Cyber-Insurance: Your Business Must Have It

Those of us who own or manage a business know that you can’t run your business without a good General Liability insurance policy to cover you in the event something bad happens to a co-worker or client.  Some of us also need to have Errors and Omissions insurance or Malpractice insurance.

All of us need to at Cyber-insurance to the mix.  Every day I read about another company who has suffered a serious financial loss at the hands of cyber-criminals, who hack the computer used for banking transactions, log on remotely, and send themselves whatever funds are available in the compromised account.  Most banks do not cover these sorts of losses, even if it appears that they may be partially at fault for allowing the transactions to take place.

Got an SBA operating line of credit?  You had to personally guarantee that loan.  What happens if the bad guys advance on that loan in the process of cleaning out the till?  Will you have funds available to pay down the loan?  Probably not.

Start with your current General Liability insurance agent; find out what protection you may already have, and what can be done to improve your protection.  Understand the limits of liability.  You need a plan in place that will cover the total lost of your liquid assets.  If your current insurance company can’t provide the coverage, find on that will.  Not everyone has this sort of coverage available yet.

The Department of Homeland Security and the Treasury and Commerce Departments recently posted a Cybersecurity Framework, and an integral part of their plan is the recommendation of cyber-insurance.  This blog post on is worth the read.

So get busy and add this to your security to-do list, but please put it at the top of the list.  As always – be careful out there!


About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at


Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.