Average knowledge among SMEs of the cyber threat environment, and solutions available, remains remarkably low for an area that's evolving much faster than other branches of insurance.
CYBERATTACKS ON small businesses have increased dramatically over the last few years, but related insurance is still playing catch-up as clients and brokers underestimate the threat.
This has resulted in a gap in how cyber insurance is perceived by SMEs, in terms of what it can do for businesses even before any attack takes place, and the degree of risk involved.
At a recent Executive Insights panel on Insurance Business TV, industry experts set out their concerns and where they see the market heading in one of the fastest-evolving areas of insurance.
On the one hand, the digital evolution of both the economy and society due to the pandemic has resulted in an increasing awareness of the dangers posed by cyber, and more organisations taking up related policies. On the other, many SMEs still underestimate the amount of damage that can occur and continue to consider the cyber threat as one that can be mitigated after an attack occurs.
“I think there's a miscalculation from a lot of SMEs about what it actually takes to recover from an event,” said Richard Smith, head of cyber at Blue Zebra Insurance. “The cost to recover from an event can be significant; you know, the legal costs, the forensic costs, the ransomware negotiation costs.”
Many SMEs also significantly underestimate the time it takes to recover from a cyberattack.
It is often thought that the cyber threat is only limited to certain sectors such as retail or healthcare.
“But every single business that uses a computer and has an employee has an exposure,” said Lindsey Nelson, cyber development leader at CFC Underwriting.
The great SME cyber turkey shoot
Many SMEs are blissfully unaware that the risk terrain has changed dramatically in the last three or four years. It's as if a Sunday stroller enjoying a botanical garden didn’t realise, they had stumbled into the Amazonian jungle.
The latest data threat report from Thales Group showed that four in 10 Australian businesses fell victim to a cyberattack last year.
“[Small businesses] still don't appreciate that level of risk that they face, and many are still surprised when they see the price … even though it's their top business risk,” said Nelson.
SMEs sometimes don’t want to pay for a product that only brings benefit at some unforeseen point in the future. But cyber insurance today actually starts
working for businesses from the first day they bind the policy by proactively using threat intelligence to look for signs of vulnerability or compromise, Nelson explained.
Remote working is one factor behind the higher risk.
“It has led to a greater chance of infiltration from the threat actors,” said Michael Ussher, commercial manager – Asia Pacific at DUAL Australia. Using home Wi-Fi networks or public Wi-Fi in places like cafes or hotels creates vulnerabilities.
“The amount of surface area that can happen for this infiltration has been obviously significantly greater over the last few years,” he said.
SMEs often feel that they aren’t a target due to their small size. But size is beside the point when criminals are engaging in a volumes-based attack strategy.
Katherine (08) 7919 7019
2/46 Chardon St