Contrary to common belief, small and med-size enterprises (SME’s) are just as, if not more, susceptible to data breaches and cyber-attacks compared to their larger counterparts. Not only do SME’s have access to vast amounts of personal and financial information, despite their size, but cybercriminals often have an easier time hacking into a smaller organization’s network due to lax cybersecurity measures. Not to mention, cybercriminals can also use a smaller organization’s network as a Segway to breach a larger organization that the SME does business with. In a time when cybercrime costs are increasing dramatically – Ponemon’s “2015 Cost of Cyber Crime study” revealed that the cost of cybercrime increased 19 percent throughout the year – smaller businesses experienced higher proportional costs from web-based attacks.
While the take-up of cyber insurance is increasing drastically, it seems SME’s remain hesitant to making that step (purchase). Smaller organizations often believe their stored data will not capture the attention of cybercriminals. Sometimes, CISOs have a tough time convincing CEOs and the Board that the purchase is necessary. Nonetheless, companies of all sizes are getting breached and the costs of recovering are only increasing, making the need for cyber insurance imperative. Today, most cyber policies are written on a manuscript basis, meaning they are rarely similar and customized for a particular organization. As a result, a company is only paying for coverage that makes sense for its specific exposures. Additionally, these policies offer a wide variety of coverages and according to The Council’s most recent Cyber Market Watch Survey, there are actually few capacity issues in the market, especially for SMEs. On the other hand, there are many developments that need to be made in the industry. Underwriters must learn to better quantify risk while remaining cost effective and producers need to simplify and the language used to write the policy. Regardless, many companies will tell you they would not have been able to survive had they not purchased cyber coverage before a breach. While cyber insurance must not undermine the importance for good cybersecurity practices, when that breach does occur, are you prepared?