A recent report from Assurex Global suggests that while cyber crime continues to make headlines, as cyber-attacks increase in size, volume and sophistication, most middle market companies underestimate their need for increased cybersecurity investments, including cyber insurance. Many small and medium sized enterprises (SMEs) choose not to devote the proper resources towards cybersecurity due to the belief that the data is not valuable enough and thus, not vulnerable to cybercriminals. However, this logic actually makes SMEs a prime target for cybercriminals that can easily access the improperly protected data.
The report describes four common misconceptions that SMEs make regarding cyber-risks. The first is that cyber-attacks and data breaches primary involve large businesses. In fact, SMEs are just as, if not more vulnerable to cybercrime but these events often go unnoticed by the mainstream media. Second on the list is the belief that “my type of business isn’t a target.” Cyber experts confirm that every enterprise, regardless of size and industry, is a potential target for cybercrime. The next misconception is that a business can self-insure against a breach. IBM’s 2016 Cost of Data Breach Study found the average total cost of a data breach to be $4 million. For a middle market company, the decision to self-insure against cyber-loss could be detrimental to an SME. Lastly, the report found that many firms believe they are not responsible for a cyber event because they outsource their network security. However, a cyber-attack or data breach will likely lead to third-party lawsuits and both parties are often held liable. Responding to and recovering from a cyber-attack can be costly and while cyber insurance can help, it is important to improve front-end protection to prevent an attack from the start.