Rising Cybercrime Means SMEs Should Seek Cyber Insurance

The cost of living, energy security and prices, and interest rates all rising rapidly may have dominated the news over the past year, but for businesses, the increasing incidences of cyberattacks as well as the associated costs of dealing with them can be added to their list of challenges, putting an unwanted and insidious strain on their operations. 

Unfortunately, the slowing global economy has not been mirrored in a slowdown in cybercrime. For all businesses, cyber risk is now a part of everyday life and cyber costs must be factored into running a business.

Small and medium-sized enterprises (SMEs) may not have the resources to deal with this, so external support and in particular, insurance, have a role to play. 

Usage and demand for technology has never been greater. The increasing levels of connectivity, such as the introduction of 5G to support the Internet of Things (IoT), has resulted in growing cyber threats to businesses; greater interconnectivity means that the attack surface of organisations has increased dramatically. 

During the pandemic, cyber criminals were able to target misaligned networks amid the growth in hybrid working.

Cyberattacks worldwide rose 125% though 2021, a trend that continued in 2022 – fuelled dramatically by Russia’s invasion of Ukraine.  Since Russia launched its invasion, Kremlin-based or Kremlin-backed phishing attacks against email addresses of European and US-based businesses have increased eight-fold. 

However, despite cybersecurity being mission-critical for many businesses, concerns about recession in the second half of 2022 have caused companies to hunker down and take much tighter control of their budgets. This often means a longer approval process and more drawn-out negotiations with vendors, even for important software products such as cybersecurity.  Hence it is important for companies to balance cost and security to create an effective cyber resilient strategy.

The Rising Cost Of Cyber Attacks On Businesses

While the cost of precautionary measures, such as cyber insurance, can be high, failure to have these measures may have existential consequences for some businesses - research shows that 60% of SMEs go under within six months of a cyber attack. 

The cost of attacks on businesses is even higher than the cost of cyber resilience. IBM’s Cost of Data Breaches Report puts the average cost of a data breach at $4.35 million, up 2.6% on the previous year, and up 12.7% from 2020. The report said breaches involving remote working pushed up the average cost by around $1 million.  
If the cost of recovery isn’t bad enough, companies face a maximum fine of £17.5 million or 4% of annual global turnover - whichever is greater - for any infringement of data protection guidelines or rights of individuals.

Given the risks, costs and recovery time, which can be up to a year on average, the case for implementing protective measures is compelling.

Insurance with the accompanying risk assessments provides a way to mitigate the risks and penalties for not taking the right precautions. Therefore, it is important for businesses to recognise cyber risk as a business risk, not just an IT one. 

Insurance Has A Key Part To Play

Cyber insurance is essential in helping an organisation get back on its feet. Having insurance can help protect a company’s reputation and brand, and provide the expertise to manage cyber incidents, such as ransomware and data breaches. As well as minimising business disruption and providing financial protection during an incident, cyber insurance may also help with subsequent legal and regulatory actions. 

However, cyber risk insurance premiums are rising. This is not just due to the rising number of cyber-attacks, but also because of increased demand and a reduction in supply of insurance capacity. As in 2022, insurers will continue to focus on tighter risk selection, a more rigid approach to adopting policy changes, and higher rate and premium rises, so businesses looking to buy insurance will need to prove the adequacy of their cyber security controls.

To ensure those controls are in place, SMEs can draw on the expertise of specialists in this field. At Resilience, for example, the strategy is to first implement more straightforward protection measures, such as ensuring the latest software and system security updates are installed and having some form of endpoint detection and response (EDR) Network visibility and security, before moving on to more sophisticated cyber risk management processes.

For a business to be cyber resilient, it is crucial that they balance security with capital allocation. While companies should not limit their investment in cyber insurance, it is important that they do not spend outside of their budget needlessly. Cyber risk quantification tools can help companies model how they can spend sensibly while having the most effective risk protection according to their resources. 

Finally, 82% of security breaches involve human error, making staff training vital. Furthermore, other ways to reduce human-related risks can include Multi-Factor Authentication, email authentication protocols and the Principle of Least Privilege (PoLP).

Cyber resilience should be part of the planning process for any business. Without a clear cyber resilience strategy, the reputation, if not operations, of an entire company could be jeopardised. By balancing cybersecurity costs with the effectiveness of cyber risk strategies, businesses can ensure they are best placed to adapt to rising costs as well as rapidly developing tech.

Simon West is Head of Cyber Advisory at Resilience 

You Might Also Read: 

Cyber Security Tools For Your Small Business:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« New Russian Malware Targets Ukraine 
Quantum Computer Power Threatens Encryption »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Ilex International

Ilex International

Ilex International is a European software vendor which specialises in Identity & Access Management solutions.

SailPoint

SailPoint

SailPoint provides identity governance solutions with on-premises and cloud-based identity management software for the most complex challenges.

Silverfort

Silverfort

Silverfort introduces the first security platform enabling adaptive authentication and identity theft prevention for sensitive user, device and resource throughout the entire organization.

Upstream Security

Upstream Security

Upstream Security is the first cloud-based cyber-security solution that protects the technologies and applications of connected and autonomous vehicles.

ERMProtect

ERMProtect

ERMProtect is a leading Information Security & Training Company that helps businesses improve their cybersecurity posture and comply with regulations.

Ataya & Partners

Ataya & Partners

Ataya & Partners is a consulting company that delivers data protection, cybersecurity and IT & Digital governance services.

CyPhyCon

CyPhyCon

CyPhyCon is an annual event exploring threats and solutions to cyber attacks on cyber-physical systems such as industrial control systems, Internet of Things and Industrial Internet of Things.

Casque SNR

Casque SNR

CASQUE SNR is the next generation of Identity Assurance that has potential to supersede existing solutions. It provides Identity Assurance for both people and things.

Brighterion

Brighterion

Brighterion solutions stop payment and acquirer fraud, reduce credit risk and delinquency, fight financial crime, prevent healthcare fraud, waste and abuse, and more.

TechBase

TechBase

TechBase is an innovation and start-up center offering technology-oriented start-ups optimal conditions for successful business development.

RMRF Tech

RMRF Tech

RMRF is a team of cybersecurity engineers and penetration testers which specializes in the development of solutions for early cyber threat detection and prevention.

Nemstar

Nemstar

Nemstar is a specialist in Information Security & Cyber Training with over 25 years' industry experience.

ECIT

ECIT

ECIT is your preferred provider of finance and IT services. We believe in the value of combining financial and IT services to streamline and improve the operation of your business.

Innov8tif

Innov8tif

Innov8tif is an AI company specialised in providing ID assurance solutions — helping digital businesses to prevent frauds by verifying and authenticating customers identity.

Lighthouse IT

Lighthouse IT

At Lighthouse IT, we are focused on delivering seamless and reliable services to unlock the value of technology for your business.

Venticento

Venticento

Venticento is an IT company specialized in consulting and network support and assistance for companies that need to make their business processes more effective.