It’s no surprise that data breaches and cyberattacks are on the rise. The Identity Theft Resource Center issued a press release in October of 2021 saying that the number of data breaches that had occurred in 2021 through September had already surpassed the number of attacks in all of 2020 — a year in which small businesses saw a 424% increase in cyberattacks.
What’s worse is that adversaries don’t discriminate and they’re using the same tactics against businesses big and small. That means that small and mid-sized enterprises (SMEs) are facing the same threats and risks without a big budget that would allow them to put a robust security program in place. So while many SMEs have no defense against hackers, others have taken alternative routes to find ways to protect their organization.
Risk management isn’t just about preventing an attack. It’s also about minimizing the extent to which an attacker can move through your environment and mitigating the damage should an attack occur. One way SMEs have historically done that is through cyber insurance which covers the financial impact of a cyberattack. However, cyber insurance offerings have changed significantly in the last few years, and SMEs are now struggling to get the appropriate coverage.
In this article, we’ll aim to answer the following questions:
At the highest level, cyber security insurance is a type of insurance businesses can purchase to cover any financial losses related to a cyberattack or data breach. It is often added to a business’s liability insurance policy.
Generally speaking, cyber liability insurance covers the costs associated with a cyberattack investigation, legal fees, data recovery efforts, regulatory fines, reparations paid to customers, computer system repairs, and any financial losses incurred due to a disruption to your business.
Cyber insurance generally does not cover any costs or profits lost due to reputational damage or any costs related to the loss of intellectual property. It should also be noted that many insurers won’t cover costs or financial losses related to nation-state attacks, since insurers claim these attacks are an act of war. This has led to cyber-insurers refusing to cover costs related to ransomware as some ransomware attacks are carried out by state-sponsored hacker attacks.
While a company can greatly benefit from cyber insurance coverage should an attack occur, it does nothing to protect that company from malicious actors. It’s simply a means of recouping some of the financial losses related to cyberattacks.
The short answer is yes. Nearly every business today is susceptible to cyberattacks. Bad actors are no longer targeting specific companies. They’re running automated attacks 24/7, scanning the internet for anyone who is vulnerable and willing to pay a ransom to get their systems back online. Any business big or small that collects or stores customer data, has an online presence, or uses email needs cyber insurance.
In many ways, cyber security insurance coverage is much like car insurance. You may be an excellent driver, but it’s important to have protection just in case someone else puts you in a compromising situation. Likewise, you may be taking all the necessary precautions, but it’s smart to have insurance because ransomware attacks are so prevalent, and the cost of these attacks can be catastrophic.
According to a report from IBM and the Ponemon Institute, the average cost of an insider threat compromise (the result of a negligent employee exposing the company to a data breach, for example) to small organizations was $7.68 million. Many businesses can’t recover from such a huge monetary loss. In fact, the National Cyber Security Alliance estimates that 60 percent of companies hit with a data breach go out of business within six months.
If these numbers aren’t convincing enough, having cyber insurance is increasingly being demanded by boards, counterparties and supply chain partners, because cyberattacks can have a big trickle-down effect. For SMEs looking for funding, lack of cyber insurance may cause prospective investors to view a company as too risky.
Not too long ago, cyber insurance was a fairly affordable add-on to liability insurance, and small businesses would essentially buy insurance (rather than building up actual cyber resiliency) to transfer the risk to insurers. This was a relatively cost-effective method given the price of hiring an entire security department.
However, that strategy has now backfired. Over the years, cyber insurance providers had to pay far too many ransoms, so they’re raising premiums significantly. As of the end of 2021, many cyber insurance premiums increased 50 percent or more with some quotes coming in closer to 100 percent higher than the previous year. This hike in cost has made it extremely difficult for SMBs to buy cyber insurance.
Tired of paying ransoms for companies that had no security protocols, insurers are now requiring businesses large and small to have key controls in place, like ransomware protection, to secure coverage. So, now, in addition to paying higher premiums, companies also need to meet a number of requirements and prove that they are resilient against a cyberattack in order to get cyber insurance.
To improve their security posture and obtain coverage from insurers, SMEs need to set up the appropriate controls, train employees on cyber security best practices, and invest in cybersecurity software. This isn’t something that happens overnight and is often best accomplished with the help of a full team of security experts who can provide the right guidance and insight.
Though small businesses have the option of building up an in-house team with the capabilities to improve the organization’s security posture, that can be a time-consuming and expensive process and isn’t a realistic solution. Instead, many choose to partner with a managed security service provider (MSSP).
An MSSP is a third-party team of security experts that can help you quickly and effectively improve your organization’s security posture and prove to insurers that you have the right controls in place. It is a more affordable and faster way of implementing a full set of security capabilities than building an in-house team from the ground up.
In addition to working with an MSSP to improve your cybersecurity and providing technical details to substantiate your organization’s resilience to cyberattacks, you should be prepared with your own perspective on two questions when approaching insurers:
Arming yourself with this information puts you in a stronger starting position as you’ll better understand your organization’s cyber insurance needs when considering coverage options.
Given the ever-increasing threat of cyberattacks—and the devastating costs associated with them—it is essential for businesses large and small to have cyber insurance. But in order to get coverage, you need to be resilient.
Insurers use specialized cyber analytics solutions — like the industry’s leader, CyberCube — which provide cyber risk exposure, security scores, and analytics that drive their cyber insurance underwriting and pricing decisions. Addressing the security signals that negatively impact your security posture can positively impact on your ability to obtain appropriate cyber insurance.
The SolCyber Insurance+ Program can set you up for success when it comes to applying for cyber insurance. SolCyber is not your average MSSP. We believe cybersecurity services should be available to every business, not just those that can afford to spend $1B on it. We offer amazing security, backed by approachable humans, at an incredible value.
If you’re planning to apply for cyber insurance, but first need to enhance your security posture, drop us a note to find out how we can help.
TAKE OUR 3-MINUTE CYBER INSURANCE RISK QUIZ AND FIND OUT YOUR RISK SCORE!
The small to mid-sized enterprise (SME) market is wildly underserved in the cybersecurity sector, opening up massive opportunities for Managed Security Service Providers (MSSPs), as well as Managed Service Providers (MSPs) who could benefit from offering stronger security services as part of their overall IT offering. Many MSPs are tempted to build out a security […]
The thought of the Rams going onto the field with the 49ers without first spending months practicing would be unheard of. And the same is true of responding to cyberattacks in a company. Firefighters do fire drills. Actors do dress rehearsals. And IT and security teams do tabletop exercises. Tabletop exercises are a low-stress rehearsal […]
We’re thrilled to have a guest blog contributed by one of our technology partners, Right-Hand Cybersecurity. Right-Hand is a group of mission-oriented individuals driven to shift the power away from the adversary and back into the hands of businesses. Enjoy the article! You may relate internet attacks with large organizations. However, cybercriminal activity affects businesses […]
By subscribing you agree to with our Privacy Policy and provide consent to receive updates from our company.
