Cyber insurance is now a necessity and not a luxury for organizations
Various industries across the globe are dangerously vulnerable to cyberattacks. While attacks on high-profile targets like airlines, hospitals, and retailers typically make the headlines, analysts are sounding the alarm on the rising number of cybercriminals targeting smaller firms — especially those with close links to big corporations.
Insurance specialists, Beazley PLC has revealed that over 60% of the ransomware attacks the company documented in 2019 were targeted towards small and medium-sized enterprises (SMEs).
Meanwhile, report by anti-malware software company Emsisoft estimated that ransom demands in Canada totalled between almost US$65 million to nearly US$260 million last year. When downtime costs were factored in, the impact was between US$440.1 million and US$1.76 billion — or $2.3 billion in Canadian figures.
SMEs are vulnerable to a range of cyberattacks as criminals are increasingly eager to take advantage of a company’s technical weaknesses and their employees. This is especially true in the current climate where a disparate workforce is commonplace. Bad actors can attempt to infiltrate to find any personal information on customers, including their email addresses and credit card details to commit fraud, or even sell their personal information on the dark web.
Research has also suggested cybercriminals view SMEs as possible entry points to gain access to the network of a larger company. Often, the damage and recovery costs of businesses having to deal with the aftermath of malicious attacks leads to not only plummet productivity, but in some cases, to deteriorating trust between firm and clients.
Aware of the ‘inevitable’, SMEs are looking to have cyber insurance that can help cushion the blow of an attack.
A new survey found that while companies of all sizes plan to inject more funding into cyber insurance, SMEs are earmarking more of their budgets for cyber insurance in the coming years as compared to large companies.
All cyber insurance policies are different and cater to each policyholder’s specific needs, which is one reason it is important to understand what an individual policy covers. Some coverages include regulatory defence expenses, security breach remediation and notification expenses, forensic investigation and data restoration expenses, and business interruption coverage, among others. The Leger poll, however, showed than more than one-third of respondents didn’t know what expenses were covered in a cyber insurance policy.
The survey results show a troubling protection gap, considering nearly one in five SMEs (18%) polled have been affected by a cyber attack or data breach in the past two years (42% of those with 100 to 499 employees have suffered a data breach during this timeframe). Thirty-seven per cent of businesses hit by a data breach estimate the attack cost them over $100,000 while 20% had no idea of the cost of the breach.
And while smaller organizations may think that larger organizations are more vulnerable because they move larger amounts of money, smaller organizations are less likely to have sophisticated systems and controls in place to prevent this kind of fraud from occurring. A typical scam involves finding out on Facebook that the company’s CEO is away from the office on vacation, then using the CEO’s email address to order a financial department head to wire money to a false account controlled by the cybercriminal.
On average, close to half — about 45% — of businesses expect to experience a security breach over the next year. Hence, equipping themselves with cyber insurance is another means of added security.
“Cyber breaches are no longer an ‘if’ scenario but rather a ‘when’ scenario. Cyber insurance is becoming increasingly popular for SME organizations that want to protect their assets and accelerate the response and recovery process in the aftermath of a cyber incident.