Small businesses are the #1 target for cyber criminals, with 60% of them closing within six months after an attack. Since February 2020, there has been a 600% increase in phishing. 67% of businesses have experienced an IoT security incident. In Canada, nearly a quarter of all small businesses have fallen victim to a cyber attack since the pandemic began.
Now more than ever before, the small business sector is beginning to prioritize cybersecurity and cyber liability insurance to mitigate potential crippling financial risk, which is setting the stage for a major trend moving forward: the merging of cybersecurity technology and insurance to mitigate insurer’s risk and provide the best overall coverage for small businesses.
In addition, 83% of small businesses do not carry cyber liability insurance. This could change as a result of the pandemic as insurance liability risks and costs skyrocket, but most small businesses are still not aware of the harsh security realities that exist within the scope of cyber liability insurance.
The truth is, many small business cyber liability insurance claims will not get paid out fully after they are attacked. Many companies are sold policies that have exclusions or situational clauses preventing a payout. Small business owners don’t know where to start when it comes to securing the correct cyber liability insurance, and they also are not aware of which technologies will ensure the quick and proper payout of a claim if there is one. Making matters worse are insurance brokers who, in many cases, know even less than the small business owner about cyber insurance.
Additionally, criminals are now turning to using social engineering methods, a trend experts are seeing exacerbated within the scope of the pandemic. Social engineering is sophisticated. For example, it can be used to mimic a supervisor’s email account, which sends a message to an employee asking for banking information and credit card details. Combined with spear phishing, where links are sent containing malicious code via online platforms such as Facebook Messenger, hackers have the ability to steal a small business’s critical financial, confidential and customer information in the blink of an eye.
Small businesses must ensure they have an appropriate cybersecurity platform and policy on board that covers hacks and breaches that fall inside of the insurance policy’s coverage, taking into consideration these new sophisticated methods used by hackers. It is not uncommon for small businesses to use legacy systems that utilize software made to operate machinery in use for more than a decade. The issue is this: in an organization, a single computer still running Windows XP (or even a modern Windows Operating System for that matter) that is not kept up to date could easily void the entire policy in the event of a breach.
The good news happens to be a trend that is getting underway today: the merging of cybersecurity protection and cyber liability insurance. Despite the increase in attacks and insurers’ corresponding increase in cyber liability premiums to protect their downside, the integration of cybersecurity technology and cyber liability insurance coverage is a trend just in its infancy. In this situation both parties win: Insurers lower their overall risk by vetting and utilizing the latest technology to reduce the likelihood of an attack, and small business owners no longer need to navigate this complex landscape to determine the correct technology and policy that will cover them in the event of a breach.
The closer that cybersecurity technology and insurance come together, the better the outcome will be for both parties. This means less breaches, less insurance claims, faster and fuller payouts when there are claims, and a healthier appetite that insurers will have for taking ongoing risk. We expect this to be one of the major trends in the cybersecurity industry for many years to come.
This article originally ran in Today’s Cybersecurity Leader, a monthly cybersecurity-focused eNewsletter for security end users, brought to you by Security Magazine. Subscribe here.