Cyber Liability

A Lurking Danger to Small Businesses

With more people working from home, cyber attacks are on the rise and criminals are targeting businesses of all sizes. As the threat continues to escalate, research indicates that small businesses are often the most prone to attacks. The Verizon 2019 Data Breach Investigations Report (DBIR) notes that 43% of cyber-attacks target small businesses, representing the largest share in the report (Small Business Trends, March 10, 2020).

This trend is driven by the fact that small businesses are more vulnerable than their larger counterparts. Many small business owners wear multiple hats and security protocols and plans can be overlooked within the scope of day to day operations. The US National Cyber Security Alliance reports that 83% of small businesses have no formal cybersecurity plan, and 69% have no plan in place at all. Threats to small businesses include malware, viruses, ransomware, phishing and more.

hands typing on laptop

Cyber criminals are interested in small businesses in multiple ways, including:

  • Access to personal data and client data that can be resold or held for ransom
  • Access to larger companies through small company computer systems
  • Direct access to cash by accessing banks and credit card data

(Security Magazine, February 29, 2020).

These breaches can be costly to address and extremely damaging to a small business both financially and reputationally. If financial information is compromised, a small business could suffer heavy fines, particularly if the business did not comply with security standards. Moreover, should a hacker access a small business’s banking credentials, the bank may not be responsible for restoring the funds.

These risks can be mitigated in multiple ways, including technology, risk prevention planning and training, ongoing monitoring, and insurance. A cyber policy can protect a business from a full range of cyber incidents, including breach of personal information, threat of unauthorized intrusion into or interference with your computer systems, damage to your data and systems from a computer attack, and cyber-related litigation.

C&F Digital Partners offers Cyber Risk as an optional coverage endorsement to the Business Owners Policy (BOP).

The policy provides coverage for expenses, defense costs, and liability for risks such as:

  • Notifying Affected Individuals in the event of a personal data compromise
  • Fines or penalties related to a personal data compromise
  • Restoring or recreating damaged data and services after an attack on your computer systems
  • Public relations services to maintain your business reputation and relationships following a compromise of personal data or a computer attack

The BOP Cyber risk endorsement also includes coverage for Identity Recovery. This provides business owners and eligible employees with case management services and financial resources to recover control of their identities after an identity theft.


It’s important to remember that a cyber attack does not only impact the small business directly, but also customers and other third parties.

The BOP Cyber Risk option covers both first and third-party claims to provide comprehensive protection. The following exhibit provides a summary of coverages provided by the BOP Cyber Risk coverage option, and provides an overview of the types of claims a small business could experience stemming from a cyber attack.

First Party Coverage

Data Compromise Response Expense

This coverage provides the insured with the resources to respond to a breach of personal information, including financial account information, social security numbers, passwords and digital signatures, and more.

Computer Attack and Cyber Extortion

As the name suggests, this covers a computer attack that damages the insured’s data and systems and helps to respond to a cyber extortion threat.

Identity Recovery

Identity theft is a common risk. This coverage provides the insured case management services and financial resources to recover control of their identities.

Third Party Coverage

Data Compromise Liability

Should insured’s customer or other third party be impacted by a breach of their personal information, this coverage provides defense and settlement costs in the event of a suit.

Network Security Liability

Provides defense and settlement costs in the event of a suit alleging that a system security failure on the part of the insured caused damage to a third party.

Electronic Media Liability

Should information displayed on a website cause alleged damage to a third party, this coverage provides defense and settlement costs.

No business is immune to a cyber threat and the direct costs and indirect losses from reputational damage, third party suits and lost time could force a small business to shut down. Cyber coverage is a cost effective add-on to a BOP that could mean the difference between success and closure for a small business owner.


This material is provided for information purposes only and is not intended to be a representation of coverage that may exist in any particular situation under a policy issued by one of the companies within Crum & Forster. All conditions of coverage, terms, and limitations are defined and provided for in the policy.