At the moment, all companies want to be seen at the forefront of digitalisation. Company boards are literally overflowing with promises about the potential of new technologies. But security aspects often seem to be neglected. Many computer systems are neither properly protected nor insured against cyber attacks. This seems to be a problem which mainly affects small and medium-sized enterprises (SMEs). According to Gothaer Versicherung, in 2017, just nine percent of SMEs had a cyber-protection policy. It appears that this kind of complacent attitude is still shared by far too many chief executives. A conclusion which is again supported by a recent study conducted by Soprasteria Consulting, also in 2017. Nevertheless, despite the fact that more than a third of German companies consider their computer systems and data to be their company’s most valuable asset, hardly anyone seems to bother with suitable insurance cover.
Cyber insurance is often too abstract
The fact that so far only a few companies have sought the protection of cyber insurance is largely due to ignorance and uncertainty. It appears small companies in particular are unaware which types of cyber-attack are common in their own industry and how they should respond to these threats. Cyber insurance can seem somewhat intangible and thus there is little appreciation of the dangers it safeguards against. But commercial and industrial insurers also have some homework to do, because confusing options and unsophisticated products, as well as unaffordable rates, are at present making cyber insurance less attractive. To change this will require a better understanding of the subject matter and some new marketing approaches. However, some new initiatives are being developed. In the US, hackers are assigned to test customers’ IT security, and those who participate in such controlled testing receive a discount on their own cyber policy in return. In addition, leading insurance and technology companies are working to develop effective cyber risk management solutions. Of course, all this is still a long way from a ready-made concept to market as an insurance contract. But those who are prepared to become involved in laying the foundations will benefit enormously in the future. As digitalisation progresses, so the need for corresponding insurance protection will become ever more important over time.
Security incidents can threaten the viability of a business
Businesses need to be aware that cyber insurance covers only the financial consequences of an insured event. So all organizations must still take steps to protect their own data. However, IT security incidents are always costly, and cyber insurance can save livelihoods, especially in the case of small and medium-sized enterprises. According to the Deloitte Cyber Report, a cyber attack on a medium-to-large company costs around 700,000 euros on average. And security experts Kaspersky Lab estimate that the equivalent cost to an SME would be somewhere in the region of 50,000 euros. Depending on the size of the business, that could potentially wipe out an entire annual profit. Furthermore, security episodes also create a long tail of data recovery, penalties, fines, criminal proceedings, labour costs, and the like. As a result, costs can quickly escalate – not to mention the future implications of a loss of confidence among one’s own clientele. Most companies underestimate these dangers, which in turn means that about half of all small businesses affected will be unable to recover from such an attack.
Conclusion: Prevention is the best form of defence
Nobody should panic unnecessarily about the potential threat of a cyber attack. Nevertheless, it is wise to be prepared for the worst. That’s why cyber insurance makes sense. Unfortunately, the current market remains quite confusing and the costs are not always compatible with the available budget, especially for small businesses. Those who are interested in such insurance cover should choose a reputable provider with several years’ experience. And those who are already insured must regularly keep up to date with developments in this field in order to maintain their cover at an optimum level, because new threats or security holes can quickly increase the level of risk.
This article was first published on LinkedIn.