Question about cyber insurance

[Velvis]

A small business owner (2-3 employees total) who doesn't process credit cards or collect financial info asked me (Currently he is not a customer of mine) if he should have a policy that costs him $5000/year. His only business concern would be losing what he has on Google Workspace. His insurance company also told him that anyone working on his computers should also have cyber insurance, which seemed to him to be a way for his insurance company to pass the buck should something happen.

He/I was wondering if $5000/year is high and if his insurance requiring anyone working on the computers to also have insurance a normal thing.

He isn't opposed to carrying it but was curious if what he is paying is normal.

 

[HCHTech]

Ask for a copy of the policy and read the exclusions section(s). They are long and convoluted - and make the possibility of an actual successful claim much smaller than the average company owner might expect. That being said, sometimes they just have to have it because of their exposure or industry.

Does this company keep client data on their systems in any way? If not, then the potential coverage is basically 'business interruption' costs in the event of a ransomware infection. If they have good backups (including an immutable one), then they might decide that they can handle business interruption in this case just fine.

I would be cautious about recommending any particular action, though. Lay out the pros and cons the best you can and let them make the decision.