Small- and medium-sized enterprises are waking up to the realities of cyber risks but still underestimate their exposures, according to a report published by Allianz Global Corporate & Specialty (AGCS).
For medium-sized companies with annual revenues between €250 million ($308.9 million) and €500 million ($617.8 million), cyber incidents rank as the top risk for the first time (39 percent of responses), while for small-sized companies with annual revenues less than €250 million, it ranks as the second major business risk (30 percent of responses), said the seventh annual Allianz Risk Barometer 2018, which surveys global risk experts to discover what risks keep them awake at night.
See tables below to view the report’s top five risks for small enterprise companies and mid-sized companies.
The report surveyed 1,911 respondents in 80 countries, including Allianz’ customers, brokers, risk consultants, underwriters, senior managers and claims experts. (See related article published on Feb. 5). Allianz noted that SME business experts collectively account for almost half of the Risk Barometer’s responses, or 47 percent.
“The jump that cyber incidents have taken in the past year – from third to first for medium-sized companies and from sixth to second for small-sized companies – is significant and reflects an uptick in the attention paid to data breaches both by SME companies and their insurance brokers,” said Vinko Markovina, global head of MidCorp, AGCS, who was quoted in the report.
“Awareness is growing, as the Risk Barometer results show, but many SMEs still underestimate their exposure and are not prepared for, or are able to respond to, an incident. This can be a fatal mistake,” he added.
Business interruption ranks as the top risk for small enterprises and as the second most important peril for medium-sized companies.
The impact of cyber attacks “can be catastrophic,” the report affirmed, noting that the average cost of a data breach for SMEs in North America was $117,000, according to a study from Kaspersky Lab. A separate study from Ponemon Institute, titled “State of Cybersecurity in Small and Medium-Sized Businesses,” revealed that hackers have breached over 50 percent of small businesses, with these numbers continuing to increase.
Fighting back against cyber threats poses a different set of challenges compared with larger companies, warned the report.
SMEs can be vulnerable as many do not have enough revenue to afford their own IT departments, employ a chief information security officer (CISO) or access the knowledge and resources to protect themselves against evolving cyber threats, AGCS continued.
However, there are solutions available for SMEs, including one offered by AGCS. AGCS said it has partnered with Silicon-Valley based software company Zeguro to implement a “virtual CISO” platform as part of its insurance coverage. The platform enables SMEs to access tailored security recommendations and training for employees, AGCS said.
“Cyber insurance used to be a confusing and relatively expensive cover for SME-sized businesses. However, as coverage has become more available, affordable and easier to understand, we are seeing more demand,” says Markovina. “Activity around cyber will only accelerate in the SME space through 2018.”
SMEs also weighed in about their concerns over business interruption (BI) risks. BI ranks as the top risk for small enterprises (33 percent of responses), up from second place (27 percent) in last year’s report. BI was listed as the second most important peril for medium-sized companies, although this has been displaced by cyber incidents as the most important risk in 2018.
“It’s no surprise that BI ranks prominently in the SME risk rankings, as threats are multiplying and the consequences cannot be underestimated,” said Markovina, explaining that supply chain disruption is just one element of BI risk that can affect SMEs. “Maintaining sufficient on-hand inventory levels, avoiding geographic concentrations of suppliers, monitoring mergers and acquisitions among suppliers and avoiding production specialization that leads to outsourcing can all be crucial mitigation strategies in event of an interruption.”
According to the wider conclusions of the survey’s 1,911 respondents, BI and cyber incidents interlink as the major threat facing companies. (An article on this aspect of the report was published on Feb. 5 on InsuranceJournal.com)