed to the most common and harmful types of cyber risks: social engineering schemes, phishing, ransomware, and business email compromise.


Across the industry, most SMBs seek cyber coverage only once its too late—after they (or a close associate) have personally experienced a cyberattack. Scott explained to us that, in 2023, it can be extremely difficult to secure a cyber policy for a small business that has recently suffered a cyberattack. In the recent past , nearly any business was able to obtain a cyber insurance policy. However, as the market matures and the demand for cyber coverage increases, insurance companies have become increasingly selective to whom they provide coverage, and companies that have previously fallen victim to cyberattacks are often at the bottom of that list.


Fortunately, forward-looking companies that proactively seek help from cyber brokers are able to procure a policy before disaster strikes.


SBI is a broker for Cowbell Insurance—a leading cyber insurance provider for SMEs. SBI’s cyber offerings through Cowbell provide far greater coverage than a standard BOP policy. These dedicated cyber policies cover the types of cyber catastrophes that tend to portend a small business Armageddon event.


Scott recommends that the average Missouri small businesses start with at least $250,000 of coverage, with the disclaimer that “Something is better than nothing, but more is better.” That advice makes sense when you consider that the average fund transfer fraud cost for a small business was $247,152 at the end of 2022.


Beyond fund transfer fraud, a SBI’s cyber policies also covers other flavors of social engineering, like spear-phishing, business email compromise, and smishing attacks. This type of coverage is especially important since it accounts for human error at the office. Even for the small business that keeps its cybersecurity policies and software up-to-date, an impulsive click by an any employee can still open the door for a debilitating cyberattack.


How can a small business reduce its cyber insurance premiums?


Like any other insurance sector, cyber insurance providers want safe, healthy customers. In the world of healthcare, young people with no pre-existing conditions are offered low premiums. Those policies tend to not pay out frequently and, as a result, offset the payouts necessitated by less healthy clients. The same goes for the auto insurance industry; many providers offer rebates to drivers with exceptional safety records or extra safety training.


In the cyber insurance landscape, dedicated cyber providers like Cowbell and Coalition as well as traditional houses with cyber offerings like Travelers, Chubb, and AIG prefer clients that they perceive to be safe bets, and they are usually willing to offer discounts or incentives in order to attract them. So how can a small business become attractive to a cyber insurance provider?


Scott explained to us that his customers can obtain lower rates by through measures like up-to-date isolated offline backups, encrypted business email services, multi-factor authentication (MFA) on all accounts, policies for the disbursement of payment (like mandatory sign-offs from multiple individuals), and continual employee cybersecurity education.


In order to implement these measures, many small businesses are increasingly turning to managed service providers (MSPs) like NOC Technology. Good MSPs typically retain a variety of experts on their staff (including cybersecurity specialists) that can provide far greater IT support than a typical Missouri SME could ever contract in-house. The benefit extends far beyond help desk support. In the past year, one of NOC’s clients commented that since contracting our services, his small business’s cybersecurity premiums had dropped by roughly 10% simply due to the standard

measures we take to protect our clients.


In summary

Our conversation with Scott confirmed our own experience with local clients—Missouri small businesses are still not taking the current cybersecurity threat seriously enough. We continue to encourage small businesses, local governments, and non-profits in Missouri and across the Midwest to take a proactive approach to cybersecurity threats.


  1. Implement the minimum cybersecurity measures to prevent catastrophe from happening: MFA, secure endpoints, up-to-date IT and disbursement policies, encrypted email and backup, and employee education.
  2. If you need support to implement cybersecurity measures in your small business, seek help from a local, high-quality MSP that can make sure that all of your bases are covered.
  3. Do not stop once you have taken every proactive measure. Maintain adequate cybersecurity coverage as a parachute in case of an unpreventable disaster.

 

 

 

Brace your business against these top five cyber threats to SMBs

Top 5 Cyberthreats to SMBs—and How to Stop Them

By Jon Lober April 29, 2025
Are you taking unnecessary risks with your data?
Missouri Sheltered Workshops can empower human potential through AI

Empowering Sheltered Workshops with AI and Automation

By Jon Lober April 24, 2025
Embracing the potential of both AI and humans
Tech upgrades that will boost employee safety in sheltered workshops

Enhancing Safety in Sheltered Workshops with Smart Technology

By Jon Lober April 15, 2025
At NOC Technology, we've worked with Missouri sheltered workshops for over seven years, and I've witnessed firsthand how the right technological implementations can transform sheltered workshop environments. Today, I'd like to share some insights on leveraging modern technology to create safer workspaces while maintaining the dignity and privacy of all participants. The Unique Safety Challenges of Sheltered Workshops Sheltered workshops provide valuable employment opportunities for individuals with disabilities, but they also present unique safety considerations. Workers may have varying levels of physical mobility, cognitive processing, and sensory perception—all of which can impact how they respond to traditional safety measures. Additionally, the production environments often involve machinery, tools, and materials that require careful monitoring and management. The Role of Smart Technology in Safety Advancements in smart technology provide real-time safety monitoring, immediate alerts for potential hazards, and improved emergency response times. Let’s explore some key technologies and their benefits in sheltered workshop environments. Personalized Alert Systems Traditional emergency alarms can be overwhelming for individuals with sensory sensitivities. Smart alert systems can deliver personalized notifications through: Vibrating wristbands that alert workers without auditory overload Visual notification systems with customizable colors and patterns Tablet-based communication for workers who benefit from visual cues Location-specific alerts that only notify those in affected areas We recently implemented a multi-modal alert system at a workshop in central Missouri that reduced anxiety-related incidents during emergency drills by 65% . Environmental Monitoring Maintaining optimal environmental conditions is crucial for both safety and productivity: Temperature and humidity sensors that automatically adjust HVAC systems Air quality monitors that detect potentially harmful particulates Noise level monitoring to prevent sensory overload Automated ventilation systems that activate when chemical levels exceed thresholds These systems not only protect workers but also provide documented compliance with OSHA regulations. Enhanced Supervision through Smart Cameras Security cameras have evolved beyond simple surveillance. Modern systems can: Detect unusual patterns that might indicate a worker in distress Monitor restricted areas without constant staff presence Identify when machinery is being used incorrectly Alert supervisors to potential safety hazards Important note: All camera systems should be implemented with strict privacy protocols and transparent policies. Workers and guardians should be fully informed about what is being monitored and why. In many cases, audio cannot be recorded, and the camera system must be configured to meet this requirement. Wearable Safety Technology Wearable devices offer personalized safety monitoring without stigmatization: Fall detection pendants that automatically alert staff Location tracking that helps locate workers in emergency situations Biometric monitoring for workers with health conditions Proximity sensors that prevent accidental entry into hazardous areas These wearables can be designed to look like standard ID badges or watches, preserving dignity while enhancing safety. Implementation Best Practices Successfully integrating smart technology into sheltered workshops requires careful planning: Involve all stakeholders: Workers, guardians, and staff should participate in selecting and implementing new technologies. Prioritize simplicity: Choose solutions that require minimal training and maintenance. Phase in gradually: Introduce new technologies in stages to allow everyone time to adapt. Balance automation with human oversight: Technology should supplement, not replace, trained staff. Respect privacy: Collect only essential data and maintain strong security protocols.
More Articles