Blog & Tools

Cyber insurance: An emerging product that’s finding its place

selecting insurance service for business cybersecurity protection

Financial institutions and other major business organizations used to be the primary targets of cybercriminals. Today, small and midsize businesses are the main targets.

The reason for the shift is that smaller companies generally don’t have big IT staffs to help protect their businesses.

To help protect themselves financially, some businesses are buying cyber insurance. It’s a relatively new offering that can help cover expenses related to incident response, legal defense and business interruption. It’s so new, it’s still establishing its place in the business world.

Jared Ducommun a risk management consultant in Sioux Falls, talked about the emerging insurance product in late October at the Better Business Bureau Federation’s 2018 cybersecurity program: Insecurity in a Digital World. He’s with Howalt+McDowell Insurance, a Marsh & McLennan Agency LLC Company.

Related Blog: DSU expert urges business victims to report cybercrime

Ducommun talked in detail about a survey Marsh & McLennan Agency conducted with 1,141 executives across North America. It reported some interesting conflicts between executives’ perceptions and practices.

For example, almost 60 percent said they consider cyber to be one of the top five risks their organizations face, if not the first. About 78 percent said they were highly or at least fairly confident that their organizations would be able to manage and respond to a cyberattack.

However, when asked about actual work done to prepare for an event, the answers paint another picture:

  • Only 18 percent said they had developed a cyber incident response plan.
  • Only 36 percent said they had implemented a plan to train employees to recognize phishing emails.
  • Only 23 percent said they had conducted penetration testing of their organization’s online defenses.

Cyberattacks have only been a threat to businesses for about two decades. The risks have steadily increased, along with the growth of the internet as a telecommunications tool and advances in technology.

Today, cyberattacks are painfully common, and the potential for business loss is substantial. A business’ reputation, as well as its financial standing, can suffer after a successful cyberattack.

Half of the 28 million small businesses in the United States suffered security breaches in 2016, according to an online survey summary posted online by Marsh & McLennan. Other small businesses probably were victims of successful attacks but didn’t realize it.

“The reality is that regardless of size, large organizations and small ones are exposed substantially to the same cyber risks. If anything, small and middle-market organizations are more vulnerable because they have fewer resources to devote to cybersecurity, and cyber-attackers know that,” according to the report.

Ducommun said in his BBB presentation (watch it below) that in addition to achieving a better understanding of cybersecurity needs, small and midsized businesses increasingly will need cyber insurance to compete for big jobs.

More than 90 companies offer cybersecurity insurance, but service is not standardized. So, buyers need to pay attention to the details of the coverage they consider, Ducommun said.

“If it’s cheap, there’s probably a reason it’s cheap,” he said.

  • About 36 percent of respondents to the company’s survey indicated their organizations currently had cybersecurity insurance.
  • Thirty-six percent also said their organizations did not have cyber insurance.
  • About 19 percent do not have cyber insurance and do not plan to buy it.
  • Nine percent plan to buy it or increase their coverage.

Some businesses are in fields that must comply with regulations. However, merely complying with well-intended regulations does not automatically translate to good cybersecurity, another speaker at the BBB event said.

“You should be basing your security posture on your environment, not compliance,” said Chris Aeilts, a sales engineer with SDN. “The responsibility is on you to be secure.”

The BBB in South Dakota sponsored the annual cybersecurity event in cooperation with three prominent business organizations in Sioux Falls:

  • SDN Communications
  • Avera McKennan Hospital & University Health Center
  • The KELOLAND Media Group.

SDN Communications is a regional leader in providing broadband connectivity and cybersecurity services to businesses in the region including larger cities such as Sioux Falls and Rapid City.

Strengthen your cybersecurity posture by starting with the basics. Use the button below to download SDN's free book, "Cybersecurity Starts With The Basics."

Download The Book

Book Cover: Cybersecurity Starts With The Basics