Rising Cybercrime Means SMEs Should Seek Cyber Insurance
The cost of living, energy security and prices, and interest rates all rising rapidly may have dominated the news over the past year, but for businesses, the increasing incidences of cyberattacks as well as the associated costs of dealing with them can be added to their list of challenges, putting an unwanted and insidious strain on their operations.
Unfortunately, the slowing global economy has not been mirrored in a slowdown in cybercrime. For all businesses, cyber risk is now a part of everyday life and cyber costs must be factored into running a business.
Small and medium-sized enterprises (SMEs) may not have the resources to deal with this, so external support and in particular, insurance, have a role to play.
Usage and demand for technology has never been greater. The increasing levels of connectivity, such as the introduction of 5G to support the Internet of Things (IoT), has resulted in growing cyber threats to businesses; greater interconnectivity means that the attack surface of organisations has increased dramatically.
During the pandemic, cyber criminals were able to target misaligned networks amid the growth in hybrid working.
Cyberattacks worldwide rose 125% though 2021, a trend that continued in 2022 – fuelled dramatically by Russia’s invasion of Ukraine. Since Russia launched its invasion, Kremlin-based or Kremlin-backed phishing attacks against email addresses of European and US-based businesses have increased eight-fold.
However, despite cybersecurity being mission-critical for many businesses, concerns about recession in the second half of 2022 have caused companies to hunker down and take much tighter control of their budgets. This often means a longer approval process and more drawn-out negotiations with vendors, even for important software products such as cybersecurity. Hence it is important for companies to balance cost and security to create an effective cyber resilient strategy.
The Rising Cost Of Cyber Attacks On Businesses
While the cost of precautionary measures, such as cyber insurance, can be high, failure to have these measures may have existential consequences for some businesses - research shows that 60% of SMEs go under within six months of a cyber attack.
The cost of attacks on businesses is even higher than the cost of cyber resilience. IBM’s Cost of Data Breaches Report puts the average cost of a data breach at $4.35 million, up 2.6% on the previous year, and up 12.7% from 2020. The report said breaches involving remote working pushed up the average cost by around $1 million.
If the cost of recovery isn’t bad enough, companies face a maximum fine of £17.5 million or 4% of annual global turnover - whichever is greater - for any infringement of data protection guidelines or rights of individuals.
Given the risks, costs and recovery time, which can be up to a year on average, the case for implementing protective measures is compelling.
Insurance with the accompanying risk assessments provides a way to mitigate the risks and penalties for not taking the right precautions. Therefore, it is important for businesses to recognise cyber risk as a business risk, not just an IT one.
Insurance Has A Key Part To Play
Cyber insurance is essential in helping an organisation get back on its feet. Having insurance can help protect a company’s reputation and brand, and provide the expertise to manage cyber incidents, such as ransomware and data breaches. As well as minimising business disruption and providing financial protection during an incident, cyber insurance may also help with subsequent legal and regulatory actions.
However, cyber risk insurance premiums are rising. This is not just due to the rising number of cyber-attacks, but also because of increased demand and a reduction in supply of insurance capacity. As in 2022, insurers will continue to focus on tighter risk selection, a more rigid approach to adopting policy changes, and higher rate and premium rises, so businesses looking to buy insurance will need to prove the adequacy of their cyber security controls.
To ensure those controls are in place, SMEs can draw on the expertise of specialists in this field. At Resilience, for example, the strategy is to first implement more straightforward protection measures, such as ensuring the latest software and system security updates are installed and having some form of endpoint detection and response (EDR) Network visibility and security, before moving on to more sophisticated cyber risk management processes.
For a business to be cyber resilient, it is crucial that they balance security with capital allocation. While companies should not limit their investment in cyber insurance, it is important that they do not spend outside of their budget needlessly. Cyber risk quantification tools can help companies model how they can spend sensibly while having the most effective risk protection according to their resources.
Finally, 82% of security breaches involve human error, making staff training vital. Furthermore, other ways to reduce human-related risks can include Multi-Factor Authentication, email authentication protocols and the Principle of Least Privilege (PoLP).
Cyber resilience should be part of the planning process for any business. Without a clear cyber resilience strategy, the reputation, if not operations, of an entire company could be jeopardised. By balancing cybersecurity costs with the effectiveness of cyber risk strategies, businesses can ensure they are best placed to adapt to rising costs as well as rapidly developing tech.
Simon West is Head of Cyber Advisory at Resilience
You Might Also Read:
Cyber Security Tools For Your Small Business:
___________________________________________________________________________________________
If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.
- Individual £5 per month or £50 per year. Sign Up
- Multi-User, Corporate & Library Accounts Available on Request
- Inquires: Contact Cyber Security Intelligence
Cyber Security Intelligence: Captured Organised & Accessible