As cyberattacks continue to rise drastically and bring new levels of risk to organizations worldwide, more and more business leaders are looking to cyber insurance to help limit the impact a successful attack could have on their organization.

Cyber insurance is a financial product that covers the catastrophic effects of a data breach or other types of cyberattacks, such as ransomware. Just like other types of insurance, what cyber insurance plans cover varies from policy to policy. Often they cover things like data recovery and recreation, revenue loss from business interruption, loss of transferred funds, extortion, customer identity protection services, and more.

SMBs are particularly vulnerable to the high costs of a data breach, where the average costs of an attack are $8.64 million in the U.S. With that in mind, cyber insurance can provide an additional level of protection for organizations to survive the effects. However, a recent survey of small business owners found that most small businesses — 64 percent — are still not familiar with what cyber insurance is and what it can cover. That is despite the fact that 69 percent said they were concerned about being the victim of a cyberattack themselves in the next 12 months.

There may be many reasons for this. Cyber insurance has been around for some time but has only recently become popular due to the drastic increase in attacks over the past few years. Additionally, it is not required or commonplace for a business like many other types of insurance, such as worker’s compensation or health insurance, so an SMB may not be as familiar in their regular course of business.

The majority of those who purchased cyber insurance said it was due to either experiencing a cyberattack themselves or hearing about someone who had. Forty-eight percent, for instance, said that they purchased it after being a victim themselves, and 19 percent said it was after someone they knew was the victim of an attack. Meanwhile, 20 percent said they purchased it because of the overall high risk to their industry, and five percent said they did so after hearing about cyber threats in the media.

Aside from cyber insurance, SMBs invest in cybersecurity protections in other ways. Seventy-two percent said they had implemented cybersecurity precautions within their business, such as strong password policies, multi-factor authentication, data encryption, or purchased cybersecurity software. Sixteen percent said they have also implemented cybersecurity training for employees. While this is encouraging, 28 percent said they had not implemented any form of cybersecurity protocols at all (a concerning number).

For those investing in these basic protections for their business, cyber insurance can be a logical complement to cover the business in the event (or arguably, inevitable situation) that hackers bypass their defenses. In doing so, an SMB can ensure their business is prepared to persist through any attack and continue delivering their valued products and services to customers for years to come.