How Brokers Can Help SMBs Reduce Cyber Risk

Only recently, and mostly due to pressure created in the media by high-profile cyber attacks, executives at large companies have a new awareness of cyber risks to business. As a result, companies are spending more to reduce cyber threats.

However, not all companies are created equal. A majority of small- and medium-size businesses (SMBs) are not adequately protecting their systems.

Data from Symantec’s 2016 Internet Security Threat Report shows that SMBs have become a big target for hackers. In 2015, phishing campaigns targeted SMBs 43 percent of the time. That’s up 9 percent since 2014 and a huge leap from the 18 percent of attacks that focused on SMBs in 2011.

Phishing is typically carried out by email spoofing or instant messaging, and it often directs users to enter personal information at a fake website whose look and feel are almost identical to the legitimate one.

These phishing attacks target SMB employees with access to the SMB’s finances. Malicious email messages sent to these employees that are opened could hijack a company’s financial information and gain access to funds and personal information.

Symantec also notes that ransomware attacks are on the rise against employees at SMBs. Ransomware is computer malware that installs covertly on a victim’s computer, executes a cryptovirology attack that adversely affects it, and demands a ransom payment to decrypt it or not publish it. In these attacks, there is a demand for some type of payment before its attacker may free a device.

SMBs employees are more vulnerable as are SMBs for the same reason — there are not the same level of resources expended by SMBs for cyber system defenses. As a result, it has become apparent that there is a new growing digital divide between large companies and SMBs when it comes to defenses to cyber attacks.

This divide provides a niche area of opportunity for insurers, particularly brokers, to provide value-added service by helping the policyholder select the proper scope and amount of coverage, and defending against ever-growing cyber threats.

More than two-thirds of SMBs are unaware that dedicated cyber-insurance exists. Also, more than three-fourths of SMBs think that their business is safe from cyber attacks, yet 83 percent have no formal cyber security breach response plan. These shocking statistics are occurring at a time when SMBs are often more vulnerable than large companies to the hard costs and after-effects of a data breach. Even worse, SMBs have fewer resources to respond and recover from a breach. The breach response and remedial costs, as well as the media and public relations fallout from an attack, can put SMBs out of business.

The majority of SMBs have no knowledge of cyber insurance premium costs, and they do not understand the breach risk or what a cyber policy would cover. Many think that a cyber breach will be covered by their business coverage, although these policies often exclude cyber risk.

An insurance broker can give information to a policyholder regarding what products provide cyber risk coverage. A broker can also educate a policyholder on their liability if a cyber breach occurs. By evaluating a policyholder’s system for coverage, the process will uncover areas of vulnerability to a cyber attack.

A broker can work with a policyholder to obtain knowledge about the internal IT structure, media communications and public relations exposure, employee training, security and the cyber issues within the industries that the business works across. In addition, the insurance broker must recognize the needs and understand the IT systems of a policyholder to find the appropriate scope and amount of coverage.

This role that a broker can play is vital for SMBs and could make the difference as to whether a policyholder even stays in business.

Topics Cyber Agencies