While small businesses might feel they are too small to be a victim of a cyber-attack, that is not the case and cyber insurance should no longer be seen as a luxury.
Two thirds of leaders at small and medium-sized businesses believe their company is too small to be hit by a cyberattack, according to a report from the 2019 SMB Cyberthreat Study. While they might feel they are not at risk, they are actually a prime target. A report from Verizon claimed that 43% of attacks were aimed at SMEs. An even more shocking statistic from Hiscox claims that one small business in the UK is successfully hacked every 19 seconds. In just one day, there are believed to be 65,000 attempted hacks into SMEs, of which, 4,500 are successful.
This is not to say that only SMEs should put more emphasis on their cybersecurity. Threat levels are high for all types of businesses and the pandemic has only increased the risk. In 2020, 70% of UK financial services companies said they had suffered a cyber-attack, according to a report from Ponemon Institute. While financial services appear to have targets set on them, all organisations are at risk. A report from Carbon Black states that up to 88% of UK companies reported a breach in the past 12 months.
These stats paint quite the dismal picture of the situation, but it highlights how big of a priority cybersecurity should be for companies. KYND co-founder and CEO Andy Thomas, said, “Now more than ever, organisations are at risk and should look to prioritise cyber risk management and cyber insurance to help mitigate these risks.”
The pandemic has brought a raft of new challenges for cybersecurity teams. Human error has always been a major problem for companies and ensuring their staff are well informed and not clicking suspicious links. With staff working remotely, it is much harder to monitor their operations and ensure they are not falling victim to phishing scams or other types of attacks. When the pandemic began, many firms had to accelerate their protections, however, it is not easy to ensure all staff members had adequate safeguards.
Thomas said, “Home working environments are unlikely to have the same level of sophisticated prevention that offices do and often relies on home Wi-Fi networks which are much easier to attack. Combine this with using personally owned devices, web conferencing platforms and remote access services that may not have been securely configured – means hackers have more vulnerabilities to exploit and are using them to administer attacks such as ransomware.” Criminals are well aware of the opportunities and exploiting remote workers was said to be the main cause for ransomware incidents during the pandemic, according to a Coalition report.
Despite the massive threat, very few businesses still have taken out cyber insurance. Thomas explained, “With cyber risks regularly topping the list as the biggest threat to organisations and the economic cost of cybercrime surpassing $7000bn in 2019 it’s surprising that less than 1% of this loss is insured and, in the UK, only 1 in 5 SMEs currently have cyber insurance.”
There are likely countless reasons why companies are not taking out this insurance. One highlighted by Thomas is that many SMEs might feel it is more of a luxury than a necessity. Given that two-thirds think they are too small to be a target of a cyber-attack, it makes sense they would not prioritise getting cover. This idea that they are too small to be a victim is what Thomas sees to be the main driver of not investing in cyber insurance.
Thomas believes many of these businesses think they do not hold valuable information or could afford a large ransom so why would a criminal waste time on them. Another cause for this mentality could be a lack of knowledge on incidents. Media coverage only focuses on attacks on big organisations and successful hacks on small businesses rarely make the news.
With the rise of threats and the amount of damage they can cause, whether it is financial, disruption or to the brand, it raises the question of whether cyber insurance should be made mandatory. Thomas said, “There’s certainly logic to the argument.”
A report from IBM claimed that on average, data breaches cost UK enterprises around $3.8m. For a lot of small businesses, which might not have a lot of capital to hand, being hit with a cyber-attack can be devastating and could even force them to close. Cyber insurance is a way of having a safety net and ensuring they are fine if a situation occurs.
Thomas concluded, “The value in cyber insurance really lies in the support it provides to businesses to lower their cyber risk profile and rapidly recover from any incident. An organisation may have all the best IT support available to run their day to day business but few have access to the specialised tools, skills and financial resources that are needed to reduce the likelihood of attack in the first place and to rapidly recover if an incident does occur.”
Copyright © 2018 RegTech Analyst