Why SMEs are increasing their cyber insurance budgets

“Cyber insurance is now a necessity and not a luxury for organizations."
22 June 2020

The cybersecurity insurance market is predicted to reach US$28.6 billion by 2026. Source: Shutterstock

  • Last year, ransomware victims collectively paid out more than US$1.3 billion to attackers
  • SMEs are vulnerable targets as cybercriminals aim to gain access to larger companies through smaller firms 
  • The cybersecurity insurance market is set to hit US$28.6 billion by 2026

Various industries across the globe are dangerously vulnerable to cyberattacks. While attacks on high-profile targets like airlines, hospitals, and retailers typically make the headlines, analysts are sounding the alarm on the rising number of cybercriminals targeting smaller firms — especially those with close links to big corporations. 

Insurance specialists, Beazley PLC has revealed that over 60% of the ransomware attacks the company documented in 2019 were targeted towards small and medium-sized enterprises (SMEs). 

Meanwhile, anti-virus software company Emsisoft has estimated that businesses have collectively paid out more than US$1.3 billion to ransomware attackers in 2019 alone. Analysts also added that other factors are likely to cost businesses money, including the downtime and disruptions that can last for days or weeks, costing even more than the ransom demand itself.

SMEs are vulnerable to a range of cyberattacks as criminals are increasingly eager to take advantage of a company’s technical weaknesses and their employees. This is especially true in the current climate where a disparate workforce is commonplace. Bad actors can attempt to infiltrate to find any personal information on customers, including their email addresses and credit card details to commit fraud, or even sell their personal information on the dark web. 

Research has also suggested cybercriminals view SMEs as possible entry points to gain access to the network of a larger company. Often, the damage and recovery costs of businesses having to deal with the aftermath of malicious attacks leads to not only plummet productivity, but in some cases, to deteriorating trust between firm and clients. 

Even though advanced cybersecurity systems are marrying emerging technologies like AI, cloud, and quantum computing, organizations that believe security starts and ends with just a set of purchased technology tools are leaving themselves more vulnerable than ever. 

The evolving cyberthreat landscape signals the need for a more holistic security plan and an additional layer of protection against a myriad of malicious activities. 

Soaring cases of pandemic-induced cyberattacks, along with an increase in mandatory legislation regarding cybersecurity, are expanding the global cyber insurance market.

Aware of the ‘inevitable’, SMEs are looking to have cyber insurance that can help cushion the blow of an attack. 

The cybersecurity insurance market is predicted to hit US$28.6 billion by 2026, based on a report by Allied Market Research

A new survey found that while companies of all sizes plan to inject more funding into cyber insurance, SMEs are earmarking more of their budgets for cyber insurance in the coming years as compared to large companies. 

The Economic Impact of Cyber Insurance survey by Cowbell Cyber found that 65% of SMEs plan to increase their spending on cyber insurance in the next two years, while 58% of large enterprises plan to do so. This is based on the responses of 1,009 businesses and major industries such as healthcare, retail, telecom, and hospitality were found to be under covered. 

On average, close to half — about 45% — of businesses expect to experience a security breach over the next year. Hence, equipping themselves with cyber insurance is another means of added security. 

“Cyber breaches are no longer an ‘if’ scenario but rather a ‘when’ scenario. Our analysis of the survey results shows that cyber insurance is becoming increasingly popular for SME organizations that want to protect their assets and accelerate the response and recovery process in the aftermath of a cyber incident, ” Isabelle Dumont, VP of Market Engagement at Cowbell Cyber said. 

“Cyber insurance is now a necessity and not a luxury for organizations,” she added.