As the threat of cyberattacks continue to loom overcorporations across the globe, small to midsized businesses arestill sitting on the sidelines when it comes to purchasing cyberliability insurance policies despite the ominous warning signs.

The overall frequency of data breaches continues to riseaccording to a global analysis from IBM released in June. Whileit’s the large scale breaches, such as Sony, The Home Depot andTarget that make headlines, hacks targeting smaller businesses arealso growing in regularity.

Symantec’s 2016 Internet Security Threat Report revealedthat 43 percent of phishing campaigns targeted small businesses in2015, up from 34 percent in 2014. However, only 5 percent of smallbusinesses recently surveyed by Endurance International Group indicated theycarry a cyber liability insurance policy.

As evidenced by the big breaches of the past few years, we knowthe negative impact of a data breach can be devastating. It’s hardto understand why small businesses across the globe continue tooverlook their cybersecurity and cyber insurance needs. However, asinsurance agents, it’s our responsibility to find a way toarticulate the necessity of a cyber liability policy.

The largest barriers preventing small business owners frompurchasing a policy revolve around a misunderstanding of theirperceived threat, what’s covered, and the reasonable pricing. Takethe time to explain every factor at play and how the cost of thepolicy will be well worth the investment should a data breach occur— because it’s only a matter of time before you receive a phonecall from a client asking you if they’re covered.

Although attempting to sell these policies to businesses withsmaller budgets can appear to be a daunting task, here are a fewtactics to help small to midsized business owners understand how apolicy could save their company.

1. Show them the money

A significant data breach can cripple a small company’s balancesheet and potentially put the firm out of business altogether.According to the IBM study, the average cost of a data breach isapproximately $4 million and the average cost per lost or stolenrecord in the U.S. is $221. If your prospect is wondering whyreacting to a data breach is so expensive, insurance agents mustclearly delineate every significant cost associated with abreach.

Related: 6 categories of questions you'll be asked whenappplying for cyber coverage

After a data breach is identified, the affected company willneed to hire a computer forensics firm to look at its computers andidentify where the hack occurred. After that, 47 states in the U.S.require businesses by law to notify and provide credit monitoringfor every individual affected in the event of a databreach. The business also must hire a legal consultant and shouldconsider engaging a public relations firm to help notify customersand manage the company’s reputation.

On top of all of this, regulatory fines and penalties can alsobe handed down by state legislators. Third party lawsuits, anunfortunate reality when dealing with thousands of disgruntledcustomers, may also arise and can quickly rack up the expenses.

Considering that each cost described here is covered in a basiccyber liability policy, purchasing this coverage could belifesaving to a small to midsized business.

2. Put the ‘It’s too expensive’ argument to bed

After hearing about the extensive and potentiallybusiness-saving cyber liability coverages, a potential buyermight wonder how much a policy will cost. In our experience, cyberliability is actually fairly inexpensive relative to otherinsurance needs.

For a business with approximately $5 million in annual revenue,a comprehensive policy covering the expenses outlined will cost thecompany approximately $5,000 per year; for a company with $8million in revenue, the cost is approximately $7,000 per year. Thispolicy will be far from the company’s most expensive insurancecost, and, considering the extensive coverages, it will be wellworth having in the event of a breach.

3. Dispel the misconception around cloud-storeddata

Many small businesses believe that if customer data is stored inthe cloud, they won’t be culpable should the information becompromised. This is a common misconception, as most cloudproviders have hold-harmless agreements in place with theircustomers. These agreements release the cloud provider fromliability in the event of a data breach.

In this event, the bill for all costs related tonotification, credit monitoring, litigation, forensics and othercosts related to a breach, will ultimately fall to the consumerfacing small business.

4. Compare security measures to larger companies

Considering that most of the headlines making national newssurrounding data breaches involve massive, multinational companies,many business owners think hackers won’t bother with their smallfirm. However, as we mentioned earlier, this is not the case. Agrowing number of phishing and other hacking techniques aretargeting smaller businesses.

Smaller businesses are also often more susceptible to an attackthan larger enterprises. With so many areas of vulnerability,including stolen laptops, computers or other computer storagedevices, backup tapes lost in transit, employee theft, internalsecurity failures, viruses, Trojan Horses, computer securityloopholes and improper eradication of information, it can beincredibly difficult for a small business to keep every potentialentry point protected.

Big companies with large IT staffs have the resources to trainemployees as well as implement cybersecurity measures that candramatically reduce the likelihood of a successful attack. Forsmall companies, cyber security simply isn’t seen as a priority,which can result in a higher susceptibility to attack.

Although all businesses should take some level of proactivepreventative measures, a cyber liability policy can at a minimumstop the financial bleeding after an attack.

Related: Navigating the cyberinsurance maze: Inside theobligations and caveats

Harris Tsangaris is the vice president of corporatedevelopment at New York-based NFP, an insurance broker andconsultant that provides employee benefits, property &casualty, retirement and individual private client solutions forclients across the United States, United Kingdom and Canada. He canbe reached at [email protected].