Cyberattacks are commonplace in today’s world. The focus of the media is generally on huge events like the HBO or Target breaches – but there are lots of smaller cybercrime victims that are continually slipping under the radar.
The business world needs to open its eyes and realize that small businesses are just as vulnerable to cyber incidents as larger ones, according to Dan Burke, cyber and technology product head at
Hiscox USA.
Celebrate excellence in insurance. Nominate a worthy colleague for the Insurance Business Awards!
“Small businesses are being hit just as hard as larger businesses - you just don’t hear about it,” Burke told
Insurance Business. “Small business cyberattacks tend to have smaller impact on a gross dollar basis, but the impact to the company itself on a percentage basis, is much higher.
“The most frequent attack factor and the weakest chain in any security link is humans. Small businesses tend not to have the same resources dedicated to improving the human element of cyber security – that human firewall.”
Search and compare product listings for Cyber Insurance from specialty market providers here
Hackers and cyber criminals have noted this cybersecurity weakness among smaller businesses and are using them as a gateway to attack larger business partners, according to Burke. This is something that has been happening for a number of years, but “there’s still not a great awareness of it among small businesses,” he said.
“It’s a fact of life – small businesses are being targeted as a gateway to larger businesses,” said Burke. “Larger companies are starting to realize it and are becoming much more tuned into the cybersecurity of their selected vendors. They are starting to ensure by contract that their vendors and small business partners have adequate security and dedicated cyber insurance policies in place.”
There are cost-effective ways for small businesses to improve their cybersecurity, according to Burke. It’s about three key areas: strategy, resources and processes. Businesses need to have a plan in place and know how to respond effectively when a cybersecurity incident occurs.
Cyber insurance is another obvious route for small businesses to take. The cyber insurance market has developed rapidly in recent years, offering value-added services alongside risk transfer. Purchasing a dedicated cyber insurance policy will often bring pre-breach value-added services like training courses, awareness campaigns and educational content, as well as a team of experts ready for deployment when an incident occurs.
“Coverage has come a long way in the last few years,” Burke commented. “Brokers need to continue getting the message out there that a cyber insurance policy is no longer just pure risk transfer, but there are value-added services that come along with it too.
“Strategy, resource and process – those are the areas where small businesses can make significant changes and improve their resiliency to a cyber event without huge financial cost. Have a plan, document your processes, know who is going to be involved when something does go wrong and utilize your insurance carrier or broker as a partner. Take advantage of value-add services and find out how your carrier and broker can help you prepare for and respond to an event.”
Related stories:
Chubb expands cyber risk management offerings in US and Canada
Marsh cyber insurance rates drop in US