For SMBs, best IT security practices are important, but the final mile of good risk management is buying cyber liability insurance. The insurance market is soft right now, so buying coverage is a no-brainer.
Most SMBs are not dealing with the bare basics of loss prevention. At the very least, IT experts hope that SMBs will keep computer logs, so that in the event of a breach, it can be determined what the hackers saw and did with the data. SMBs also need a pre-incident plan and a post-incident plan to be ready in case a data breach happens.