Insured: Navigating Cyber Risk in the Digital Era
Download MP3A lot of small businesses are struggling with cyber insurance or cybersecurity. The reason why is because the landscape is changing so fast that it's very difficult to implement a policy for cybersecurity where you're not able to dedicate a full team of people to it. That's why a lot of small businesses are just resorting to cyber insurance rather than prevention. Sometimes the cyber insurance policy will put in place procedures for you to take advantage of to try to prevent these activities.
So what are the numbers behind this deficiency? Well, what they say is that 49% of these businesses have plans to budget more in 2023, but 61% say they do not have a dedicated cybersecurity expert inside their organization. Almost half, 47%, do not have an incident response plan. Think about that—half of the companies that were interviewed don't have a plan if there's a cyber incident. Imagine if you went to a company and said, "Do you know what you would do if your building caught on fire? Do you have an incident plan for a fire?" Everybody probably would. If you went to a thousand companies, I'd predict you probably wouldn't find a single company that would not have a fire plan. People wouldn't just sit around not knowing what to do if there's a fire. But they don't have a plan for a cyber incident.
Well, what's more common? What's more likely? Do you think your business is more likely to burn to the ground or to have a cyber event? It's probably more likely to have a cyber event. And in fact, the cyber event could be more expensive to recover from than your building burning down. Your cyber event could actually have more long-lasting effects on your business. So having at least an incident response plan is a good thing to do. How do you generate that? Well, again, if you have an insurance policy, your insurance carrier will certainly put one together for you. They'll require it. At the same time, you could put that together yourself using tools from various cybersecurity companies.
Even those who are trying, according to the report, mid-sized businesses are struggling to implement basic training measures and recruit staff. They reveal they have not deployed threat monitoring, detection, and response. This is a big deal. It's not good for the companies. I'm sure that the hackers and ransomware scammers are reading this and salivating. They're licking their lips because this is a really good way for them to make some money by attacking companies that are not prepared for a cyber event.
Even when there are practices in place, only nine percent of workers adhere to the security practices. This creates major obstacles to fighting off cyberattacks. Again, the hackers know this. They're loving every minute of it because they want to find easy targets. Findings showed that 69% of respondents reported they are required to carry some form of cyber insurance, but 30% have no insurance coverage. That means almost half the people that are supposed to have it don't have it, and 70% of the companies don't have it at all.
So this is good information for you as a business owner. It might give you a competitive advantage if your competitors don't have insurance. They're more likely to get hacked and maybe be shut down for a couple weeks so you can take over their customers. If you do have it, you'll be protected and less likely to be hacked in the first place.
