Small business owners often believe they're flying under the radar of cybercriminals, but the...
.png?width=1376&height=768&name=user-gen-media-assets.s3.amazonaws.com%20(2).png)
When Iranian-linked hackers wiped out over 200,000 systems at Stryker Corporation in a single night, it wasn't a movie plot — it was a real event that unfolded in March 2026 and sent shockwaves through the business world. Stryker, a $25 billion medical device company with 56,000 employees across 79 countries, went from full operations to a global standstill before most people had finished their morning coffee.
If it can happen to them, it can happen to any business.
What Actually Happened to Stryker
Around midnight on March 11, 2026, Stryker employees started watching their computer screens go dark — one system at a time. Workers scrambled to unplug machines trying to save what data they could. In some offices, as many as 95% of devices were wiped clean. By morning, the company had reported a "global network disruption" to its entire Microsoft environment.
The group behind the attack, Handala — a pro-Iranian digital activist group — claimed responsibility, saying it extracted 50 terabytes of data and wiped more than 200,000 systems, servers, and mobile devices. Whether those numbers are fully verified or not, the damage was undeniable: manufacturing stopped, shipping halted, and order processing ground to a halt.
Stryker's stock fell nearly 9% in the days following the attack, trading near its 52-week low. For a company with a $132 billion market valuation, that kind of drop represents billions of dollars in lost market value — almost overnight.
The company's official response acknowledged it could not yet determine when systems would be fully restored. The financial impact? Still being calculated.
This Is Not a Fortune 500 Problem — It's Every Business Owner's Problem
The Stryker attack gets headlines because of its scale. But the same tactics used against billion-dollar corporations are used against businesses your size every single day.
In fact, small and mid-sized businesses are frequently targeted because they tend to have fewer cybersecurity resources. In 2025, 75% of small and mid-sized businesses reported they could not continue operating if hit with a ransomware attack. The average cost to recover from a cyberattack sits around $120,000 — and that's before you factor in legal costs, regulatory fines, or reputational damage.
What made the Stryker attack particularly damaging wasn't ransomware — it was a wiper attack. Instead of locking data and demanding payment, the attackers simply destroyed it. There was no ransom to negotiate, no key to purchase — just permanent data loss and a scramble to rebuild from scratch. That kind of attack can be even more destructive because there's no clear end point to the crisis.
Think about what that would mean for your business. Your customer data, your financial records, your operational systems — gone. No warning. No negotiation. Just disruption.
What Cyber Liability Insurance Actually Covers
Cyber liability insurance exists specifically to address these scenarios — and it covers far more than most business owners realize.
Here's what a solid cyber policy can do for you when something goes wrong:
- Business interruption income — If a cyberattack forces you to shut down operations, a policy can replace the income lost during that downtime and cover the extra expenses of getting back up and running.
- Data recovery and restoration — Whether your data is stolen, corrupted, or wiped entirely, cyber coverage can pay for the cost of recovering and rebuilding your digital assets.
- Forensic investigations — After an attack, you need to understand what happened, how it happened, and what was accessed. Forensics teams don't come cheap, and cyber insurance covers that.
- Legal fees and regulatory penalties — If customer data was exposed, you may face lawsuits and government fines. Cyber insurance covers your legal defense and regulatory costs.
- Notification and crisis management — You're often legally required to notify customers about data breaches. Your policy can cover those notification costs, credit monitoring services, and even public relations support to manage reputational fallout.
- Cyber extortion — If a hacker demands ransom to unlock your systems or return your data, some policies cover ransom negotiations and payments.
What many businesses don't consider is that a standard general liability or commercial property policy won't cover any of this. Cyber risk requires its own coverage — and waiting until after an attack to figure that out is too late.
The Stryker Wake-Up Call for Businesses
Whether you're running a manufacturing operation in the Des Moines metro or managing a professional services firm in the Greater Houston area, your exposure to cyber threats is real and growing. Every business that handles customer data, processes payments online, or relies on cloud-based software carries cyber risk.
Think about the businesses across Central Iowa — distributors, healthcare providers, financial services firms, construction companies — all running on connected systems. Or the Houston market, where energy, logistics, and professional services firms handle sensitive data daily. A cyberattack on any one of them would disrupt not just operations, but the clients and vendors they serve.
The Stryker situation shows that even a company with massive resources and IT infrastructure can be brought to its knees. For businesses paying over $100,000 annually in insurance premiums, the stakes of leaving cyber exposure unaddressed are especially high — the gap between covered and uncovered losses could be catastrophic.
What to Look for in a Cyber Insurance Policy
Not all cyber policies are built the same way. When evaluating coverage, there are a few things worth paying attention to:
The policy should cover both first-party losses (your own financial damage) and third-party liability (claims from clients or customers whose data was affected). You want coverage for business interruption that kicks in even when the attack originates from a third-party vendor — because your exposure doesn't stop at your own network.
You'll also want to ask about wiper attacks and destructive malware specifically. As the Stryker attack demonstrated, ransomware isn't the only threat — and some older policies may not explicitly address data destruction events where there's no ransom demand.
Finally, pay attention to sublimits. Some policies carry reduced coverage caps on specific types of claims like social engineering fraud or system failure. Understanding exactly what's covered — and what isn't — before a claim happens is the whole point of working with a risk advisor who knows this space.
Frequently Asked Questions
Does my general liability policy cover a cyberattack?
Almost certainly not. Standard commercial general liability policies typically exclude cyber-related losses. Cyber liability insurance is a separate, standalone coverage designed specifically for digital threats.
Do I need cyber insurance if I'm a small business?
Yes. Small businesses are frequently targeted because attackers assume weaker security defenses. With the average recovery cost sitting around $120,000, a single attack can permanently close a small business that isn't insured.
What if I already have an IT team or cybersecurity tools in place?
Technology controls reduce your risk, but they don't eliminate it. The Stryker attack hit a company with far more IT resources than most businesses will ever have. Insurance is what bridges the gap between prevention and recovery when prevention isn't enough.
What types of businesses benefit most from cyber coverage?
Any business that handles customer data, processes online transactions, relies on cloud-based software, or operates in regulated industries — healthcare, finance, legal — should carry cyber insurance. In practice, this describes most modern businesses.
Is cyber insurance expensive?
The cost varies based on your revenue, industry, and existing security controls. But compared to the average $120,000 recovery cost — or the potential multi-million dollar losses from business interruption — a well-structured policy is typically one of the most cost-efficient risk transfers available.
Talk to Risk Advisors of Iowa About Cyber Coverage
The Stryker attack is a reminder that no business is too sophisticated, too large, or too well-protected to face a catastrophic cyber event. For businesses in Iowa and the Greater Houston area that are serious about protecting what they've built, cyber liability insurance isn't a luxury — it's a foundational part of your risk management strategy.
If your business is paying over $100,000 a year in insurance premiums and cyber isn't part of the conversation, that's a gap worth fixing now. At RAI, we work directly with business owners to evaluate cyber exposure, identify coverage gaps, and place policies that actually respond when you need them to.
Reach out to us today to schedule a cyber risk consultation. One conversation could mean the difference between a recoverable incident and a business-ending one.
