Insurance policies

Data Breach Attacks Cost SMBs Thousands Without Cyber ​​Insurance Every Year

Small businesses across the UK are counting the cost of not having insurance policies protecting them against the growing risks of cyberattacks or data breaches.

As small and medium-sized businesses (SMBs) are targeted by cybercriminals because more and more employees are working from home, businesses across the country are losing thousands of pounds by not having cybersecurity insurance coverage .

Figures from the UK Gov Cyber ​​Security Breaches Survey 2022 showed that 39% of SMEs reported cyber breaches or attacks within 12 months, with the average cost of breaches estimated at £4,200 .

It has been revealed that a large percentage of SMEs do not have insurance policies covering them against such breaches and the most common objection to buying insurance is that companies have put in place a “good IT security”, so don’t think they are at risk of cyberattacks.

Luke Conn-Goodman, an account manager at H&H Insurance Brokers who works in the north of England, the south of Scotland and Wales, said however that IT security does not fully protect a business and that there is no financial reimbursement if cybercriminals successfully breach companies’ digital security.

He said: “Not buying a cyber insurance policy because you have good IT security is like suggesting that an organization doesn’t need theft cover on a property policy because you have high quality locks on your doors or that you don’t need fire cover because you have a new sprinkler system in place.

“There is a big difference between vulnerability and risk. No matter how much a business invests in IT security, it will never be 100% secure.

“The purpose of a cyber insurance policy is to respond in case the worst happens, with experts on hand to handle the situation and financial compensation for the costs involved.

“For example, if a business is attacked and the criminals demand £10,000 for the data to be returned, the insurance policy would cover the cost of the attack, but not the IT security providers, which would mean the company would be heavily disbursed.

“This can be fatal for small businesses and more than half of SMBs are reported to close within six months of being the victim of a serious cyberattack.”

It is believed that since the Covid-19 outbreak in March 2020, cyberattacks and data breaches have increased by 300% globally.

While security vulnerabilities in general large enterprises make headlines, SMBs are the most common victims of cyberattacks as they are seen as an easy target for cybercriminals. The rewards may be smaller financially, but they are considered “low hanging fruits” due to the lack of resources to protect themselves.

A common pitfall for businesses is to buy the cheapest cyber insurance policy or meet the minimum cybersecurity requirements specified by an insurer, but it is essential for SMEs to ensure they have cover. adequate to protect against all scenarios.

Companies that adopt good cybersecurity practices can significantly reduce insurance premiums, and companies are recommended to develop a cyber incident response plan to mitigate these risks.

Advice from qualified insurance brokers is advised to ensure that SMBs fully understand which cybersecurity insurance policies would best suit their business and ensure that they are fully protected if they fall victim to cybercriminals.

For more information on cybersecurity assurance, Luke Conn-Goodman can be contacted on (01228) 406290 or email: [email protected]