Cyber-crime is a risk faced by all businesses regardless of their size, and is becoming increasingly sophisticated as technology progresses. Within the UK economy SMEs represent over 99% of businesses, many of which do not have specialist knowledge in preventing cyber-attacks.
Daniel Pearce, Financial Services Analyst at GlobalData, commented, ‘‘This makes SME’s an ideal target for criminals, as the required sophistication of the attacks is minimal when compared with those carried out against large businesses. Yahoo and Equifax have both been victims of high-profile hacking cases in recent months, which demonstrates the challenge for SME’s as even company’s with specialist IT departments are susceptible to cyber-crime.’’
Despite this clear threat results from GlobalData’s 2017 SME Insurance Survey reveal that the take-up of cyber cover among small businesses has stalled after a couple of years of reasonable growth. Furthermore, industry experts have noted in response that it remains difficult to find traction for this product and successfully make the cover tangible to customers, with businesses tightening purse strings.
One way in which the benefits of cyber insurance and the risks around cyber-crime can be made demonstrable is in the approach taken by CFC Underwriting, an emerging risks and niche markets specialist. In partnership with Cyber Risk Aware it has launched a programme for policy holders to provide training on cyber risks and in particular phishing emails.
The software developed by the partnership allows employees to experience a number of different styles of phishing emails, whether these are templated versions of “known-to-work” phishing emails or customized to replicate the style of emails the business typically receives. CFC Underwriting estimates that approximately 38% of the claims it incurred in 2016 could have been prevented by educating staff on how to deal with cyber risks.
Pearce added, ‘‘The partnership between CFC Underwriting and Cyber Risk Aware could represent a shift in the cyber insurance market, with insurers looking to take preventative measures by working alongside SMEs to educate staff rather than simply reacting post cyber-attack. There is also potential for such training to assist with the accuracy of premium pricing. Cyber Risk Aware provides feedback for businesses on the performance of employees; this in turn could be utilized by insurers to identify SMEs that are high risk and price premiums accordingly.’’
|