Commentary on cyber risk seems to be in the news almost every day. With good reason. Many organisations from the Government, through to consulting firms, business associations and insurers are all trying to raise awareness of the risks that SME businesses face.
The simple fact is that cyber risk and threats are developing and changing. It is a fast-moving area that can seem confusing to anyone who does not have a deep understanding of IT. The risk is ever changing, and business responses need to keep up. That is a challenge.
Financial Impact of Cyber Attacks on SMEs in New Zealand
The average financial impact of a cyber-attack on a business is running at $159,000 according to a survey issued by Hewlett Packard and quoted in Scoop toward the end of 2021. Yet less than 5% of New Zealand SMEs have Cyber Insurance.
While it is always better to avoid an incident, insurance can play an important role in helping if and when an attack happens. Just like cyber threats, cyber insurance is rapidly changing.
What can be covered?
There is no standard insurance policy. Different providers have different offerings, with differing limits but cover is generally available as follows:
● Incident Response – providing cover for IT forensics, legal, breach notification and
any emergency communication required following an event
● Cybercrime – cyber extortion, ransomware attacks, theft of funds, social engineering
e.g. responding to requests pretending to be your CFO etc
● System Damage/ Business Interruption – data re-creation , income loss, extra
expense, hardware replacement or repair
● Privacy Liability – fines and penalties
Critical Additional Services
When you buy cyber insurance you are not just buying insurance for the costs you incur if there is a loss.
As important, if not more so, are the additional services that the cyber insurers will provide, and these can include:
● Pre Policy Risk Assessment – an external review of your systems and
vulnerabilities, undertaken as part of the underwriting process, to help you
understand your risk and mitigations
● Real Time Threat Assessments – some insurers will provide Apps and tailored
notifications on new threats specific to you and your industry
● 24/7 Cyber Response Services – immediate access to cyber response teams with a
range of disciplines to immediately help prevent and/or recover from attacks/incidents.
These services can prove invaluable. When reviewing any Cyber insurance proposal a review of the additional services and response/ recovery support are as important as the premium offering
Cyber is now an established risk for all businesses. It poses a very real threat. The cost in time- and money to recover from an incident can be significant for SMEs. Cyber insurance can play an important role in both helping avoid and recover.
If you would like to talk through whether Cyber insurance can help you manage cyber risk please contact me – firstname.lastname@example.org