Rising Cybercrime Means SMEs Should Seek Cyber Insurance

The cost of living, energy security and prices, and interest rates all rising rapidly may have dominated the news over the past year, but for businesses, the increasing incidences of cyberattacks as well as the associated costs of dealing with them can be added to their list of challenges, putting an unwanted and insidious strain on their operations. 

Unfortunately, the slowing global economy has not been mirrored in a slowdown in cybercrime. For all businesses, cyber risk is now a part of everyday life and cyber costs must be factored into running a business.

Small and medium-sized enterprises (SMEs) may not have the resources to deal with this, so external support and in particular, insurance, have a role to play. 

Usage and demand for technology has never been greater. The increasing levels of connectivity, such as the introduction of 5G to support the Internet of Things (IoT), has resulted in growing cyber threats to businesses; greater interconnectivity means that the attack surface of organisations has increased dramatically. 

During the pandemic, cyber criminals were able to target misaligned networks amid the growth in hybrid working.

Cyberattacks worldwide rose 125% though 2021, a trend that continued in 2022 – fuelled dramatically by Russia’s invasion of Ukraine.  Since Russia launched its invasion, Kremlin-based or Kremlin-backed phishing attacks against email addresses of European and US-based businesses have increased eight-fold. 

However, despite cybersecurity being mission-critical for many businesses, concerns about recession in the second half of 2022 have caused companies to hunker down and take much tighter control of their budgets. This often means a longer approval process and more drawn-out negotiations with vendors, even for important software products such as cybersecurity.  Hence it is important for companies to balance cost and security to create an effective cyber resilient strategy.

The Rising Cost Of Cyber Attacks On Businesses

While the cost of precautionary measures, such as cyber insurance, can be high, failure to have these measures may have existential consequences for some businesses - research shows that 60% of SMEs go under within six months of a cyber attack. 

The cost of attacks on businesses is even higher than the cost of cyber resilience. IBM’s Cost of Data Breaches Report puts the average cost of a data breach at $4.35 million, up 2.6% on the previous year, and up 12.7% from 2020. The report said breaches involving remote working pushed up the average cost by around $1 million.  
If the cost of recovery isn’t bad enough, companies face a maximum fine of £17.5 million or 4% of annual global turnover - whichever is greater - for any infringement of data protection guidelines or rights of individuals.

Given the risks, costs and recovery time, which can be up to a year on average, the case for implementing protective measures is compelling.

Insurance with the accompanying risk assessments provides a way to mitigate the risks and penalties for not taking the right precautions. Therefore, it is important for businesses to recognise cyber risk as a business risk, not just an IT one. 

Insurance Has A Key Part To Play

Cyber insurance is essential in helping an organisation get back on its feet. Having insurance can help protect a company’s reputation and brand, and provide the expertise to manage cyber incidents, such as ransomware and data breaches. As well as minimising business disruption and providing financial protection during an incident, cyber insurance may also help with subsequent legal and regulatory actions. 

However, cyber risk insurance premiums are rising. This is not just due to the rising number of cyber-attacks, but also because of increased demand and a reduction in supply of insurance capacity. As in 2022, insurers will continue to focus on tighter risk selection, a more rigid approach to adopting policy changes, and higher rate and premium rises, so businesses looking to buy insurance will need to prove the adequacy of their cyber security controls.

To ensure those controls are in place, SMEs can draw on the expertise of specialists in this field. At Resilience, for example, the strategy is to first implement more straightforward protection measures, such as ensuring the latest software and system security updates are installed and having some form of endpoint detection and response (EDR) Network visibility and security, before moving on to more sophisticated cyber risk management processes.

For a business to be cyber resilient, it is crucial that they balance security with capital allocation. While companies should not limit their investment in cyber insurance, it is important that they do not spend outside of their budget needlessly. Cyber risk quantification tools can help companies model how they can spend sensibly while having the most effective risk protection according to their resources. 

Finally, 82% of security breaches involve human error, making staff training vital. Furthermore, other ways to reduce human-related risks can include Multi-Factor Authentication, email authentication protocols and the Principle of Least Privilege (PoLP).

Cyber resilience should be part of the planning process for any business. Without a clear cyber resilience strategy, the reputation, if not operations, of an entire company could be jeopardised. By balancing cybersecurity costs with the effectiveness of cyber risk strategies, businesses can ensure they are best placed to adapt to rising costs as well as rapidly developing tech.

Simon West is Head of Cyber Advisory at Resilience 

You Might Also Read: 

Cyber Security Tools For Your Small Business:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« New Russian Malware Targets Ukraine 
Quantum Computer Power Threatens Encryption »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Armadillo Sec

Armadillo Sec

Armadillo provide penetration testing and vulnerability assessment services.

GeoLang

GeoLang

GeoLang’s Ascema platform protects sensitive information at the content level by identifying, classifying and tracking data across the corporate infrastructure.

Intelligent Waves

Intelligent Waves

Intelligent Waves holds and manages contracts to provide an array of intelligence, operational, communications and IT support to the USG in austere, forward-deployed, hazardous duty environments.

Cybersecurity Advisors Network (CyAN)

Cybersecurity Advisors Network (CyAN)

CyAN provides a not-for-profit platform that helps private and public organisations as well as governments to identify trusted advisors in the area of Cyber Security and Cyber Crime.

FinCom.co

FinCom.co

FinCom.Co is the world’s first automatic AML/ KYC screening system, for comprehensive compliance.

InterVision

InterVision

InterVision is a leading Strategic Services Provider, assisting businesses in driving value and gaining a competitive edge by helping IT Leaders solve the most crucial challenges they face.

Beosin

Beosin

Beosin is a blockchain security company providing cybersecurity services including security audits, on-chain asset investigation, threat intelligence and wallet security.

Japan Cybersecurity Innovation Committee (JCIC)

Japan Cybersecurity Innovation Committee (JCIC)

JCIC is an independent and not-for-profit thinktank to establish a secure and safe digital society.

Business Hive Vilnius (BHV)

Business Hive Vilnius (BHV)

BHV is one of the oldest startup incubator and technology hubs in the Baltics, primarily focused on hardware, security, blockchain, AI, fintech and enterprise software.

MyDocSafe

MyDocSafe

MyDocSafe is an all-in-one document security and e-sign software.

Secmation

Secmation

Secmation are an agile engineering services firm providing advanced DoD level security design and consultation services for both commercial and defense hardware and software applications.

NightDragon

NightDragon

NightDragon is a venture capital firm investing in innovative growth and late stage companies within the cybersecurity, safety, security, and privacy industry.

Valence Security

Valence Security

Valence manages and secures your Business Application Mesh by delivering visibility, reducing unauthorized access and preventing data loss.

DTS Systeme

DTS Systeme

DTS Systeme is an IT service provider with a focus on the core areas of datacenter, technologies and IT security.

Dr Web

Dr Web

Since 1992 the Russian anti-virus Dr.Web has been helping companies to keep their digital assets protected and operate in a secure digital environment.

Brennan IT

Brennan IT

For over 25 years, Brennan’s expert team has helped businesses achieve real success through innovative and secure technology solutions.

Occentus Network

Occentus Network

Occentus Network is a telecommunications service provider specialized in High Availability Servers & managed Cloud services.

Flare Systems

Flare Systems

Flare proactively detects and remediates exposure across the clear & dark web, providing organizations with the equivalent of an automated cyber reconnaissance team.