By 17 March 2022 | Categories: Misc



Business News sponsored by the Samsung Galaxy S22 series:

Cybercrime is spiking around the world and the stats are rather alarming. Cyber-attacks on businesses have doubled in the past year, cyber criminals are penetrating more than 90% of company networks, and it can take up to half a year even to detect a breach. This is why cyber insurance is becoming so vital to businesses everywhere.

But, before you dive in, there are five key points you need to know about cybercrime and insurance, says cybercrime guru Dan Thornton. The military veteran is the CEO of cybersecurity awareness training platform GoldPhish, which has vast experience in teaching businesses and their people how to protect themselves from cyber risks.  

  1. Cybercrime is more widespread than you think – but don’t panic about Russia

The global cost of online crime was around $6 trillion in 2021, when the world saw 50% more cyber-attacks per week on corporate networks than the year before. Tech giant Cisco is estimating that ransomware attacks alone have cost in the region of $265 billion in damages globally in 2021. And experts believe these numbers will rise sharply in 2022.

Increasing threats are expected to grow the cyber insurance market from roughly $8.5 billion in 2021 to $14.8bn in 2025 and $34bn by 2031, according to Cybersecurity Ventures.

“This means every business, regardless of its industry, needs to be ready to fend off cybercrime. Businesses need to be prepared on the prevention side by making sure that their staff are cyber savvy, and on the damage mitigation side by making sure they have adequate insurance in place to cover cyber losses and liabilities,” says Thornton.

While some companies may be impacted by exposure to Russia, Thornton warns the public not to panic about sensationalist reports of a “Cyber-Armageddon” due to the Russia-Ukraine war. “SME business owners should ignore the hype and rather get back to implementing the basics right. The fact is very few companies are likely to get targeted as an act of war,” says Thornton.

Instead, small businesses should remain focussed on “basic cyber hygiene” by implementing simple technical controls, having security procedures in place, and training their people in security awareness.

  1. What cyber insurance is – and what it is not

In a world where cyber threats are happening thick and fast, cyber insurance is designed to help organisations get back on their feet after something went wrong. “Cyber insurance is important, but just remember, it’s a post-crisis recovery solution. It needs to go hand in hand with prevention strategies,” says Thornton.

Cyber insurance is a specialty financial solution intended to protect businesses from internet-based risks, information technology infrastructure breakdowns, and devastating events such as systems failures, cyber-attacks or data breaches. It also protects businesses from regulatory and legal fallouts.

“Suffering a cyber-attack as a business is a matter of ‘when’, not ‘if’, and it is impossible to completely eliminate the risk of an attack, regardless of your strategy. Businesses must prepare for worst case scenarios and weathering of storms - this is what insurance is for,” says Thornton.

On the flipside, businesses need to understand that cyber insurance will not instantly solve all of their cyber security issues, and it will certainly not prevent disaster. “Just remember, as homeowners with household insurance are expected to have adequate security measures in place, organisations must protect what they care about.”

  1. Cyber insurance can save your business

According to Accenture’s Cost of Cybercrime Study, 43% of cyber-attacks target small businesses, but only 14% are prepared to defend themselves. Meanwhile, a survey of more than 1300 business owners in 2018 found that a staggering 83% of SMEs in the United States were not financially prepared to recover from cyber-attacks. “With cybercrime now at an all-time high, all businesses need to have the financial safeguards in place to survive any form of cybercrime,” says Thornton.

In the rapidly digitised post-COVID world, businesses can go under if they don’t have cyber insurance. This is because most businesses simply don’t have the cash buffers to recover from the loss of data, IT assets or infrastructure, and trading hours, when they do fall victim to cyber-attacks.

“The most common types of attacks on small businesses include phishing and social engineering that rely on human gullibility, compromised or stolen devices that impact a business’s digital resources, and credentials theft that involves the theft of passwords and identity – and you’d be surprised to see how devastating these events can be,” says Thornton.

  1. Do you know the risks if your staff are not cyber savvy?

Just one employee clicking on a malicious link or opening a dangerous attachment in a convincing phishing email could bring an entire business to its knees from a cyber-attack, often resulting in the company closing its doors forever.

“It’s a fact that human error is the biggest cybercrime risk factor for businesses. So, if your staff isn’t savvy, and they inadvertently open you up to attack, it could be harder to convince your insurer to pay out after a breach,” says Thornton.

Purchasing an insurance policy will require providing information about your security controls. This may include technical, procedural, and human controls. Some insurers offer discounts if your organisation already has recognised cyber security defences in place and some will deny coverage altogether if you are unable to demonstrate a basic level of “cyber hygiene” and are deemed to be too high risk, says Thornton.

“Your staff’s hyper vigilance, understanding of the threat, and willingness to report their suspicions is imperative to staying secure. Don’t relegate the issue to your IT staff - every employee now has a critical role to play,” says Thornton.

  1. There are different kinds of cyber insurance

First party coverage may cover losses such as data destruction, extortion, and theft, as well as hacking, ransomware, denial of service attacks or even systems failure events that cause business interruption losses.

Third party liability coverage in turn may indemnify companies from losses to others that were caused by technology and data protection failures, defamation, regulatory fines and penalties or public relations crises.

“It’s important to have a clear understanding of what your cyber insurance policy covers and what is excluded. For example, some insurance policies will not cover monies lost through business email compromise fraud. Also remember, cyber-attacks evolve all of the time, so find out from your broker if you'll be covered if affected by a new type of attack,” says Thornton.



Magazine Online is South Africa's leading magazine for tech product reviews, tech news, videos, tech specs and gadgets.
Start reading now >
Download latest issue

Have Your Say

What new tech or developments are you most anticipating this year?
New smartphone announcements (44 votes)
Technological breakthroughs (28 votes)
Launch of new consoles, or notebooks (14 votes)
Innovative Artificial Intelligence solutions (28 votes)
Biotechnology or medical advancements (21 votes)
Better business applications (132 votes)