Thanks to hackers, cyber attacks, and malware, cyber insurance is now one of the fastest growing insurance segments in the insurance industry today with growth expected to reach $28.60 billion by 2026. And while large companies are more likely than small companies to purchase insurance coverage, it’s the smaller businesses that have caught the attention of insurance companies. Small businesses not only comprise a large pool of businesses without any cyber insurance, but in the world of insurance, they’re also perceived as low risk or safe. But are they low risk? Are they safe?
Cyber crime is a big threat to small businesses
The reality is that small businesses are anything but safe. In fact, they are relentlessly targeted by hackers and face the same types of cybersecurity threats as larger businesses. Last year, more than half of all (53%) small and medium-sized businesses (SMBs) suffered a security breach. Compounding the problem is that only 14 percent of SMBs say they have the ability to mitigate cyber threats and attacks. And cyber attacks are devastatingly costly. On average they cost small businesses $80,000, but that figure can easily range up to $1 million, and when compared to the largest companies, the financial impact of cyber attacks is disproportionately high for small businesses.
The sooner the better
Obviously, small businesses need to do their part in beefing up their cybersecurity posture and they need to do it yesterday. However, they rarely have the budget or in-house IT expertise to do so, which unfortunately leaves them exposed and vulnerable to cyber attacks. The sooner the insurance industry acknowledges this, the sooner they can start to help small businesses improve their cybersecurity posture.
One way insurance companies can help is by sharing their risk management expertise and by providing valuable advice about how to stay cyber secure. That help should include recommendations for data safety and awareness training. Awareness training is critical to business security; in 2019, 46% of all business cybersecurity issues were a result of human error. Fortunately, small businesses can greatly minimize this area of vulnerability with the right cybersecurity awareness programs. These programs teach employees how malware spreads, how to recognize cyber risks, how to make their devices secure, and what to do in the event of an attack. Their goal is to teach employees the best cybersecurity practices as well as how to spot a phishing attack or other type of cyber attack, and how to respond when confronted with an attack.
Tech and Tools
Of course, technology and digital tools are also necessary for a strong cybersecurity posture, so as part of the effort to share their risk management expertise, insurance companies should also help businesses understand the technology that can help them become more secure such as password managers and antivirus solutions. For example, businesses should be advised about installing an advanced endpoint security solution. Endpoint security solutions can detect and remove malware and respond to threats at all endpoints. They can also centrally manage all of a business’ devices, assure uniform software updates, manage user privileges, and much more. In fact, an endpoint antivirus solution is what makes all of these security control measures possible.
And the coverage
In addition, insurance agencies need to step up their game regarding the cybersecurity coverage they offer to small businesses. Often, when small businesses finally do purchase cyber insurance, they encounter limits that are considerably lower than the limits set for other types of risks and the policies are provided at significantly higher premiums. Furthermore, these policies often lack coverage for reputational damage, theft of intellectual property and other losses, which small businesses are usually unable to absorb.
Acknowledging the truth
The insurance industry has an important role to play in the mitigation of the costs incurred from breaches or attacks. By acknowledging that small businesses are in fact greatly at risk and exposed, insurance companies can start to provide the services and support that small businesses need to mitigate and respond to risks and to become more resilient. However, small businesses need to step up their cybersecurity game too. At the end of the day, while cybersecurity insurance is important, its purpose is to cover the costs of an attack, not to prevent one from occurring. Small businesses, therefore, need to do their share of the heavy lifting by following the risk management expertise and recommendations that insurance companies share with them.