For small and medium-sized businesses (SMBs), safeguarding against multifaceted risks is imperative. A SEMrush 2023 Study showed 2,842 out of 3,049 reported SMB incidents led to data disclosures. The Equal Employment Opportunity Commission (EEOC) also reports rising discrimination claims. Premium insurance options like EPLI, Cyber Liability, Data Breach Response, and D&O Insurance can shield your business. Compare them to counterfeit models, and choose the one with the Best Price Guarantee and Free Installation Included. Local SMBs, don’t wait! Protect your business now.

Data Breaches in SMBs

Did you know that among 3,049 reported incidents involving SMBs, 2,842 resulted in confirmed data disclosures? This shows just how prevalent data breaches are in the small and medium – sized business landscape.

Attack Statistics

Percentage of cyber attacks on small businesses

A staggering 88% of breaches in SMBs involved ransomware attacks, as per the collected data. This far surpasses the 39% rate seen in larger enterprises. This indicates that small businesses are more vulnerable to ransomware attacks compared to their larger counterparts. For example, a local family – owned grocery store might fall victim to a ransomware attack that encrypts their customer database and demands a hefty ransom for its release.
Pro Tip: SMBs should invest in up – to – date anti – ransomware software to protect their data. As recommended by Norton, a well – known cybersecurity tool, having real – time threat detection can prevent many ransomware attacks.

Percentage of attacks on businesses with 1,000 or fewer employees

Although specific percentages for businesses with 1,000 or fewer employees are not provided in the current data, we know that smaller organizations in general are at high risk. Small – to medium – sized businesses may not have the time, resources, or expertise to evaluate their D&O and other management liability risks associated with data breaches.

Reported data compromises in 2024 and 2025

The data shows that data compromises are a significant issue. With the increasing use of digital technologies, the number of reported incidents is likely to rise. A recent survey revealed that 62% of global directors consider cyber attacks, data loss, and digital crime among their primary D&O risks (SEMrush 2023 Study).

Cost of Data Breaches

Small and medium – sized enterprises (SMEs) faced an average cost of $2.98 million in data breaches, while organizations with fewer than 500 employees saw costs rise to $3.31 million. These costs can include legal fees, loss of customer trust, and the expense of restoring data. For instance, a small tech startup that experiences a data breach may have to spend a large portion of its capital on legal defense and data recovery.
Pro Tip: SMBs should consider purchasing data breach response insurance. Top – performing solutions include policies from well – known insurance providers like Chubb that offer comprehensive coverage. Try our data breach cost calculator to estimate how much a data breach could cost your business.
Key Takeaways:

• SMBs are highly vulnerable to ransomware attacks, with an 88% breach rate from such attacks.
• Data breaches can be extremely costly, with SMEs facing average costs of $2.98 million.
• Investing in anti – ransomware software and data breach response insurance can help mitigate risks.

Directors and Officers Insurance for SMBs

A recent survey showed that 62% of global directors consider cyber attacks, data loss, and digital crime among their primary D&O risks. This statistic highlights the increasing need for small and medium – sized businesses (SMBs) to have proper Directors and Officers (D&O) insurance coverage.

Emerging Risks

Cyber – related risks

Cyber attacks are a major threat to SMBs. Among 3,049 reported incidents involving SMBs, 2,842 resulted in confirmed data disclosures (SEMrush 2023 Study). For example, a small e – commerce business was hit by a ransomware attack. The hackers encrypted the company’s customer data and demanded a large ransom. The directors and officers had to make quick decisions on whether to pay the ransom or not. This incident led to a significant loss of customer trust and potential lawsuits.
Pro Tip: SMBs should conduct regular cyber risk assessments and invest in robust cybersecurity measures. As recommended by industry experts, implementing multi – factor authentication and regular data backups can help mitigate cyber risks.

Geopolitical and regulatory risks

In 2025, executives face growing risks such as geopolitical tension and economic uncertainty. These factors can have a direct impact on the decisions made by directors and officers. For instance, changes in trade policies due to geopolitical issues can force a company to restructure its supply chain. If the directors and officers make decisions that are later found to be non – compliant with new regulations, they may face regulatory actions and lawsuits.
Pro Tip: Stay updated on geopolitical and regulatory changes by subscribing to industry newsletters and attending regulatory seminars.

New legal and corporate risks

Emerging risks like the increased adoption of AI, ESG litigation, and the new “failure to prevent fraud” corporate offence under ECCTA are weighing on directors and officers. Smaller and mid – sized private companies in the United States are entering 2026 facing a tougher risk landscape, as rising insolvencies add to the pressure. For example, if a company fails to properly manage its AI implementation and it leads to discriminatory practices, the directors and officers can be held liable.
Pro Tip: Develop and implement comprehensive risk management strategies that cover these new legal and corporate risks.

Underwriting

As the risks of litigation, antitrust losses, and bankruptcy remain high, D&O insurers are expected to continue to exert caution when offering coverage to SMBs. Underwriters have used bankruptcy and insolvency exclusions to help protect against financial challenges to businesses across various industries.
Comparison Table:

Underwriting Factor	Impact on Coverage
Company’s Financial Stability	Higher stability may lead to better coverage terms
Industry Risk	High – risk industries may face higher premiums
Claims History	A history of claims can result in more restrictive coverage

Pro Tip: To improve your chances of getting favorable underwriting terms, maintain accurate financial records and have a solid risk management plan in place. Try our D&O insurance coverage calculator to estimate your potential coverage needs.
Key Takeaways:

• SMBs are facing multiple emerging risks, including cyber – related, geopolitical, and new legal risks.
• D&O insurers are cautious in underwriting due to high risks.
• SMBs can take proactive steps such as risk assessment and proper record – keeping to mitigate risks and get better insurance terms.
  Test results may vary.

EPLI for SMBs

Did you know that a significant number of small and medium – sized businesses (SMBs) face employment – related legal claims every year? These claims can lead to substantial financial losses if not properly managed. Employee Practices Liability Insurance (EPLI) is a crucial safeguard for SMBs in this regard.

Covered Employee Practices

Discrimination

EPLI offers protection against claims of discrimination in the workplace. Discrimination can occur in various forms, such as based on race, gender, age, or disability. For example, a small marketing agency might face a discrimination claim if an applicant alleges they were not hired because of their age. According to a recent study by the Equal Employment Opportunity Commission (EEOC), discrimination claims are on the rise, with thousands of cases being filed annually.
Pro Tip: SMBs should regularly conduct diversity and inclusion training to minimize the risk of discrimination claims.

Wrongful termination

Wrongful termination is another area where EPLI provides vital coverage. If an employee believes they were fired unjustly, such as being terminated in retaliation for reporting wrongdoings, they can file a lawsuit. Consider a case where a mid – sized manufacturing company terminates an employee who had raised concerns about safety violations. The employee then sues for wrongful termination. EPLI would cover the legal costs and potential settlement in such a scenario.
As recommended by Insurance Business Magazine, SMBs should have clear termination policies and document the reasons for termination thoroughly to reduce the likelihood of wrongful termination claims.

Harassment

Harassment, whether sexual or otherwise, is a major issue in workplaces. EPLI protects businesses from claims related to workplace harassment. A local service – based SMB could face a harassment claim if an employee accuses a supervisor of inappropriate behavior. A study from the Workplace Fairness organization showed that harassment claims are quite common and can cause significant damage to a company’s reputation and finances.
Pro Tip: Establish a zero – tolerance policy for harassment and provide regular training to all employees on appropriate workplace behavior.

Underwriting

Underwriting for EPLI is an important process. Underwriters have used bankruptcy and insolvency exclusions to help protect against financial challenges to SMBs. Smaller and mid – sized private companies in the United States are entering 2026 facing a tougher risk landscape, as rising insolvencies pose threats. When underwriting EPLI policies, insurers assess the risk profile of the business, including its HR policies, past employment – related claims history, and industry risk factors.
Most EPLI policies are written on a "claims – made" basis, which differs significantly from the "occurrence" coverage found in general liability. This means that a claim must be reported during the policy period. SMBs should be aware of this distinction when considering an EPLI policy.
Top – performing solutions include working with an experienced insurance broker who can help navigate the underwriting process and find the best EPLI coverage for the business.
Key Takeaways:

• EPLI covers employment – related claims such as discrimination, wrongful termination, and harassment for SMBs.
• Underwriting for EPLI involves assessing the business’s risk profile and most policies are on a "claims – made" basis.
• SMBs can take proactive steps like training employees and having clear policies to reduce the risk of employment – related claims.
  Try our insurance needs calculator to determine the right EPLI coverage for your SMB.

Cyber Liability Insurance for SMBs

Did you know that 66% of small to medium-sized businesses (SMBs) have experienced a cyberattack in the past 12 months (Ponemon)? And among 3,049 reported incidents involving SMBs, 2,842 resulted in confirmed data disclosures. These statistics highlight the critical need for SMBs to consider cyber liability insurance.

Covered Risks

Data – related risks

Data – related risks are at the forefront of concerns for SMBs. A data breach can expose sensitive customer and company information. For example, a small e – commerce business may experience a data breach where customer credit card details are stolen. This can lead to significant financial losses and damage to the company’s reputation.
Pro Tip: Regularly back up your data to an off – site location to minimize the impact of a data breach. As recommended by industry experts, having a reliable data backup system can help in quickly restoring operations after a cyber incident.
Cyber liability insurance typically covers data – related risks such as data breach, data restoration, and privacy liability. According to a recent analysis, 88% of breaches in SMBs involved ransomware attacks, far surpassing the 39% rate seen in larger enterprises. This shows that SMBs are a prime target for cybercriminals looking to exploit vulnerabilities in their systems.

Legal and third – party risks

Your directors and officers may also face exposure to lawsuits and regulatory actions related to cyber incidents. For instance, if a company fails to protect customer data and a data breach occurs, it may face legal action from customers or regulatory bodies. A recent survey revealed that 62% of global directors consider cyber attacks, data loss, and digital crime among their primary D&O risks.
Pro Tip: Ensure that your company has a clear incident response plan in place to handle legal and third – party claims promptly. Top – performing solutions include hiring a legal expert specializing in cyber law to guide you through the process.
Cyber liability insurance can cover legal fees, settlements, and claims related to mismanagement, breach of fiduciary duty, and other acts or omissions in relation to cyber incidents. This coverage can be a lifesaver for SMBs that may not have the financial resources to handle large legal expenses.

Operational risks

Operational risks such as business interruption and cyber extortion are also significant threats to SMBs. A cyber attack can disrupt normal business operations, leading to lost revenue and productivity. For example, a ransomware attack may lock a company’s systems, preventing it from serving customers.
Pro Tip: Conduct regular cybersecurity training for your employees to prevent human – error – based cyber incidents. Try our online cybersecurity training tool to educate your staff on best practices.
Cyber liability insurance can provide coverage for business interruption, helping to cover lost income and additional expenses incurred during the recovery period. It can also cover the cost of dealing with cyber extortion demands.

Underwriting

Underwriters have used bankruptcy and insolvency exclusions to help protect against financial challenges to businesses across various industries. When it comes to cyber liability insurance for SMBs, underwriters assess the company’s cybersecurity measures, data protection policies, and incident response plans.
Industry benchmarks show that SMBs with strong cybersecurity protocols are more likely to get favorable underwriting terms. For example, a company that regularly updates its software, uses multi – factor authentication, and conducts penetration testing is seen as a lower risk.
Pro Tip: Work with a Google Partner – certified insurance broker to navigate the underwriting process. They can help you present your company in the best possible light to underwriters.
Key Takeaways:

• SMBs are highly vulnerable to cyberattacks, with a high rate of data breaches and ransomware attacks.
• Cyber liability insurance covers data – related, legal, and operational risks associated with cyber incidents.
• Underwriting for cyber liability insurance considers a company’s cybersecurity measures.

Data Breach Response Insurance for SMBs

Data breaches have become an ever – present threat for small and medium – sized businesses (SMBs). A recent study found that among 3,049 reported incidents involving SMBs, 2,842 resulted in confirmed data disclosures (SEMrush 2023 Study). This highlights the urgent need for SMBs to have proper data breach response insurance.

Components

Financial Coverage for Incident – Related Expenses

When a data breach occurs, SMBs can face a multitude of expenses. These include not only the costs associated with notifying affected customers, but also potential legal fees if lawsuits are filed. A practical example is a small e – commerce business that experienced a data breach. After the incident, they had to hire forensic experts to determine the extent of the breach, which cost them a significant amount. Data breach response insurance can cover these incident – related expenses, ensuring that the financial burden doesn’t cripple the business.
Pro Tip: Before purchasing data breach response insurance, carefully review the policy to understand what types of expenses are covered. Some policies may exclude certain costs, such as regulatory fines.
As recommended by industry leaders in risk management, SMBs should look for policies that offer comprehensive financial coverage. High – CPC keywords here could be “data breach response insurance” and “financial coverage for data breaches”.

Support for Business Resilience

A data breach can disrupt business operations and damage a company’s reputation. Insurance providers often offer support services to help SMBs get back on their feet. For instance, they may provide public relations support to help manage the company’s image after a breach. A real – life case study involves a local accounting firm. After a data breach, their insurance provider arranged for a PR firm to handle communications with clients. This helped the firm maintain client trust and resume normal operations more quickly.
Industry benchmarks show that businesses with proper insurance support are more likely to recover from a data breach within a reasonable time frame. According to some studies, up to 70% of businesses without proper support may face insolvency within a year of a major data breach.
Pro Tip: When considering insurance, look for providers that offer a network of service providers, such as IT security firms and PR agencies.
“Business resilience in data breaches” is another high – CPC keyword that can be integrated here.

Risk – Assessment and Management

Many data breach response insurance policies also include risk – assessment services. Insurance companies will evaluate the SMB’s existing security measures and identify potential vulnerabilities. For example, an insurance company might conduct a penetration test on the business’s website to check for security flaws. Based on the results, they can offer recommendations on how to improve security.
This type of proactive risk management is crucial, as 88% of breaches in SMBs involve ransomware attacks, far surpassing the 39% rate seen in larger enterprises. By addressing vulnerabilities before a breach occurs, SMBs can reduce their risk of a costly incident.
Pro Tip: Act on the risk – assessment recommendations provided by your insurance company. This can not only lower the likelihood of a breach but also potentially reduce your insurance premiums.
“Risk – assessment for data breaches” is a relevant high – CPC keyword for this section.
Key Takeaways:

• Data breach response insurance offers financial coverage for incident – related expenses.
• It provides support for business resilience, including public relations assistance.
• Risk – assessment and management services can help SMBs reduce the risk of future breaches.
  Try our data breach risk calculator to assess your business’s vulnerability to data breaches.
  With 10+ years of experience in the insurance industry, the author understands the unique challenges faced by SMBs in dealing with data breaches. Google Partner – certified strategies are used to recommend the most suitable insurance options for businesses.

FAQ

What is EPLI and why is it important for SMBs?

EPLI, or Employee Practices Liability Insurance, safeguards SMBs from employment – related legal claims. According to the Equal Employment Opportunity Commission (EEOC), discrimination claims are on the rise. It covers issues like discrimination, wrongful termination, and harassment. Detailed in our [EPLI for SMBs] analysis, it helps prevent substantial financial losses from such claims.

How to choose the right cyber liability insurance for an SMB?

To choose suitable cyber liability insurance, SMBs should first assess their data – related, legal, and operational risks. As recommended by industry experts, regularly backing up data and having an incident response plan are crucial. Consider insurers that evaluate your cybersecurity measures favorably. Look into providers’ coverage for data breaches, legal fees, and business interruption.

Cyber Liability Insurance vs. Data Breach Response Insurance: What’s the difference?

Unlike data breach response insurance, which mainly focuses on covering incident – related expenses, providing business resilience support, and offering risk – assessment, cyber liability insurance has a broader scope. It covers data – related, legal, and operational risks associated with cyber incidents, including lawsuits and business interruption. SMBs may need both for comprehensive protection.

Steps for getting favorable underwriting terms for D&O insurance?

SMBs can take several steps to get favorable D&O insurance underwriting terms. First, maintain accurate financial records, as a company’s financial stability impacts coverage. Second, develop a solid risk management plan, which includes regular cyber risk assessments and staying updated on regulations. Finally, work with an experienced insurance broker. As recommended by industry standards, these steps can improve your chances.