The average cost of a cyber-attack to any U.S. organization is currently estimated to be near $9.4 million, but could rise to as much as $163 million, according to a research report issued by the Ponemon Institute.
It is no surprise, then, that the U.S. government estimates that 60 percent of small businesses close within six months following a cyber-attack.
Despite this substantial financial impact, however, most small to medium-sized businesses do not have any cyber insurance policies in place to protect them from digital harm, which can range from incidences of malware to hacking and employee mishaps.
In fact, a recent report from Software Advice found that even though cyber insurance policies increased fivefold between 2006 and 2013, a mere 2 percent of businesses with 500 employees or fewer had any coverage in place. Moreover, 67 percent were not even aware of what cyber insurance even was.
Interested in selling more cyber insurance? Reserve your spot at IBA's March 25 webinar, "5 steps to selling cyber insurance"
“The demand [for cyber] is increasing, but not at a rate we think is quick enough,” said John Tiene, who represents thousands of agents in the Northeastern US as CEO of Agency Network Exchange
(ANE). “Small businesses are still very reluctant to sign up for the coverage and that really concerns us because some 30% of breaches occur in these small companies with fewer than 250 employees.”
The report notes that many SMEs likely believe that their business insurance policies protect them from cyber threats, but may not realize that these payouts are small and often relegated to restoring the IT system. Because of this, coverages often neglect the costs of peripheral actions such as informing customers about a data breach.
It also has advice for business owners, but since many remain unaware of cyber crimes and the policies that protect against them, agents and brokers can provide guidance to these entrepreneurs.
This includes assisting the companies in classifying the “diversity, volume and strength of cyber threats facing their company,” and helping to align those with relevant policies. Considerations should be made to take account of organizational vulnerabilities such as IT systems, software, devices, as well as safeguards already in place such as anti-virus and malware identification programs.
“That will give them an idea of their exposure, and help them decide what the mix of investment in their security program should be versus a premium spend on cyber insurance,” Bob Rudis, a security data scientist at Verizon Enterprise Solutions, told Software Advice.
Finally, agents should emphasize that cyber protection has become more sophisticated and better able to underwrite against rapidly emerging technological risks.
“This is a coverage need of the 21st century," said Tiene.
When's the last time you were asked by a client about cyber? Take our poll!
You may also be interested in: "New era of cyber crime leaves financial institutions uninsured"
"More than half of brokerages have been targeted by cyber criminals"
"The number one reasons producers can't sell cyber"