Small to medium-sized enterprises are more likely to adopt cyber insurance than large companies, according to a new survey by Cowbell Cyber.
The survey was an extension of “Driving Cybersecurity Performance”, a study published by ESI Thoughtlab. It specifically extracted data for cyber insurance buying intentions, drivers, satisfaction, limits, and disparities between SMEs – defined in the survey as having less than $1 billion in revenue – and larger companies.
According to the ESI Thoughtlab report, 65% of SMEs are planning to spend more on cyber insurance as part of their cyber resilience plan in the next two years, compared to only 58% of large companies. The report also found that 71% of SMEs had a cyber coverage limit lower than $1 million and lower than total past or estimated future costs of a cyberattack. The life sciences, healthcare, retail/hospitality, and telecom industries were severely under-covered and had the largest gap between limits and expected losses, according to Cowbell Cyber.
“Cyber breaches are no longer an ‘if’ scenario but rather a ‘when’ scenario,” said Isabelle Dumont, vice president of market engagement at Cowbell Cyber. “Our analysis of the survey results show that cyber insurance is becoming increasingly popular for SME organizations that want to protect their assets and accelerate the response and recovery process in the aftermath of a cyber incident. Cyber insurance is now a necessity and not a luxury for organizations.”
Other findings include:
- SMEs and large businesses both placed their likelihood of experiencing a breach over the next year at 45%.
- 62% of SMEs in the early stages of cybersecurity maturity believe that cyber insurance is well worth the cost. Only 13% said cyber coverage wasn’t worth the protection it provides.
- On average, organizations get cyber insurance coverage limits of about 0.14% of revenue.
- Cyberattacks employing password and credential reuse cause the greatest losses currently and pose the greatest risk over the next two years.
- Multifactor authentication is significantly underused in SMEs (18%) compared to large businesses (43%).
- 55% of SMEs pointed to employee-owned end-user devices as the highest risk in two years.