Norton is tipping an increase in the number of small businesses taking out insurance against cyber attacks.
A survey of more than 1000 small business owners and operators revealed “some quite interesting data" about the uptake of cyber insurance (cover for the costs associated with an attack) by businesses, according to Mark Gorrie, Pacific region director of Symantec's Norton business unit.
Only 14 percent of small businesses said they already had cyber insurance. That number masks a big difference between what are sometimes called microbusinesses (one to five employees) where just five percent have cover, and their slightly larger counterparts. Almost a third (30 percent) of businesses with six to 20 employees have cover.
Related findings were that businesses with at least one in-house server are more likely (23 percent) to have cyber insurance, as are those with turnover of at least $1 million or annual IT expenditure of $6000 or more (30 percent).
Regardless of their size, more small businesses are likely to take out a policy during 2017: eight percent of microbusinesses and 33 percent of those with at least six employees are planning to get cover next year.
Nineteen percent of businesses that currently have or have held a cyber insurance policy have made a claim. Gorrie pointed out that this situation contrasts with other types of insurance (such as against fire or theft) where it is very common to have cover but claim rates are relatively low.
One possibility is that small business owners don’t realise how crippling a cyber attack can be. According to Gorrie, the cost of dealing with mandatory breach notifications (a legal requirement to inform customers and other parties of security breaches) in certain US states has driven some affected small businesses to the wall. The Australian Government has recently introduced similarly legislation into parliament, and “I think the numbers [in favour of having insurance] will start to stack up in that situation,” Gorrie told BIT.
"Insurance is not your sole defence," he warned, and Norton still recommends endpoint protection. Insurance companies will probably offer discounts to policyholders following good practices, and charge more to renew a policy after a claim – as happens with several other types of insurance – he suggested.
But cyber insurance could be an affordable mitigation for small businesses that can’t afford the sophisticated and expensive technological protections that are within the financial reach of larger organisations.
Norton and its parent company are working with insurers such as CGU to provide bundles of products and services to reduce the risk associated with cyberattacks and quickly recover from the financial cost of cyber events.
“Cyber security has become one of the biggest issues facing small to medium size businesses and individuals today and it's not going away. At CGU, our role is to help our customers mitigate against potential risks that could essentially put them out of business,” said CGU national underwriting manager for professional risks Najibi Bisso.
“At CGU, we understand how important it is for small businesses to protect themselves from the threat of a cyberattack and that's why we’ve developed a CGU Cyber Defence product which provides broad coverage for customers and includes a cyber incident response service. Cyberattacks aren't going away so, if you're a business with a digital presence, make sure you're protected for when an event occurs.”