Startup firms are increasingly aware of cyber risks and consider cyber insurance a must-have. A new survey reveals what startup founders are worried about regarding their cyber security and how they are reacting to a volatile cyber threat landscape.
“There is no shortage of headlines on cyber risks and ransomware attacks these days,” said David Derigiotis (pictured), chief information officer at Embroker. The insurtech recently unveiled the 2023 edition of its cyber risk index for startups.
The report found significant shifts in cyber coverage trends among venture-capital-backed startups in the past year. Most firms (90%) reported having cyber insurance but continue to seek more protection.
One alarming trend uncovered by the cyber risk survey is that younger startups tend to underestimate their vulnerability to cyberattacks.
Nearly four in five (78%) surveyed founders reported experiencing a cyberattack over the past year, up from 67% in 2022. But about half (48%) still think they won’t face a potential data breach or ransomware attack.
“We also found a correlation to the size of the organization, or where they are in terms of their maturity, and the level of potential risk they saw for a cyberattack,” said Derigiotis.
“Some of the more experienced organizations involved in a Series C or later fundraising were most concerned [about cyberattacks], and they were more likely to think that an attack could occur.
“There was a stark contrast with the pre-seed or the seed organizations that were very early in their journey. They were less likely to think that there would be an attack that they would likely experience in the year ahead.”
Embroker’s survey showed that 72% of Series C+ founders said their company was likely to face a potential data breach, compared to 40% of seed and pre-seed founders.
The emergence of generative AI tools like ChatGPT has also put startups on alert for heightened cyber threats.
Nine in 10 founders in Embroker’s survey said they felt threatened by potentially malicious uses of artificial intelligence, such as deepfakes and AI-powered voice technology.
“Many AI models are becoming open source, meaning anybody can grab the code and tailor it for their own needs,” said Derigiotis. “These tools can level the playing field for somebody with malicious intent.”
“A lot of the clients that we work with are involved in AI development or heavily use AI to provide different services, so they understand the flip side to all the great benefits that AI can offer. They understand that it can be used for harm.”
The good news is that startup founders are discussing cyber insurance more than ever.
Eighty-three per cent (83%) reported talking to their investors and boards about cyber protection often or always, a 42% increase year-on-year. Eighty-five per cent (85%) of founders also said they were considering new cyber protections and tools for 2024.
“There are many more conversations at the board level. Our clients are also seeing greater requests in contracts for cyber insurance, and I think a lot of it has to do with the environment that we’re in,” the CIO told Insurance Business.
More than just coverage, cyber insurance also provides tools and resources for businesses to build cyber resiliency.
“Cyber insurance does so much more than just traditional financial risk transfer,” Derigiotis said. “It will give you all the necessary relationships with vendors and breach experts and provide many resources to help you be a more secure organization.”
The increased attention and demand for cyber protection presents a massive opportunity for brokers. Derigiotis encouraged brokers to immerse themselves in the cyber market to understand what carriers are offering, especially in terms of value-added resources.
“There’s no greater opportunity within the specialty insurance space,” he said. “It’s an area that continues to grow significantly, quarter over quarter, year over year. If you want to be in a thriving area of specialty insurance, this is the place to be.”
What are your thoughts on Embroker’s cyber risk index for startups? Tell us in the comments.