Brokers need to do a better job of securing cyber insurance coverage for their small and medium-sized business (SME) clients, the results of a new nationwide poll conducted by Leger show.
“In the last three years, has your insurance professional spoken to you about cyber insurance for your business?” asked the Insurance Bureau of Canada-commissioned survey of 300 SME owners with fewer than 500 employees. Sixty-five per cent of respondents said no, compared to 23% who said yes and 12% who didn’t know.
It’s also likely that an SME is uninsured against a cyber attack (60% of respondents reported they were not insured, 21% were and 19% didn’t know). In fact, when owners were asked if they have ever considered purchasing cyber insurance for their business, 62% said they no. And half (52%) have no intention of purchasing it within the next year.
All insurance policies are different and cater to each policyholder’s specific needs, which is one reason it is important to understand what an individual policy covers, IBC said. Some coverages include regulatory defence expenses, security breach remediation and notification expenses, forensic investigation and data restoration expenses, and business interruption coverage, among others. The Leger poll, however, showed than more than one-third of respondents didn’t know what expenses were covered in a cyber insurance policy.
The survey results show a troubling protection gap, considering nearly one in five SMEs (18%) polled have been affected by a cyber attack or data breach in the past two years (42% of those with 100 to 499 employees have suffered a data breach during this timeframe). Thirty-seven per cent of businesses hit by a data breach estimate the attack cost them over $100,000 while 20% had no idea of the cost of the breach.
While headlines about large cyber attacks dominate the news, the threat of cyber attacks on small businesses may not garner the same attention. But this type of attack can severely damage or end the business operations of a small shop, IBC noted.
“Cyber attacks are real threats to small businesses that sell products via e-commerce or maintain electronic data about their customers,” said Ryan Stein, executive director of policy with IBC. “A technology system breach containing this information can cripple or ruin a business.”
Stein recommends that SME owners consider their cyber risks and the possibility of legal action against their organizations. “We live in a time when many businesses conduct all of their activities electronically, and the majority of their assets are in the data they collect.”
There have also been several high-profile personal information breaches that have affected tens of millions of records and cost the affected companies millions of dollars.
“Small businesses are not immune to cyber attacks, and these problems are not going away,” Stein said. “We are encouraged, however, that some of these businesses are now beginning to turn their attention to this important issue.”
While 44% of small businesses polled do not have any defences against possible cyber attacks, slightly more (47%) do. Forty-four per cent of SMEs include protection of data and electronic assets as part of their annual business planning, compared to 48% who do not.