Hackers use small and medium sized businesses (SMBs) as backdoors to launch attacks against major corporations, a big reason why 62% of cyber-attack victims are SMBs, according to Eric Cernak VP at HSB Insurance Company.
Many SMBs are mostly busy with “keeping the lights on” while larger companies can afford to spend resources on becoming “fortified” Cernak said.
“If a (small) business was charged with monitoring, let’s say, the refrigeration units of a large retailer and they needed the credentials of the large retailer to get into the system to help monitor those units,” Cernak said, “and access was not appropriately delineated within the larger organization - the criminal attacks the small business for just those credentials and can remotely access those refrigeration units and can move laterally once they’re in the larger organization.”
Insurance analytics company, Advisen, says only 3% of small businesses have cyber insurance and the high cost of hacker coverage is likely a deterrent.
Cernak said there’s also a “high degree of deniability” among SMBs about the likelihood of them suffering a cyber-attack though there are some “pockets of recognition in certain industries” like “small health care providers and attorneys”.
HSB is now providing less expensive cyber insurance specifically targeted at SMBs.
“The approach we’ve taken is to reduce the underwriting friction, we generally refer to it as a white label approach, where we will endorse a level of cyber coverage on to a small business owner’s property or general liability policy,” Cernak said. “Rather than having to complete a multi-page application, perhaps have a systems assessment on them, we’ve tried to reduce that friction level and allow someone to buy $100,000 or $1 million of coverage as an endorsement to a policy they’re already buying.”
Businesses are evaluated on their classification, size, revenue and number of employees using big data and traditional risk modeling, Cernak said.
The HSB coverage goes beyond indemnification, responding to businesses needs in recovering data and responding to attacks in complex legal situations where companies are required to follow specific procedures and specializing attorneys are hard to find.
Related stories:
Cyber – Have your say
Social media and webcams at work pose cyber threat: Symantec
