“I think there’s no doubt the biggest issue that’s worrying most of us is cyber insurance,” said Damien Coates (pictured above), CEO of the underwriting agency DUAL Asia Pacific. Rather than the corporate end of town, for Coates its SMEs who are the focus of this concern because most don’t have cyber coverage.
According to the Insurance Council of Australia (ICA), only about 20% of SMEs take out cyber insurance. For years reports have suggested that SMEs are a major target of cyberattacks.
Back in 2017, according to news reports, the Australian Small Business and Family Enterprise Ombudsman (ASBFEO) warned that small businesses were the target of more than 40% of cyber crimes in the country. The same report found about 60% of those businesses were likely to go out of business within six months of an attack.
However, many SMEs are still choosing to not take out cyber coverage. Coates believes that the number who buy insurance is probably far lower than some reports suggest.
“I talk to brokers and it’s still only 4% to 5% of SMEs who are buying cyber insurance,” he said. “It’s absolutely frightening, the idea of an SME being hit by a cyberattack without having it.
Coates said cyber criminals are getting “incredibly sophisticated.”
“There’s the proliferation of the hackers and when we close a hole vulnerable to ransomware or social engineering, they find another way to open another hole,” he said.
The CEO said he doesn’t understand how people operate their businesses without cyber insurance.
“I’m a big believer that if there’s something you don’t understand and can’t absolutely control then you should definitely be insuring it,” he said.
For Coates, of all the industries covered by insurance, cyber is “the biggest unknown.”
“I think cyber is probably something that’s keeping most brokers and their clients awake at night and it’s something that is moving so quickly,” he said. “Just as we put a control in place with multi factor authentication, they find another way.”
When Insurance Business suggested that some SMEs who reject cyber coverages argue that they don’t use much technology, Coates said “no business” can function without technology.
“Without technology you don’t have a business and without cyber insurance you don’t have that technology,” he said. “I say to people who think they don’t transact business through technology that if they’re using computers, their whole business is dependent on technology.”
He said a cyberattack, like hacking, for example, could bring the internet down and cause business interruption issues.
“How can you operate if your internet went down for seven days?” I know as a business we couldn’t,” said Coates. “If we didn’t have the cyber insurance and the breach response services that are able to get our servers back up within 24 hours to be able to continue moving forward, that sort of event would be absolutely crippling.”
IB said some businesses complain that coverages are still too expensive.
“I do believe that cyber insurance is affordable and available,” said Coates.
However, he said that there was a time when, particularly in the United States, cyber risks were “almost becoming uninsurable.”
“I think we’ve now seen that the market has stabilized and a lot more people have come into cyber insurance and, therefore, the affordability is now improving,” he said.
IB suggested that given the severity of the cyber threat and its potential to also be a national security issue, should the government create a cyber insurance pool much like it has for cyclone coverages?
“I think it’s a really good point,” said Coates. “We’ve seen the terrorism pool and the cyclone pool but I just don’t know whether it could happen in cyber because cyber has such a systemic sideways exposure that every company is exposed.”
He said the other government pools are “quite defined” in risk and coverage terms.
“With cyber, there are so many triggers, from privacy, to hacking, to business interruption,” said Coates. “There are so many dynamics to it, so I don’t think governments could take the risk.”
The insurance industry, he said, is the only capital base that can take on this challenge.
“We’ve just got to make sure that we’re delivering it to SMEs so that they can purchase insurance to keep themselves in business,” said Coates.
What do you think of the low rate of cyber insurance uptake among SMEs? Please tell us below
