Small and medium sized businesses (SMBs) are the commercial entities most impacted by data breaches but also the group most tricky to persuade about the benefits of cyber insurance.
A recent study conducted by cyber insurance platform vendor Corax and global law firm Clyde & Co has found that small businesses are consistently found to have the highest reported number of data breaches.
The report, Cyber Breach Insights: Key Drivers Beyond Cyber Insurance Claims, used anonymous invoice data from 321 randomly selected breach events between 2014 and 2015, to provide new insight on frequency, cost and duration of data breach events. Invoice data revealed that that 90% of organisations that experienced breaches were SMBs, with Leisure, Retail and Hospitality experiencing the most expensive breaches, averaging $18,000 per breach.
“This report should help insurance brokers and carriers promote and sell cyber insurance,” said report co-author Marcus Breese, head of insurance innovation and strategy at Corax. “One really important point that became clear through the study was the benefit on cash flow that cyber insurance policies have for smaller organisations.
“Most of the invoices we analysed had a big spike in cost right at the beginning of the investigation, which was largely driven by the forensic investigation. If an SMB were to fund that expensive investigation themselves, the financial loss could be very impactful on their business. One of the key benefits of cyber insurance for an SMB is smoothing out that cash flow.”
Despite being highly vulnerable to cyber attacks, SMBs have been notoriously difficult to persuade over the benefits of the cyber insurance product. Insurers worldwide have launched campaign after campaign to attract the SMB to the cyber market and find a way to breach the coverage gap that still seems to exist in this business demographic.
The struggle with regards to SMB cyber insurance uptake revolves around the focus of communication, according to Breese, who said the industry needs to do better at conveying the benefits of the product rather than focusing on the technicalities.
“When consulting with clients, the insurance industry tends to focus on lines of coverage and technical elements of specific products. But the problem is, insurance gets very technical very quickly – and cyber insurance is a particularly complex product,” Breese told Insurance Business.
“Sometimes the technical information can seem a bit daunting to consumers,” he added. “I would move away from that and instead focus on the benefits cyber insurance brings to insureds, such as the value-added services, the increased stability in the cash flow, and the access to pre-vetted panel vendors who will assist a business through a time of crisis in a really smooth way. Instead of focusing on insurance clauses and additional coverages, I think there’s advantage to be gained by changing the focus to the extra services associated with cyber insurance.”