Rising Cybercrime Means SMEs Should Seek Cyber Insurance

Uploaded on 2023-02-13 in TECHNOLOGY--Resilience, FREE TO VIEW, BUSINESS-Services-Financial

The cost of living, energy security and prices, and interest rates all rising rapidly may have dominated the news over the past year, but for businesses, the increasing incidences of cyberattacks as well as the associated costs of dealing with them can be added to their list of challenges, putting an unwanted and insidious strain on their operations. 

Unfortunately, the slowing global economy has not been mirrored in a slowdown in cybercrime. For all businesses, cyber risk is now a part of everyday life and cyber costs must be factored into running a business.

Small and medium-sized enterprises (SMEs) may not have the resources to deal with this, so external support and in particular, insurance, have a role to play. 

Usage and demand for technology has never been greater. The increasing levels of connectivity, such as the introduction of 5G to support the Internet of Things (IoT), has resulted in growing cyber threats to businesses; greater interconnectivity means that the attack surface of organisations has increased dramatically. 

During the pandemic, cyber criminals were able to target misaligned networks amid the growth in hybrid working.

Cyberattacks worldwide rose 125% though 2021, a trend that continued in 2022 – fuelled dramatically by Russia’s invasion of Ukraine.  Since Russia launched its invasion, Kremlin-based or Kremlin-backed phishing attacks against email addresses of European and US-based businesses have increased eight-fold. 

However, despite cybersecurity being mission-critical for many businesses, concerns about recession in the second half of 2022 have caused companies to hunker down and take much tighter control of their budgets. This often means a longer approval process and more drawn-out negotiations with vendors, even for important software products such as cybersecurity.  Hence it is important for companies to balance cost and security to create an effective cyber resilient strategy.

The Rising Cost Of Cyber Attacks On Businesses

While the cost of precautionary measures, such as cyber insurance, can be high, failure to have these measures may have existential consequences for some businesses - research shows that 60% of SMEs go under within six months of a cyber attack. 

The cost of attacks on businesses is even higher than the cost of cyber resilience. IBM’s Cost of Data Breaches Report puts the average cost of a data breach at $4.35 million, up 2.6% on the previous year, and up 12.7% from 2020. The report said breaches involving remote working pushed up the average cost by around $1 million.  
If the cost of recovery isn’t bad enough, companies face a maximum fine of £17.5 million or 4% of annual global turnover - whichever is greater - for any infringement of data protection guidelines or rights of individuals.

Given the risks, costs and recovery time, which can be up to a year on average, the case for implementing protective measures is compelling.

Insurance with the accompanying risk assessments provides a way to mitigate the risks and penalties for not taking the right precautions. Therefore, it is important for businesses to recognise cyber risk as a business risk, not just an IT one. 

Insurance Has A Key Part To Play

Cyber insurance is essential in helping an organisation get back on its feet. Having insurance can help protect a company’s reputation and brand, and provide the expertise to manage cyber incidents, such as ransomware and data breaches. As well as minimising business disruption and providing financial protection during an incident, cyber insurance may also help with subsequent legal and regulatory actions. 

However, cyber risk insurance premiums are rising. This is not just due to the rising number of cyber-attacks, but also because of increased demand and a reduction in supply of insurance capacity. As in 2022, insurers will continue to focus on tighter risk selection, a more rigid approach to adopting policy changes, and higher rate and premium rises, so businesses looking to buy insurance will need to prove the adequacy of their cyber security controls.

To ensure those controls are in place, SMEs can draw on the expertise of specialists in this field. At Resilience, for example, the strategy is to first implement more straightforward protection measures, such as ensuring the latest software and system security updates are installed and having some form of endpoint detection and response (EDR) Network visibility and security, before moving on to more sophisticated cyber risk management processes.

For a business to be cyber resilient, it is crucial that they balance security with capital allocation. While companies should not limit their investment in cyber insurance, it is important that they do not spend outside of their budget needlessly. Cyber risk quantification tools can help companies model how they can spend sensibly while having the most effective risk protection according to their resources. 

Finally, 82% of security breaches involve human error, making staff training vital. Furthermore, other ways to reduce human-related risks can include Multi-Factor Authentication, email authentication protocols and the Principle of Least Privilege (PoLP).

Cyber resilience should be part of the planning process for any business. Without a clear cyber resilience strategy, the reputation, if not operations, of an entire company could be jeopardised. By balancing cybersecurity costs with the effectiveness of cyber risk strategies, businesses can ensure they are best placed to adapt to rising costs as well as rapidly developing tech.

Simon West is Head of Cyber Advisory at Resilience 

You Might Also Read: 

Cyber Security Tools For Your Small Business:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« New Russian Malware Targets Ukraine 
Quantum Computer Power Threatens Encryption »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Via Resource

Via Resource

Via Resource specialise in Information and Cyber Security recruitment in the UK, Europe and USA.

RioRey

RioRey

The DDoS mitigation specialist, from single server to Enterprise wide carrier level networks the RioRey Solution provides effective immediate and easy to manage protection.

RCMP Cybercrime Strategy

RCMP Cybercrime Strategy

The RCMP Cybercrime Strategy sets out in an Operational Framework and Action Plan to combat cybercrime.

Atos

Atos

Atos provides a unique Cyber Security end to end solution with a data-centric and pre-emptive security approach.

CyberOne

CyberOne

CyberOne (formerly Comtact) offer a full stack cybersecurity service to ensure our customers understand the cyber maturity of their organisation.

GuardiCore

GuardiCore

GuardiCore is an innovator in internal data center security and breach detection and is transforming security inside data centers and clouds.

Synack

Synack

Synack provides a hacker-powered intelligence platform that uncovers security vulnerabilities that often remain undetected by traditional pen testers and scanners.

Trulioo

Trulioo

Trulioo is a leading global identity and business verification company providing secure access to data sources worldwide to instantly verify consumers and businesses online.

RackTop Systems

RackTop Systems

RackTop Systems is the pioneer of CyberConverged data security, a new market that fuses data storage with advanced security and compliance into a single platform.

Risk Ledger

Risk Ledger

Risk Ledger is improving the security of the global supply chain ecosystem, reducing the number of data breaches experienced through supply chain attacks by companies and consumers alike.

Communicate Technology

Communicate Technology

Communicate Technology are IT, telecoms and cyber-security specialists, keeping over 500 businesses and 50,000 users connected and secure across the UK.

Approov

Approov

Approov provides a comprehensive runtime security solution for mobile apps and their APIs, unified across iOS and Android.

Siometrix

Siometrix

Siometrix addresses digital identity fraud. It steals your attacker's time and prevents many prevalent attack vectors.

ARC Risk and Compliance

ARC Risk and Compliance

ARC Risk and Compliance is a consulting company comprised of a team of AML Specialists completely focused on anti-money laundering compliance and the technologies used to support compliance programs.

Fivecast

Fivecast

Fivecast is enabling a safer world. We help organizations around the world explore masses of data to uncover actionable insights.

Grypho5

Grypho5

Grypho5 offers managed packages to protect where threat actors strike most. We defend your infrastructure dynamically, leaving you to focus on other priorities.