Less than 3% of SME’s have cyber insurance
Businesses are now more reliant than ever on technology to operate, whether they are using remote networks for remote-working, paying suppliers by wire transfer, or storing sensitive data online.
At the same time, two-thirds of small-to-medium-sized businesses in Canada have not been able to spend on technology infrastructure, leaving them even more vulnerable to cyber attacks.
And finally, the number of cybersecurity incidents reported in Canada and across the globe has continued to grow at an alarming pace.
Buying a standalone cyber policy is a smart decision for your business, now more than ever. Here are additional reasons why:
The average cost of data breaches in Canada rose 6.7% in 2020
You get cybersecurity tools and support
For most small-to-medium sized businesses, having a robust in-house IT security team isn’t always possible, or even necessary. But this can leave you without a place to turn in the event that the worst does happen. Cyber insurance is a highly cost-effective way to gain access to the support you need in order to both prevent and respond to cyber events. Most cyber policies come with a number of proactive risk management tools, such as employee cybersecurity training programs. A good policy will also give you access to IT experts, forensic specialists, PR firms, lawyers, and more, and often with a nil deductible
Over half of all cyberattacks are aimed at small-to-medium sized businesses
While the headlines focus on major security breaches at major companies, over half of all cyber attacks are aimed at small businesses, they just don’t make it to the news. What you don’t often hear about is the local law firm that mistakenly transfers $100,000 to a fraudster after being duped by a social engineering scam or the doctor’s office unable to use their computer systems for days because of a destructive malware attack. Cybercriminals see smaller organizations as low hanging fruit because they often lack the resources necessary to invest in IT security or provide cybersecurity training for their staff, making them an easier target
Your employees will probably click on something they shouldn’t
The fact remains that humans are the weakest link in the cybersecurity chain no matter how hard we try – approximately three quarters of the cyber claims involve some kind of easily-preventable human error. Theft of funds, ransomware, extortion and non-malicious data breaches usually start with a human error or oversight such as clicking on a phishing link, which then allows cybercriminals to access your systems from the inside.
You aren’t covered under other lines of insurance
Property policies were designed to cover your bricks and mortar, not your digital assets; crime policies rarely cover social engineering scams – a huge source of financial losses for businesses of all sizes. Professional liability policies generally don’t cover the first party costs associated with responding to a cyber event. A good standalone cyber policy is designed to cover the gaps left by traditional insurance policies, and importantly, comes with access to expert cyber claims handlers who are trained to get your business back on track with minimum disruption and financial impact
Cyber insurance covers far more than just data privacy
Many businesses think that cyber insurance won’t be useful to them because they don’t collect sensitive data. However, more than 50% of cyber claims come from events unrelated to breaches of privacy, and any business that uses technology to operate is vulnerable. Two of the most common sources of cyber claims aren’t related to privacy – funds transfer fraud is often carried out by criminals using fraudulent emails to divert the transfer of funds from a legitimate account to their own, while ransomware can cripple any organization by freezing or damaging business-critical computer systems.
Cyber insurance pays more claims than any other type of insurance
CFC has paid more than 1,500 cyber claims in the last 12 months, a number that eclipses previous years and is steadily growing, and the vast majority of these are from small and medium sized business. In fact, it was recently revealed that 99% of cyber insurance claims were paid in 2018, which means cyber has one of the highest claims acceptance rates across all insurance products.**
Information like this shows that cyber policies are doing what they set out to do, which is provide broad coverage for a range of technology and privacy-related risks affecting modern businesses, all backed up by proactive risk management and expert incident response and claims handling.
Source: CFC Underwriting
What All Cyber Criminals Know:
Small & Midsize Businesses With Little or No Cybersecurity Are Ideal Targets
- More than half of all cyberattacks are directed at SMEs, and that number is steadily increasing.
- 93 percent of small and midsize enterprises (SMEs) that have experienced a cyber incident reported a severe impact to their business.
- Almost all reported a loss of money and savings.
- 31% reported damage to their reputation, leading to a loss of clients, as well as difficulty attracting new employees and winning new business.
- Nearly half reported an interruption in service that damaged their ability to operate.
- In spite of these figures, less than 3 percent have cyber insurance.
- Top Six Reasons you need Cyber Insurance
- Security Tips for Organizations With Remote Workers
- Cyber Security Advice and Guidance During COVID-19
- 10 critical elements of data protection
Businesses most commonly store personnel records, customer details, loyalty program details, financial information, and payment details. Being proactive and taking steps to secure this information can help protect your company, its customers, and reduce the risk of liability.
Are you taking the right precautions?
Clients often ask what types of cybersecurity measures they should adopt as a business. CFC spoke to their underwriters and security team to see how clients can get an A+.
- Canadian Cybersecurity Trends Study:
Familiarizing oneself with the types of cyber threats that an organization faces is a key factor in being prepared for a cyber security incident.