Why SMEs Need Cyber Insurance

Uploaded on 2017-04-04 in NEWS-News Analysis, GOVERNMENT-Law Enforcement, FREE TO VIEW, BUSINESS-Services-Financial

Almost three-quarters of small and medium-sized businesses have suffered a security breach, and a report from the Federation of Small Business (FSB) says cybercrime targeting small and medium-sized businesses costs the UK an estimated £5.26bn a year. 

The report also notes that it costs small businesses disproportionately more than big businesses, when adjusted for organisational size.

Mike Cherry, National Chairman of the FSB, explains: “Small firms take their cyber security responsibility very seriously, but often they are the least able to bear the cost of doing so. Smaller businesses have limited resources, time, and expertise to deal with ever-evolving and increasing digital attacks.”

Why are smaller businesses a target?

Cyber criminals love smaller businesses because they have more digital assets than consumers, and less security than larger organisations. In fact, the FSB report found that only a quarter of small and medium-sized businesses have a strict password policy, and just 4% have a cyber attack strategy.

Phishing for small business

The most common cybercrimes affecting small and medium-sized businesses are phishing emails, spear phishing emails, and malware attacks. 

Other threats include ransomware (where data is seized and encrypted for ransom), hack attacks (where hackers access the company network), and Denial of Service (DOS) attacks which push a huge amount of data to a company’s website to make it crash.

Phishing emails send you to a website that looks legitimate, and ask you to update your account details. The fraudsters can then easily steal your personal information to commit identity theft.

Spear phishing attacks are even more sophisticated, and harder to spot. They target individuals within the organisation, often mimicking their colleagues, by using email headers and addresses to extort money. 

Statistics from cyber security firm Symantec show more than half of spear phishing attacks last December were against SMEs.

Malware attacks are just as damaging. You might click a link or unknowingly download malicious software designed to infiltrate your computer and steal sensitive information, extort money, or send unwanted advertising (adware).

Spear phishing hooks fishing retailer

Let’s look at a somewhat ironic, real-world example of a cyber-crime event which recently impacted one of our customers. The business, a fishing tackle retailer, was caught out by a spear phishing attack just months after taking out a cyber insurance policy with NIG.

At the time, the company was shopping around for new office space. The account manager received an email from the managing director, asking him to pay £15,000 to a new account, presumably to secure a space. No eyebrows were raised, and the payment was made, however, the email hadn’t come from the managing director. It was sent by a cyber-criminal using a spoof address.

The company quickly alerted the relevant people within NIG. As part of their policy we sent forensic experts to check the fraud came from outside the business, not from an employee, and had the client’s bank put a stop on the account. Their fast action meant only £3,276 was stolen; in part because fraudsters often drip-feed withdrawals in order to avoid detection. The claim was quickly settled, and the retailer could get back to focusing on fishing, and not phishing.

Why take out cyber insurance?

Without cyber insurance, the fishing tackle retailer would have had a different, and far more devastating, experience. After all, the average cost of a cyber breach to small and medium sized businesses is usually between £75,000 and £310,800.

It’s not just stolen funds that business owners have to worry about. There’s also the cost of loss of data and damage to IT systems and networks as well as replacing any stolen or infected devices. There’s the cost of notifying your customers, and in some cases paying compensation, as well as re-building brand confidence through public relations advice and campaigns. 

There’s also investigation and legal costs, money spent responding to regulatory bodies and penalties from banks for losing customer credit card data. On top of all this there is the issue of damaged reputation and lost profit while your system is down. It’s a lot to lose and can often destroy SMEs who don’t have adequate cover in place.

That’s the true value of cyber insurance. It covers you against serious damage, loss of data, and the costs associated with a cyber-attack whilst helping you get back up and running sooner. 

A policy is imperative if your business holds sensitive customer information like names and addresses or bank information, or if you process payments, or do much of your business online. It should also be recognised that your standard business insurance policy probably won’t cover you for cyber-attacks.

It’s clear cyber insurance can minimise the damage caused by a cyber-attack, however, the best policy is to have robust prevention mechanisms in place. This means keeping your IT software and systems up-to-date, training your staff on safe online practices, and implementing formal policies to reduce your risk. 

Putting in place measures such as these, combined with comprehensive cyber coverage, will help keep your business safe from cybercrime.

NIG:

Cybersecurity Breaches Cost UK Businesses £30 billion Last Year:

No Easy Fix For SME Cybersecurity:
 
Cyber Insurance: 7 Questions To Ask:
 
Directors Report January 2017. Cyber Security Checklist For Management (£):

 

« Cybersecurity Breaches Cost UK Businesses Close To £30bn Last Year
Singapore Defense Ministry Under Remote Attack »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Potomac Institute for Policy Studies

Potomac Institute for Policy Studies

Potomac Institute undertakes research on key science, technology, and national security issues facing society, Study areas include cybersecurity.

Efecte

Efecte

Efecte is a Nordic SaaS company specialized in IT Service Management, Self-Service, Identity Management and Access Governance solutions.

Polyverse

Polyverse

Polyverse offers application security, zero-day defense, proactive cyber resiliency and more. Protect your critical applications with moving target defense.

Arete

Arete

Arete is a global cyber risk company whose mission is to transform the way organizations prepare for, respond to, and prevent cybercrime.

Cyberarch Consulting

Cyberarch Consulting

Cyberarch is a security-focused consulting firm. We provide services specializing in information security, digital forensics, penetration testing and cyber security training.

Internet Security Research Group (ISRG)

Internet Security Research Group (ISRG)

ISRG's mission is to reduce financial, technological, and educational barriers to secure communication over the Internet.

Zaviant Consulting

Zaviant Consulting

Zaviant Consulting is a leading data security and privacy consulting firm assisting organizations comply with constantly evolving security frameworks and privacy regulations.

CornerStone

CornerStone

CornerStone is an award winning, independent risk, cyber and security consulting firm providing a range of Risk Management, Security Design and Implementation Management Services.

Testhouse Ltd

Testhouse Ltd

Testhouse is a thought leader in the Quality Assurance, software testing and DevOps space. Founded in the year 2000 in London, UK, with a mission to contribute towards a world of high-quality software

Ostrich Cyber-Risk

Ostrich Cyber-Risk

Ostrich Cyber-Risk is a risk management company that helps organizations reduce the complexity of identifying financial and operational risks related to your cybersecurity posture.

Curatrix Technologies

Curatrix Technologies

Curatrix Technologies is a Managed IT Service provider based in Hampshire, UK, providing high quality and reliable Managed IT Services since 2015.

VLC Solutions

VLC Solutions

VLC Solutions is an independent solutions and technology service provider offering Cloud Services, Cybersecurity, ERP Services, Network Management Services, and Compliance Solutions.

Davinsi Labs

Davinsi Labs

Davinsi Labs helps companies achieve Digital Service Excellence with specialized Security Intelligence and Service Intelligence solutions.

AArete

AArete

AArete is a global management and technology consulting firm specializing in strategic profitability improvement, digital transformation, and advisory services.

Vercara

Vercara

Vercara offers a purpose-built, global cloud security platform that provides layers of protection to safeguard businesses’ online presence, no matter where an attack comes from or where it is aimed.

Intertec Systems

Intertec Systems

Intertec Systems is an award-winning, global IT solutions and services provider that specializes in digital transformation, cybersecurity, sustainability, and cloud services.