Cyber threats don't wait for business hours. Every business owner with client data on their systems needs a plan and the right insurance coverage to back it up.
Most small business owners assume cyber insurance is for someone else: the big banks, the hospital systems, the tech giants that make headlines when they get breached. If that's what you think, this episode of Stimulus Tech Talk is worth your time.
Nathan Whittacre sat down with Jim Edington, co-owner of Western Pacific Insurance, to talk honestly about what cyber liability insurance actually covers, what it doesn't, and why so many businesses are underprotected without knowing it.
Cyber Attacks Don't Discriminate by Company Size
Jim has seen firsthand what happens when businesses find out too late what their insurance actually covered, and the pattern is consistent: small companies assume they're too small to be a target. They're not.
Hackers aren't hand-selecting victims based on revenue. They're running automated attacks across thousands of businesses at once, looking for open doors. A small professional services firm with 200 clients in a database is just as exposed as a regional bank, sometimes more so, because the security posture is weaker and the team is smaller.
The Ransom Is Often the Smallest Part of the Bill
Here's what often gets missed by business owners: when a cyber incident happens, the ransom demand is usually not the biggest line item. What adds up fast are the first-party costs:
- Forensic investigation to determine what happened and what was accessed
- Legal fees to navigate liability and regulatory requirements
- Client notification, which is legally required in most states and costs money on a per-recipient basis
- Credit monitoring for affected individuals
- Business interruption while systems are down or under investigation
If you have thousands of clients in your system and their data is exposed, you are required to notify each one. That process alone (the letters, the coordination, the legal review) can dwarf whatever a ransom demand would have been.
AI Is Now on the Insurance Questionnaire
One of the more forward-looking parts of this conversation: cyber liability applications are getting longer and more detailed, and AI usage is now showing up as a concern. Insurance companies are starting to ask how you're using AI tools and, critically, whether client data is being fed into them.
Jim notes that many agency owners he works with have made a firm decision: no client data goes into any AI system they don't fully control. If you're using public AI tools and pasting in client information, even casually, even once, that's a risk exposure your insurer may ask about directly.
Getting Coverage Is Getting Harder
A few years ago, getting a cyber liability policy meant filling out a one-page form. Today, applications can run 30 pages or more. Insurers are asking detailed questions about:
- Who has access to your systems and from where
- Whether remote or overseas workers can reach sensitive data
- What security controls and employee training you have in place
- Your incident response plan
This isn't gatekeeping. It's actually a useful forcing function. Going through the application process will surface gaps in your security posture that you'll want to know about before something goes wrong.
How to Think About the Cost
Jim's approach to the cost conversation is refreshingly straightforward. Rather than framing cyber insurance as a premium you pay and forget, he encourages business owners to actually inventory their risk:
- What sensitive data do you hold?
- How many clients are in your system?
- What would it cost to notify each of them if that data were exposed?
- What would a week of business interruption cost you?
When you run those numbers and compare them to an annual premium, the math tends to be clarifying. A high-deductible policy that you can actually afford is far better than no coverage. Paying $10,000 out of pocket beats paying $500,000 because you had nothing in place.
Listen to the Full Conversation
Jim Edington brings a perspective that's rare in the insurance world: he spent a decade on the claims side of the collision repair industry before joining Western Pacific Insurance, so he's seen what coverage gaps look like from the receiving end. That experience shapes how he talks to business owners about risk: direct, practical, and without the fear-mongering.
Watch or listen to the full episode on YouTube or your favorite podcast platform, and reach out to Jim and his team at Western Pacific Insurance if you want to take a closer look at your current coverage.
