This has partly been brought about by a global change in working practices following the pandemic and by more businesses claiming losses as a result of breaches in their cyber security. Regulatory and compliance changes – and the demands of Professional Liability insurers – will only increase the pressure on businesses to take the appropriate steps to meet increasingly stringent obligations.
As risks grow, insurers will expect businesses to be better prepared to counter cyber attacks demanding that the steps taken meet their exacting standards. There are already examples of Professional Liability claims being refused due to inadequate cyber protection, with remedial and unplanned steps inevitably costing more.
We’re seeing cyber security vendors adding insurance expertise into the mix, with a service extension that helps companies to achieve the standards expected of them by the more aggressive insurance providers. In future, the cyber defence will be more than just the responsibility of IT, but will become a pivotal foundation for business continuity and compliance.
As an SME, you could be operating under the false perception that it’s only big businesses that are the target of hackers. This is because the biggest scams have the biggest public profile – like the Microsoft Exchange breach that prompted the European Banking Authority to pull its entire email system offline.
The Public Sector isn’t immune either, with London Hackney City Council and the Irish Health Service Executive both being breached in 2021. There’s a continuing upward trend for cyber attacks in general, but hackers are re-focusing their efforts towards smaller businesses because they are, on the whole, easier targets because they lack sophisticated security infrastructures.
Many small-medium-sized businesses feel they’re cyber resilient because they’ve got native Microsoft 365 and antivirus built-in, plus a few extra technologies to bolster their posture. As a result, a reported 1 in 10 of these businesses have suffered a cyber breach in the past year.
The majority of SMEs hold data that’s interesting to hackers and can be used in a much wider attack targeting individuals or the company themselves. This data can include sensitive customer information, employee social security numbers, credit card numbers, account numbers, driver's license numbers and health records rise in attacks. In education and the public sector, the ramifications are far wider.
According to Forbes, some people working within smaller businesses are more at risk of being attacked than others. Hackers target high-value accounts for take-over. CEOs and CFOs are attractive targets and twice as likely to be taken over compared to the average employee. Once in, these cybercriminals use these accounts to gather intelligence and launch attacks within the business.
Forbes also states Executive Assistants are also a popular target as they have access to executive accounts, and calendars and can send messages on behalf of executive teams.
The Government recently published the UK National Cyber Strategy 2022-2030 and within it, there’s a small mention of insurance in Pillar 2 of the Strategy on Cyber Resilience.
Who knows what the future will hold in terms of Legislation, but in the meantime, encouraging businesses to facilitate effective cyber security is going to be high on the Government’s agenda.
Just like any other business insurance, the more losses escalate the more insurance providers will become more demanding in the cyber insurance market, As time goes on it’s likely there will be stricter criteria for risk selection and higher premiums.
One thing’s for certain, these threats aren’t going away. It makes sense for insurers to continue to influence and incentivise businesses that adopt effective cyber resilience practices and offer products and services accordingly. Being ahead of the game and establishing a robust cyber resilience posture, not only protects your most valuable business assets today but will most likely cost you less in insurance premiums in the long run.
With so many different types of attacks on the threat landscape, the cost of remaining in control gets greater all the time. Even if you’re prepared to bear the hefty cost of licensing individual technologies, and the salaries of the extra people to manage it and can hire from a diminishing pool of skilled resources, there’s no better time to consider your options.
Managed Security Services are a great way to take a staged approach toward a robust cyber security posture. What’s the harm in starting the conversation?
How financial institutions can proactively address the challenges of the new regulations.
How to ensure your business is ready for mandatory DORA compliance.
Practical steps to protect your future viability.
The changing dynamics of UC and the impact on IT.
And why IT should care about them.
Read this eBook on how the digital revolution is going green
5 ways to achieve sustainable IT
Cyber preparedness insights from a serving police superintendent
Share this story
Find out more about ensuring all your cyber security bases are covered
We're a community where IT security buyers can engage on their own terms.
We help you to better understand the security challenges associated with digital business and how to address them, so your company remains safe and secure.