Cyber Risk Insurance: Protecting from Costly (and Potentially Fatal) Business Interruption

Cyber Insurance

/

January 23, 2019

Karen Walsh

New year, old story. For small and mid-sized businesses, cyber risk is increasing, which means you need to find a way to protect yourself, your business, and your customers. However, as a small to medium sized enterprise (SME), understanding how to do that seems like an overwhelming task. You need to secure your business from information security (IT) risk but have limited financial and workforce resources. To protect yourself from current and future risks arising from increased threats, you want a solution that manages security and helps you find a cyber risk insurance policy focused on your business needs.

How the current information security risks affect SMEs

Most have seen the news. Large businesses continue to experience data breaches on a regular basis. However, SMEs face similar risks.

In 2018, the Ponemon Institute partnered with Keeper Security to publish the 2018 State of Cybersecurity in Small and Medium Size Businesses.  What did their research say?

  • 74% of respondents said they had insufficient personnel for maintaining a robust IT security posture
  • 55% of respondents said they lacked a budget for maintaining a robust IT security posture
  • 29% of SMB IT security operations are supported by managed security services providers, up from 21% in 2017.
  • Business disruption costs were on average $1.1 million for high performers  and 1.6 million on average overall
  • Costs from damaged or stolen IT assets and infrastructure were on average $1.1 million for high performers and on overage $1.6 million overall

What strategies do high performers use to mitigate cyber risk?

High performers experience fewer breaches arising from a higher percentage of their IT budget focusing on IT security.

1. More Staff Means Fewer Breaches

High performers, as defined by the Ponemon Institute report, spent more money to achieve a stronger security posture. These companies allocated 15% of their IT budget to security. This higher budget allowed them to bring IT resources in-house and offer their security team a support staff. This increased experience in the IT department led to a decrease in cyber attacks.

  • Only 56% of high performers, as opposed to 67% of overall respondents, experienced a breach.
  • Additionally, 36% of high performers experienced no breach, compared to 22% of overall respondents.

2. More Money Means Better Threat Detection

The overall statistics showed that when high performers spent more money on IT threat detection, they experienced fewer malware intrusions that evaded their protections.

  • 68% of high performers said that their organization experienced a malware that evaded their antivirus solutions, compared to 82% overall.
  • 59% of high performers responded that malware evaded their intrusion detection system, as opposed to 72% overall.

Spending more money on the right solutions that enable continuous monitoring so that the companies can maintain a security-first approach to data protection enabled a more robust cybersecurity stance.

Know Your Risk: What a Cyber Security Assessment Can Do for You

SMEs are more likely to outsource their cybersecurity  protections by relying on cloud services. Based on Cisco’s “Small and Mighty: How Small and Midmarket Businesses Can Fortify Their Defenses Against Today’s Threats,” 68% of respondents felt the cloud would offer better security. However, malicious actors increasingly target the cloud to gain entrance to SME IT infrastructures.

Thus, SMEs need to focus their security practices on understanding their cloud service providers and managed service security providers (MSSPs) to make sure they have the appropriate protections in place.

For SMEs, a cyber security assessment can enable a stronger IT security posture. To protect your data, you need to know all your systems, networks, and software as well as the data that they store, transmit, and collect. This insight will allow you to ask the questions necessary to track and monitor your service providers’ data protection controls.

A Smart Investment: Cyber Risk Insurance

According to the Cisco report, 40% of respondents experienced more than eight hours of downtime following a cyber attack. An additional 41% said they experience between one and eight hours. In combination with the $1.1 million to $1.6 million business disruption costs cited by Ponemon, these statistics indicate that SMBs need to be worried.

Cyberattack can lead to business dissolution arising out of business disruption.

A cyber risk insurance policy can help protect your financial assets in the event a malicious actor damages your data assets.

If you’re looking for a cyber risk policy to protect you, you need to review any potential coverage for Business Interruption and Extortion coverage. When seeking a cyber insurance policy, you want to ensure that the language incorporates interruption coverage for a computer attack, data re-creation, loss of business (including contingent loss of business), crisis management, and cyber extortion.

A cyber attack doesn’t just take information, it can destroy it. For example, a ransomware attack encrypts all your information, including operating systems, thus turning your devices into really expensive paperweights. If you can’t access customer data, you can’t meet consumer needs. The longer it takes you to recover and recreate your databases, the more money you lose.

Cyber insurance helps protect you against financial losses arising out of cyber attacks.

Zeguro Provides an End-to-End Solution

SMEs need to invest in cybersecurity and cyber risk insurance. They also need to streamline the process to ease the time spent researching solutions. At Zeguro, we recognize the difficulties facing SMEs, both from a cybersecurity and a business perspective, and provide an all-inclusive solution that starts with data protection and ends with insurance.

  • Cyber Risk Analysis: As part of the onboarding process for our Software-as-a-Service (SaaS) platform, you review your current data, software, network, and system assets as well as your current controls, including policies and processes.
  • Compliance Management: Using plain language, we help you create a security-first based compliance program from enhancing your data controls, such as encryption and firewall configurations, to  easy-to-understand policies that help you get and stay compliant.
  • Cyber Risk Insurance: Our partnership with Hartford Steam Boiler Inspection and Insurance Company let us work to help you find the most appropriate cyber insurance coverage for your business.

Contact us today to get an insurance quote and learn more about how Zeguro provides an end-to-end cyber risk solution.