This has partly been brought about by a global change in working practices following the pandemic and by more businesses claiming losses as a result of breaches in their cyber security. Regulatory and compliance changes – and the demands of Professional Liability insurers – will only increase the pressure on businesses to take the appropriate steps to meet increasingly stringent obligations.
As risks grow, insurers will expect businesses to be better prepared to counter cyber attacks demanding that the steps taken meet their exacting standards. There are already examples of Professional Liability claims being refused due to inadequate cyber protection, with remedial and unplanned steps inevitably costing more.
We’re seeing cyber security vendors adding insurance expertise into the mix, with a service extension that helps companies to achieve the standards expected of them by the more aggressive insurance providers. In future, the cyber defence will be more than just the responsibility of IT, but will become a pivotal foundation for business continuity and compliance.
As an SME, you could be operating under the false perception that it’s only big businesses that are the target of hackers. This is because the biggest scams have the biggest public profile – like the Microsoft Exchange breach that prompted the European Banking Authority to pull its entire email system offline.
The Public Sector isn’t immune either, with London Hackney City Council and the Irish Health Service Executive both being breached in 2021. There’s a continuing upward trend for cyber attacks in general, but hackers are re-focusing their efforts towards smaller businesses because they are, on the whole, easier targets because they lack sophisticated security infrastructures.
Many small-medium-sized businesses feel they’re cyber resilient because they’ve got native Microsoft 365 and antivirus built-in, plus a few extra technologies to bolster their posture. As a result, a reported 1 in 10 of these businesses have suffered a cyber breach in the past year.
The majority of SMEs hold data that’s interesting to hackers and can be used in a much wider attack targeting individuals or the company themselves. This data can include sensitive customer information, employee social security numbers, credit card numbers, account numbers, driver's license numbers and health records rise in attacks. In education and the public sector, the ramifications are far wider.
According to Forbes, some people working within smaller businesses are more at risk of being attacked than others. Hackers target high-value accounts for take-over. CEOs and CFOs are attractive targets and twice as likely to be taken over compared to the average employee. Once in, these cybercriminals use these accounts to gather intelligence and launch attacks within the business.
Forbes also states Executive Assistants are also a popular target as they have access to executive accounts, and calendars and can send messages on behalf of executive teams.
The Government recently published the UK National Cyber Strategy 2022-2030 and within it, there’s a small mention of insurance in Pillar 2 of the Strategy on Cyber Resilience.
Who knows what the future will hold in terms of Legislation, but in the meantime, encouraging businesses to facilitate effective cyber security is going to be high on the Government’s agenda.
Just like any other business insurance, the more losses escalate the more insurance providers will become more demanding in the cyber insurance market, As time goes on it’s likely there will be stricter criteria for risk selection and higher premiums.
One thing’s for certain, these threats aren’t going away. It makes sense for insurers to continue to influence and incentivise businesses that adopt effective cyber resilience practices and offer products and services accordingly. Being ahead of the game and establishing a robust cyber resilience posture, not only protects your most valuable business assets today but will most likely cost you less in insurance premiums in the long run.
With so many different types of attacks on the threat landscape, the cost of remaining in control gets greater all the time. Even if you’re prepared to bear the hefty cost of licensing individual technologies, and the salaries of the extra people to manage it and can hire from a diminishing pool of skilled resources, there’s no better time to consider your options.
Managed Security Services are a great way to take a staged approach toward a robust cyber security posture. What’s the harm in starting the conversation?
Five tips to ensure your data is safe - in or out of the office.
Cyber preparedness insights from a serving police superintendent
O365 and Antivirus can't cover it all
Password problems will still plague every organisation
Counting the cost of cyber security
Now What?
on The Road to Cyber Resilience
How is 2022 going so far?
Considerations for the SME
Request your FREE scan today
Follow our handy checklist
“Does it really work?”
Complex topic explained
Guide for owner or employee
Phishing By Industry Report 2021: Benchmarking Report
What it is and how to deal with it
Cloud-based cybersecurity awareness training
A CTO’s view
What’s actually going on in your business?
Email communications the use of geoblocking
De-risking the human factor
Get smart with Passwords!
Productivity and security behind the scenes
Share this story
Find out more about ensuring all your cyber security bases are covered
Save time, money and resource with our cost-effective managed cyber security platform; keep your users safe, protect your core infrastructure, enhance your security and mitigate risk against cyber crime.
Download the Brochure
Ashok Thomas, CEO of leading managed security company, Net Utils, talks candidly about the pro’s and con’s for SME’s thinking about taking a managed security service into their business
Download the eBookLet us know what you think about the article.
Let us know what you think about the article.
We're a community where IT security buyers can engage on their own terms.
We help you to better understand the security challenges associated with digital business and how to address them, so your company remains safe and secure.