Not only have small and medium sized businesses become bigger targets for Cyber crime than larger corporations, the impact, particularly financially, is far more severe.
Long gone are the days where Cyber criminals would just try to hack big companies, who would have more valuable data to steal and were perhaps not particularly tight on security.
Today, security infrastructure has become top of the agenda, meaning that Cyber criminals have to look for easier prey. Unfortunately, this is usually companies that just cannot afford the cost or impact of a security incident.
Why Cyber criminals target smaller businesses
The Federation of Small Businesses (FSB) has reported that smaller organisations tend to primarily be victims of phishing emails, followed by spear phishing emails and malware attacks.
These types of attacks tend to rely on duping employees into believing an email or request is genuine which leads them to share sensitive information, transfer funds or open files with viruses.
As SMEs often don’t have a dedicated risk management team, or even a Cyber strategy or security policies, it is easy to see how Cyber criminals have so much success. If they don’t have success with one company, there are thousands (millions, even) of more options to choose from.
The digital world has given businesses so much – it has connected them to the global market and enabled them to compete with the corporations. However, it is this competitive advantage that also helps Cyber criminals target small companies.
Details of organisations are easy to find online and contact details of employees freely available. Whereas before hackers only had big companies to target, the market has opened up.
With a cost per incident thought to be up to £115,000, and that set to rise after the implementation of the General Data Protection Regulation (GDPR) in May 2018, it is prudent for all businesses to put Cyber crime at the top of their agenda, and protect themselves with insurance.
Getting started with Cyber risk management
Businesses who are just beginning to manage their Cyber risk should consider a few key areas.
- Nominate someone responsible for risk management
- Create a risk management strategy which includes Cyber crime and lays out all the potential threats and how these can be / are being mitigated
- Implement a robust IT infrastructure, IT security policies and password policies
- Share the policies and biggest threats to the business with staff through internal communication and training.
- For many companies, outsourcing Cyber risk management is the most suitable option for them.
- Insuring your Cyber risks
- As there is now huge amounts of data on how criminals operate, who they target and the types of attacks, insurers are able to provide comprehensive levels of cover for Cyber crime, with pricing more accurate than before. With these ever improving insights, insurers can start to offer better advice and guidance on how to protect yourself from Cyber crime.
As Cyber insurance is a relatively new offering, it is hard for businesses to know what the right level of cover is for them.
Working with a broker who can take you through the available policy options and support your decision in choosing an appropriate level of cover, saves businesses time, money and worry.