Cyber attacks can be expensive; the cost to reputation, legal actions against a company and the cost of rectifying outdated IT systems, add up quickly. The large scale cyber-attacks involving millions of compromised user accounts can cost the victim companies tens of millions of dollars.
The average SME is unlikely to have to foot such a bill, but research into the financial cost for an SME of CyberCrime still makes worrying reading. Research globally shows that attacks on SMEs are increasing, often because smaller businesses are unprepared and easier targets. Some research shows the average cost to the smallest of businesses is around €8,000 with small and medium size companies being landed with a bill of €35,000 or more.
Reputation will suffer and you may never win those customers back. There may be legal fees, cost of restitution and perhaps even Data Protection fall-out, and your operation may grind to a halt while you figure out exactly what’s happened. It seems unjust that the per-capita cost to small businesses is far greater than that to large companies dealing with CyberCrime; big businesses can trade their way out of security issues with resources and spending, whereas many small businesses would have to pull down the shutters..
If the worst happens and a small business is the victim of CyberCrime it’s important to react quickly. Locking down systems and if appropriate, contacting financial institutions; the Gardai and Data Protection Commissioner should be amongst the first items on a response plan. Then a business needs to compose a response to communicate to customers or suppliers whose data may have been compromised.
Help can often be found from industry bodies, communications companies and Chambers of Commerce and if you have a Cyber Insurance policy, your insurer should be contacted immediately.
Cyber insurance is growing increasingly popular with small businesses who want to protect themselves from the growing threat of CyberCrime. Your existing insurance broker may well offer Cyber Insurance from specialists like AIG and Hiscox and it’s no longer just large businesses who are insuring against the risks of being online.
Stephen Ridley, Hiscox UK and Ireland’s cyber and data risks expert says, “We have seen both the number of enquiries received and policies purchased increase radically over the last 18 months, with that increase accelerating, especially over the last six months. We are now seeing over three times the number of enquiries that we were at this stage last year.”
While large and multi-national businesses seem most focused on keeping customer data safe and secure, Ridley explains what Hiscox see as the greatest risk to SMEs, “The area of cover that most frequently gives rise to claims is Cyber Extortion. Typically this will be via ransomware, but we have also seen an increase in companies being contacted by alleged hackers threatening to either publish information gathered from a hack, or perform a denial of service attack against the business unless a ransom is paid.”
It’s difficult for insurers to define what a typical claim is, and Hiscox say the volume of data held, the size and complexity of the company’s network and even how prepared a business is for a breach all make a difference.
With so much at stake though, and with so many factors to be considered I suggested to Stephen Ridley that it mightn’t be financially viable for a small business to take out Cyber Insurance, but he suggests insuring against the risk is more accessible than one might think, “When building our product, we wanted to make sure that pricing wasn’t a significant barrier to small businesses getting the protection that they need. As a result, we are able to offer cover from €145 plus levy for the smallest companies – a small price to pay for high quality coverage that provides robust protection”.
Like all insurance, we hope we’ll never need it but in a business world where the risks of being online are growing and the cost of CyberCrime could be catastrophic for a small business, being safe, rather than financially sorry, make good business sense.