Less than one in five small businesses have secured cyber insurance policies to protect themselves against hackers and increase employee awareness of the associated risks, a new study said.
As cyber attackers are increasingly targeting small businesses, the cyber insurance market has correspondingly jumped, prodded by shifts to COVID-driven remote work and a greater reliance on cloud computing, according to AdvisorSmith, a New York-based insurance industry researcher focused on small businesses.
Related: See all ChannelE2E Research Briefs Here
The analyst’s data showed that small businesses are largely uncertain about buying cyber insurance. For example, of the roughly 1,120 small business owners and managers surveyed, about 64 percent are unfamiliar with cyber insurance, 25 percent don’t know what it is and 39 percent are unsure of what it covers. Slightly less than 20 percent know about cyber insurance but have no plans to buy a policy, leaving a vast gap for insurers to close if they want to garner small business policy holders.
Buying Coverage (After Attacks): Of note, while 17 percent of the respondents carry some form of cyber insurance coverage, more than seven in 10 purchased policies only after hearing about or being victimized by a cyberattack. That gives hackers a pretty wide runway from which to launch an attack.
“It’s clear that it is still early in the adoption cycle for small business cyber insurance, but as cyber threat actors shift from big-game hunting to smaller targets, cyber insurance may become a more common coverage for small businesses,” AdvisorSmith said in a blog post.
Here are some additional data from the survey:
On buying cyber insurance.
- 48%: Purchased cyber insurance after being the victim of a cyber attack or cyber loss.
- 20%: Purchased cyber insurance because of the high risks in their industry.
- 19%: Purchased cyber insurance after someone they knew was the victim of a cyber attack or cyber loss.
- 8%: Purchased cyber insurance upon recommendation from a broker or agent.
- 5%: Purchased cyber insurance after hearing about cyber threats in the media.
On worrying about a cyber attack.
- 69%: Concerned about being the victim of a cyber attack in the next 12 months. Roughly 31% were not concerned.
On implementing cybersecurity precautions.
- 72%: Small businesses have implemented cybersecurity precautions.
- 21%: Implemented a strong password policy.
- 20%: Implemented multi-factor authentication.
- 17%: Implemented data encryption.
- 16%: Purchased cybersecurity software.
- 16%: Regularly train employees on cybersecurity.
- 9%: Hired a cybersecurity consultant.
To combat the threat of a cyber attack, AdvisorSmith recommends small businesses take the following actions:
- Password hygiene. Don't use the same login and password across multiple accounts, create strong passwords, consider using a password manager, use two-factor authentication.
- Training. Educate employees to recognize common phishing attacks, avoiding opening attachments or clicking on links from unverified sources, and implementing strong passwords.
- System updates. Make sure computers and network systems are updated to the latest versions.
- Backups. Backup data to be able to recover from a ransomware attack or other type of cyber infection.
- Security software. Many operating systems already come built-in with security and antivirus software. For legacy systems, consider purchasing an off-the-shelf security product.
- Sensitive data. Implement varying levels of security access, with the most confidential data being shared with only those who absolutely need access.
- Cyber insurance: Consider avenues to recoup business losses from a cyber attack.
