Cybercrime continues to be a persistent and pressing issue for all sized businesses, but particularly smaller organisations. In fact, according to the National Cyber Security Alliance, nearly 60% of small businesses that experience a cyberattack shut their doors within six months.
Despite the continuing rise in risk, many small businesses remain vulnerable to cyberattacks due to a lack of resources and – surprisingly – a lack of knowledge of the existing threats. Moreover, companies are now being exposed to cyber risks even further as they struggle to get appropriate cyber insurance, which, if needed, can be devastating should bad actors circumvent your company’s defences.
Usman Choudhary, Chief Product Officer, VIPRE Security Group, outlines how cyber insurance works, and who can benefit from investing in a policy.
How does cyber insurance work?
Cyber insurance is a policy that helps an organisation pay for any financial losses incurred following a data breach or cyberattack. It also helps cover any costs related to the remediation process, such as paying for the investigation, crisis communication, legal services, and customer refunds.
With the constant – and ever-increasing – threat of potential cyberattacks and need to protect their assets, many companies are applying for cyber insurance, which generally covers a variety of different types of cyber-attacks, including data breaches; business email compromises; cyber extortion demands; malware infections and ransomware.
But, despite the benefits of cyber insurance, it remains surprisingly undervalued. The UK government’s Cyber Security Breaches Survey 2022 found that only 43% of businesses have a cyber insurance policy in place.
Who needs cyber insurance?
Organisations must always seek cost-effective ways to address the cyber security risks they face – as no business is safe in the modern security landscape from a cyber threat. And, one of the most common ways to mitigate the risk of a cyber security incident is cyber insurance. While all sized businesses can benefit from having cyber insurance, small businesses frequently lack the knowledge and importance of securing it. This is usually because of the cost, time involved in finding a provider, and lack of understanding of the importance of a cyber insurance policy.
Protect your business
It’s no surprise that bad actors are becoming more cunning and creative when it comes to targeting businesses – and small businesses are usually the bullseye of their predatory plan – as cyber criminals are aware that these sized businesses may lack the adequate protection.
Beyond the reputational risk involved, the cost of a cyber-attack can be devastating. Today, data breaches can reach more than £2.7 million – while the average cost to investigate and recover from an attack is approximately £2.9 million.
However, the process of signing up for cyber insurance coverage is not as straightforward as many may presume.
Where to get started?
Before applying for cyber insurance, organisations must first demonstrate that their business has implemented a long list of cybersecurity technologies and practices, such as Multi Factor Authentication (MFA) and Endpoint Detection & Response (EDR) to acquire the right security coverage.
MFA is a security technology that combines two or more independent credentials: what the user knows (such as a password), what the user has (such as a security token) and what the user is (by using biometric verification methods). By having a layered defence in place, it makes it more difficult for a bad actor to access a target; such as a physical location, computing device, network, or database. MFA is highly effective at thwarting bad actors, as demonstrated in a study by Microsoft, which found MFA provides an added layer of security that can block up to 99.9% of attacks stemming from compromised accounts.
Endpoint Detection and Response (EDR) uses endpoint data collection software installed into machines to constantly monitor, flag, and respond to cyber threats like ransomware and malware. If suspicious activity is detected, the system is triggered. EDR can also automatically block malicious activity to temporarily isolate an infected endpoint from the rest of the network to stop malware from spreading.
When considering how to keep a business protected from potential cyberattacks, it is important that the teams in charge do their research and choose a reputable partner to implement MFA and EDR technology. However, it’s of equal importance to also remember that obtaining cyber insurance is not enough.
Organisations must constantly monitor their business, stay informed on the latest cyberattack trends, and train its employees on cybersecurity with a comprehensive security awareness training programme in place. It is vital that businesses do their part to stay on top of potential risks and protect its staff, customers, and overall business reputation from the evolving and innovative bad actors society is faced with today.