New Zealand SMEs are behind Australia in terms of SME cyber insurance coverage, despite similar rates of cyber attack experience, according to new research undertaken by cyber security company Symantec.
More than twice as many Australian SMEs have cyber insurance compared to New Zealand (14% vs 6% in NZ), the Symantec Cyber Security Survey revealed, even though virtually the same percentage of small businesses (19% in Australia vs 18% in NZ) have experienced a cyber attack.
Also, with 19% of Australian businesses looking to purchase cyber insurance in the next 12 months compared to just 9% in New Zealand, the Kiwis are lagging there too.
Only 2% of Kiwi businesses with cyber insurance have actually made a claim, compared to 1 in 5 Australian businesses.
Mark Gorrie, director, Norton Business Unit for the Pacific region, Symantec, said as more Kiwi companies got behind the product he expected to see the gaps closing.
“I put it down to awareness definitely. This became evident when we asked ‘what would you expect to pay for a cyber insurance policy?’ and a third of the respondents said ‘I have no idea’!
“The disconnect between the size of the threat and the take-up of cyber insurance really stood out for us as well.
“When we’re seeing roughly 1 in 5 of those servers have been subject to some form of attack and we’re seeing such low take-up rate.
“It is a fairly new area, cyber insurance, and awareness around that offering is definitely low.
“But as we some more of these policies coming to market more companies will get behind it and I suspect it will start increasing.”
Gorrie said the message to brokers was to give clients the comparable statistics to fire and theft based policies.
“I tell the brokers this is a great opportunity for them.
“When I look at this data I’m thinking all of these companies have got fire and theft based policies, I’m sure the percentage take-up rate would have to be up in the 90s, and the claim rate would be relatively low.
“But you look here that 1 in 5 are being subjected to an attack yet we have take-up rate of 6% so it’s a big gap.”
Gorries said it was just a ‘matter of time’ before mandatory breach notifications were introduced.
“That’s where it’s going to become a very expensive exercise so it’s about understanding what that means and positioning it to a small business.
“Small businesses are traditionally more vulnerable because they often don’t have the same security resources and budgets as their big business counterparts.
“The impact of a cyber attack to a small business’s brand, reputation, and business operations can be catastrophic.”
Gorrie said Symantec was trying to raise awareness in New Zealand because there was only so much their products could do to help.
“We’re only part of the solution. We’ve started to see a lot more of these social engineered type attacks, some of the business email compromise scams where they’re tricking people to divulge confidential information or making payments where they think it’s legitimate.
“So technology can only do so much in those instances, and that’s when you start getting into the awareness and education of your staff and internal procedures.
“Typically, your SME business doesn’t have a lot of money to spend on tech or professional services to help them out so this is where insurance comes in as that safety net.”
Gorrie said one positive from the research showed that the bigger the business the better the take-up of cyber insurance.
Other conclusions from the survey were that respondents estimated the average cost for cyber insurance to be $1,567, and loss or theft of data was listed as the key reason for taking out cyber insurance (48%).
Insurance/protection/precaution was listed next at 11% and software/hardware/server issues came in at 9%.
Delta boss: Is insurance sector ‘barking mad’ to insure cyber?
LMI Group founder targeted twice in two days by thieves
Disruption of cyber-attack scenario detailed
Too much trust being put into cyber insurance: report