Dor Eisner is the CEO & Co-Founder of Guardz, the company creating a safer digital world for SMEs.
Small and medium-sized businesses (SMBs) often lack the resources to fully secure their day-to-day operations, making them a low-hanging fruit for hackers. SMBs were targeted in 43% of all recent data breaches, amounting to nearly $7 billion in reported losses. While SMBs are increasingly adopting comprehensive cybersecurity solutions in light of the rising threat, there is no silver bullet.
Additionally, the potential financial impact of security breaches on SMBs is becoming increasingly dangerous as threats grow more sophisticated. Indeed, financial damage from cybercrime has grown yearly and is predicted to cost $10.5 trillion annually by 2025.
These significant costs have led to the rise of another protective layer—cyber insurance. By providing financial protection against the costs of data breaches, business interruptions and regulatory fines that may occur as a result of cyberattacks, cyber insurance is now emerging as a vital component of risk management.
While it has been a challenge for SMBs to obtain cyber insurance, the rise of tailored policies and the guidance of managed service providers (MSPs) can finally give small businesses more peace of mind amid rising cyber threats.
The Risks Of Not Having Coverage
Compared to larger enterprises, SMBs typically struggle to keep pace with an evolving threat landscape—and to bounce back in the wake of a costly hack. Alongside financial loss, SMBs can face reputational damage, customer trust erosion and potential legal ramifications. A disheartening 60% of victimized SMBs go out of business within six months of a cyberattack.
For this reason, many SMBs may be even more in need of cyber insurance than their larger counterparts. Policies are tailored to cover the most prevalent and costly cyber threats, such as malware attacks, ransomware, phishing, insider threats, data loss, and more, and typically provide the legal coverage SMBs may need in the wake of a hack.
However, my company’s 2023 SMB survey found that nearly one-third of small businesses have no cyber insurance.
Hurdles To Acquiring Cyber Insurance
So why do SMBs frequently lack cyber insurance even as it becomes more and more of a necessity? Some are simply unaware of the need—we found that 44% of SMB owners trust their antivirus solutions alone to fully protects their business, employees and data.
Those who do recognize the need often struggle to identify the type of coverage they require or to allocate the necessary funds, especially as policies become more expensive and businesses tighten their belts. Cyber insurance premiums rose by 61% in 2021 to an average annual cost of $1,589. However, by halfway through 2022, rates rose an average of 25%, with some premiums jumping over 80%. And with cyber insurance premiums predicted to rise between 20% and 30% every year, it is understandable why cost-conscious SMBs might be reluctant to take on the extra expense.
Even when budgets have room for cyber insurance, some SMBs struggle with accurate risk assessment and profiling—in order to insure a business, the insurer must have a comprehensive picture of the risks and liabilities an organization faces. When a business cannot comprehensively record and report its risks for the insurer, it is nearly impossible to offer a fitting policy.
While cyber insurance has progressed greatly since AIG’s inaugural internet security liability policy in 1997, it remains tricky for insurers to assess and underwrite cyber policies, particularly for small businesses. In the big picture of insurance, cyber threats are relatively new and offer less historical data to rely on. Additionally, the digital threat landscape evolves more rapidly than many other standard insurance risks.
The Opportunity For Managed Service Providers (MSPs)
By working with MSPs, small businesses can mitigate many of the challenges they face when seeking cybersecurity protection in general, and cyber insurance specifically.
MSPs, traditionally tasked with managing a company’s IT needs, are increasingly beginning to manage and enhance SMBs’ cybersecurity. MSPs can streamline and enhance risk assessment by continuously monitoring and identifying a business’s vulnerabilities and implementing proactive measures and rapid responses. They can ensure that a stretched-thin SMB’s security posture is continuously monitored, documented and managed, enabling the business to remain focused on its daily operations and continue to serve its customers.
This makes a difference because insurers typically offer robust cybersecurity coverage to businesses that can accurately report that they have proactive risk management in place. By evaluating factors such as coverage limits, incident response support and post-incident services, MSPs have a keen understanding of a business’s risk profile and can help SMBs identify the cyber insurance coverage that best aligns with their operations and goals.
When assessing whether a given MSP is the right match for them, small businesses should consider a few factors. Ideally, MSPs should demonstrate a proactive approach to IT and cybersecurity management, discovering and handling any issues before they escalate.
They should also have the technical expertise and deep knowledge of the IT systems, tools and technologies the business utilizes, as well as the agility to quickly adapt to the business’s evolving needs. SMBs should also check that the MSP’s cybersecurity offering can be tailored to their specific requirements, while also providing the absolute must-haves: protection across the most popular attack vectors, including data, email, devices and users; regular security assessments; employee training; IT infrastructure monitoring; network and endpoint security measures; and a crisis recovery plan.
A Safer Digital Future For Small Businesses
As the threat landscape expands, so too does the need for SMBs to adopt proactive cybersecurity protections and comprehensive cyber insurance. MSPs can help them do both. Cyber insurance provides financial protection, while MSPs can contribute to risk reduction, active protection and incident prevention—a combination greater than the sum of its parts.
By bolstering proactive risk management and incident response with financial safeguards, small businesses can navigate the ever-changing digital frontier with confidence.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
