Marc runs a growing dental practice just outside downtown Dallas. Great team, solid reputation, steady flow of patients. On paper, things are going well. But when we spoke last week, he wasn’t asking about insurance premiums or his policy limits. He was asking about ransomware attacks.
With all the world tension lately, Marc had been hearing about foreign, state-sponsored hackers and cyber attacks on the news. He told me, “I’ve got patient personal data, HIPAA requirements, and payment info. If something happens to my systems and there is a data breach, I’m in trouble.” And he’s right.
Most Texas small business owners I talk to still think this kind of thing only happens to the big guys. But that’s not how it works anymore. Today’s hackers don’t need to break into a bank or a tech company. They look for businesses like Marc’s for their phishing or ransomware attacks. Local, busy, with just enough valuable data to make it worth the squeeze.
If you own a dental practice, medical office, or really any small business in Texas that stores sensitive client info, this is something you need to pay attention to — especially when it comes to your insurance coverage.
Let’s walk through three things Marc learned that every business owner in his shoes needs to know.
1. Foreign Hackers Are Going After Smaller Businesses In Texas
The jerks doing these phishing attacks aren’t just bored teenagers or small-time crooks. Many of them are part of organized groups overseas. Russia, China, Iran, North Korea. Those foreign governments give them a safe haven to operate, and their job is to find soft targets in the U.S. and break in.
What’s a soft target? A business with client data, email access, and billing systems that can be locked up or sold off. Dental and medical practices are high on that list due to the treasure trove of patient info for a data breach.
When hackers find one, they don’t send a warning, they create a social engineering attack. They use that to encrypt your data, shut down your access, and throw up a screen demanding thousands of dollars in cryptocurrency if you ever want to see your files again.
They don’t care if you’re a local dentist or a national company. If you’re easier to break into than someone else, that’s enough.
2. Many Insurance Policies Won’t Cover Attacks From Foreign Actors
Marc assumed his business insurance provider had him covered. He figured that between his property, liability, and malpractice insurance policies he was protected. But if you don't have a cyber insurance policy specifically, you have no protection from cyber extortion if an event occurs to your business.
But it gets worse from there. Marc was worried about cyber attacks tied to foreign governments or “state actors”. These are often excluded under standard cyber coverage that might be included in your business owners policy.
There’s fine print in many cyber insurance policies that says things like “war exclusion” , "cyber terrorism", or “nation-state exception.” That means if the cyber attack is believed to come from a government-backed group overseas, your insurer can deny the claim. As a result, it is important to understand what your dyber liability insurance does and does not cover.
With that said, proving exactly who hacked you is tricky. But the more headlines talk about Russian or Chinese groups being involved, the more cyber insurance providers start pointing to those exclusions.
I told Marc about the Merck case. They were hit with a cyber attack that produced malware infections. Most experts believed it came from Russian intelligence and their cyber liability insurance company tried to use the war exclusion to deny a claim worth over a billion dollars.
If they’ll do that to a company like Merck, imagine what they might do to a dental practice in Dallas.
3. Insurers Want Proof That You’re Protecting Your Business
Here’s the part most business owners don’t see coming. None of us think that the current cyber warfare will hit them. Especially some small business like Marc's dental practice in Dallas. But ignorance of a cyber event doesn't eliminate the cyber risk. And the cyber insurance companies recognize this.
Even if you do have a cyber insurance policy, many insurance carriers now expect you to take certain security measures before they’ll pay a claim. They want to know you’re not just leaving the computer "front door" unlocked and vulnerable to cyber events like data breaches, ransomware attacks, or phishing email scams.
That means your business better be working on cyber and email security with some basic tactics.
- You’re using two-factor authentication on your email and login systems
- Your team knows not to click shady links in emails
- You’re keeping regular backups
- You have antivirus and firewalls in place
- Your systems get updated, not ignored
If you can’t show that you’re doing the basics of cybersecurity awareness, your claim could be delayed, reduced, or flat-out denied. Not having legal counsel or protection for business interruption losses due to cyber events could destroy what is currently your thriving business.
Marc had a decent IT setup, but a cyber assessment still found a few things he needed to tighten up. Nothing crazy. No big tech overhaul. Just smart moves that show you’re taking cyber security measures seriously.
The Bottom Line For Small And Medium-Sized Businesses In Texas
Marc’s concerns about cyber insurance were spot-on. With today’s threats of cyber events, especially from overseas, it’s not a matter of if you’ll be targeted. It’s just a matter of whether your systems are ready, and whether your cyber insurance policy will actually help when you need it most.
Cyber insurance isn’t something to guess about. And relying on an old policy that wasn’t built for today’s threats is like locking the front door but leaving the back gate wide open.
If you’re not sure where your business stands, we can help. Just like we did with Marc.
True Texas Cyber Insurance has a cyber risk check-up built into the risk assessment process and will walk us through your current protection. From there, it will highlight any gaps, and show you exactly what needs to be improved. It’s fast, it’s clear, and it gives you real answers. And most importantly, it helps us our independent agents secure the right cyber coverage for your business.
Click the button below to get your personalized cyber risk assessment today.
FAQ - Frequently Asked Questions