Building Up Your Cyber Defenses

Are you equipped to handle unprecedented cyberattacks? Here’s how to assess your readiness.

Cybersecurity breaches and cybercrime create some of the most pervasive problems in our digital age, and recent headlines remind us that even the largest, most secure organizations can become victims.

Pullquote share icon. Share

Ninety percent of small and mid-sized businesses do not use data protection.

The Equifax data breach prompted millions of Americans to think more seriously about cybersecurity, assess their vulnerability and question how to protect their finances – small business owners did the same.

But for these merchants, the stakes are even higher. They process large amounts of customer financial data and sensitive information. Hackers can have a disastrous effect on a company’s supply chain and livelihood.

Still, 90 percent of small and mid-sized businesses do not use data protection and often lack a sophisticated IT infrastructure.

The result: They are far likelier to be hacked.

Nearly two-thirds of cyberattacks are committed against small to mid-sized businesses, according to Property Casualty 360, and incidents of cybercrime are on the rise. Such breaches increased by 40 percent in 2016 compared to the previous year, according to Bloomberg.

Financial consequences

The financial consequences of cybercrime are also increasing. Just one attack can cost a mid-sized business between $84,000 and $148,000 in recovery expenses. For large companies, the tab can run as high as $4 million, Forbes estimates.

The cost is even higher if there’s a shutdown to investigate a breach. Litigation costs, regulatory fines, fees associated with customer communications and even public relations expenses can wipe out a small business if they’re not prepared.

Pullquote share icon. Share

Sixty percent of small businesses go out of business within six months of a cyberattack.

It’s no wonder that 60 percent of small businesses go out of business within six months of a cyberattack.

That’s why UPS Capital® recently introduced cyber liability insurance – a standalone policy that protects small and mid-sized businesses from the financial implications of these attacks.

The coverage extends beyond third-party coverage or basic coverage for litigation, privacy claims and fines resulting from a cybersecurity breach. It also includes first-party coverage for the more complicated and expensive consequences like cyber extortion, loss of business income and losses due to covered network disruption.

A case for cyber insurance

Once only available to larger corporations, cyber liability insurance now offers small and mid-sized businesses a chance to recover sooner.

It covers liability claims for invasion of privacy and for copyright and trademark violations in a digital, online and social media environment. It can help cover the costs of outsourcing critical business functions to insulate the company from further risk so the business can continue to process payments, store data, host websites and carry on business after a breach.

A traditional business owner policy generally doesn’t offer such protection, whether merchants realize it or not. General liability, commercial crime or Directors and Officers (D&O) policies provide very limited liability coverage for data breach and privacy claims.

These policies lack the expert resources and critical first-party coverage that help mitigate the significant financial, operational and reputational damages a data breach can inflict on an organization in today’s 24/7 information environment.

As a business grows, the impact of a cyberattack will grow larger and more devastating.

Cyber liability insurance is one of the many ways to protect a business. Here are a few additional protection tips:


It’s critical to become aware of your vulnerabilities. It’s when, not if you’ll be breached.

  • Recognize that general business insurance does not cover cybercrime.
  •  Remember the cloud doesn’t protect your business from a breach.
  • Talk to your IT team about the protection required for the specific needs of your business.
  • Develop scenario plans.


The best offense is a good defense, so develop a data breach response plan that includes the following:

  • Key internal stakeholders who can help investigate and resolve the issue (senior leaders, IT professionals, attorney, customer care)
  • External breach response partners such as data breach security consultants and outside legal counsel
  • Regulatory officials (state attorneys general, law enforcement, etc.)
  • Regular testing of your smart data security systems and procedures
  • Incident communications response plan – how you will notify customers, media, other impacted parties
  • A comprehensive cyber liability insurance policy


Don’t panic but act with a sense of urgency. Now is the time to implement your data breach response plan.

  • Act immediately. Begin by contacting your IT forensics team, legal counsel and cyber liability insurance agent.
  • Contain the breach. Take affected systems offline but don’t turn them off – your IT forensics team needs to analyze the source of the breach.
  • Document every step. Authorities will need to know when you detected the breach, who found it and what steps you are taking to contain the breach.
  • Communicate clearly with all stakeholders. Notify affected people and highlight your response plan.

To learn more about cyber liability insurance visit,

You might also like:

Network Security: How Logistics Partners Can Help

Leveraging a Small-Business Mindset for Long-Term Success

Secure Data, Safer Delivery

Dave Zamsky is responsible for managing and directing the global UPS Capital® Marketing, Business Intelligence and Product Development group.

Click the RSS icon to subscribe to future articles by this author. RSS Feed