As the saying goes “Past performance is no indicator of future results.” This is as true for cyber security as it is for investments. Cyber criminals are always finding new targets, and, as enterprises step up their cybersecurity game, hackers are increasingly turning to SMBs for an easier source of revenue.
That makes sense considering the results from several recent surveys of small business owners. They reveal that business owners don’t perceive the risks they face from a cyber attack. For example, a 2022 poll by SurveyMonkey found that only 37% of small business owners were worried about the threat posed by a cyber attack.
That attitude hasn’t changed in two years. This year, a survey by Nationwide found that 81% of small business owners believed the costs to their business from an attack would amount to less than $5000. Almost a quarter of business owners thought they could recover and resume normal operations within a month or less. Meanwhile, Nationwide’s own claims data puts small business costs in the tens of thousands, with recovery time between two and three months.
Plus, there’s more bad news ahead. Hackers are increasingly using generative AI attacks to target small businesses. The technology makes it easier to create sophisticated impersonations of employees using email, phone calls, or video. According to the Nationwide survey, in the past year a quarter of small businesses have been on the receiving end of a generative AI attack. Those polled were aware of the dangers from AI-created attacks. So why didn’t they take threats from cyber attacks more seriously?
A False Sense of Security from Cyber Insurance
One reason may be the growth of the cyber insurance industry. The pivot to work from home during the pandemic triggered a rise in cyber attacks. It led to skyrocketing cyber insurance premiums in 2021 – 2022. While marketplace competition has had a mitigating effect on pricing in recent years, cyber coverage is one of the fastest areas of growth in the insurance industry right now, with premiums set to surpass $20 billion by end of next year.
Cyber insurance typically covers expenses like ransom payments, data restoration, business interruption, incident investigations, even public relations. It may also provide third-party coverage (in case a business is held liable for a breach of the client data they hold) that helps with costs associated with hiring an attorney, legal settlements, court-ordered damages, and regulatory fines.
Small business owners who have purchased these policies may think they are covered for any circumstance. But most insurers now require additional security protections be put in place by the insured. Small businesses will want to make sure to be aware of any new requirements as well as types of attacks that are no longer covered.
What Can SMBs do to Prevent Cyberattacks?
It’s not enough to purchase a cyber insurance policy. Small business owners need to ensure their organization is truly covered. According to Alla Valente, a senior analyst at Forrester Research, quoted in this article, “It’s really important that all organizations read the fine print — those terms, those conditions — but also [know] what the exclusions look like, because the policy might pay for certain types of cyberattacks, but not others… they might pay for cyberattacks, as long as you’re maintaining a certain level of security best practices.”
A great place to start is to determine current exposure with a complete security assessment. It can reveal areas for improvement and opportunities to reduce the likelihood of attack and the cost of insurance premiums.
Another is based in company culture. Business owners should encourage their employees to be more intentional when opening emails. A solution like KnowBe4, which provides cybersecurity training and simulated phishing emails, is an excellent way to raise employee awareness of cyber attacks.
A cyber attack doesn’t just damage your data and systems. It also damages employee productivity, morale, organizational reputation, and customer loyalty. Unfortunately, those intangibles can’t be repaired by an insurance payout.
Talk to one of our cybersecurity experts to discover how a security assessment from InterDev can help your organization meet security best practices.
