Are SMEs underestimating their cyber exposure?

Are SMEs underestimating their cyber exposure? | Insurance Business Canada

Are SMEs underestimating their cyber exposure?
Following last Friday’s huge DDoS cyber-attack, in which a number of major US websites such as Netflix and Twitter were hit, you’d be forgiven for thinking that heavyweight corporations are the main targets of cyber-crime.  
Indeed, a recent survey by the Risk Management Society found that nearly a quarter of its members with cyber policies in the US were spending over $500,000 on premiums – suggesting that it is mainly larger companies purchasing cyber insurance.

Do you care about cyber cover? IB’s live global event from London, Vancouver, NY, WashingtonDC – November 2  

However, the threat to SMEs is both underestimated and increasing, says one expert.

Historically, bigger companies have been the main buyers of cyber policies, because it is mainly large-scale cyber-attacks that make the headlines – meaning that larger companies have public incidents to relate to, James Burns, cyber product leader at CFC Underwriting, told Insurance Business.

Whilst attacks against smaller businesses are less likely to generate media coverage, they are still happening behind the scenes, and with huge impact, according to Burns, who stressed that despite the lack of press, incidents involving SMEs can still have “devastating impacts for the victims.”

And attacks against small businesses are becoming more frequent.

“What we’re seeing now is such a high level of incidents involving SME’s that most business owners know someone that has been hit, which obviously leads to a huge uptick in interest,” he said.

Instances of ransomware, funds transfer fraud, social engineering and extortion have “sky-rocketed” in the past 12 months, and on a truly global scale, according to Burns.

“As the possibility of a threat gets closer to home, smaller businesses are far more likely to want to protect against that threat,” he added.

However, there is still a lack of cyber-protection amongst SMEs, and this may in fact be fuelling the rise in incidents, Burns suggested, as cyber criminals seek out the easiest prey.

“Attacks against smaller companies have also increased as larger organisations have invested heavily in cyber security – attackers will tend to target the lowest hanging fruit, and at the moment that is the SME sector,” he said.

In the face of the growing threat, businesses need to change their mindset and begin to equate the risks of cyber-crime with that of traditional property crime.

“Criminals no longer just break into physical premises to steal goods and cash. They break into digital networks to steal data and electronic funds,” Burns said.

“The threat is actually the same as it always has been, it’s just the method that has changed. Cyber insurance is necessary to protect against damage to or theft of a business’s intangible assets in the same way that property and crime insurance are necessary to protect the tangible ones.”

Learn more on the state of cyber risk and cyber insurance at Cyber Risk 2016, a global live virtual event on November 2.

Related stories:
The global state of cyber insurance
Aon hires FBI’s top cyber-risk expert