Small and medium businesses are at a disproportionately high risk of financial losses owing to cyber-attacks, says Gargash Insurance Managing Director Mustafa O. Vazayil. “Each one of us today is vulnerable to cyberattacks – be it individuals or businesses. While large businesses are more aware of such risks and most of them have sought protection through a cyber insurance cover, a majority of individuals and MSMEs seem to be in denial. Large firms typically have well-drafted procedures and insurances to shield them from losses in case of cyberattacks. Small and medium enterprises, on the other hand, have limited information and security resources to tackle such challenges. In some cases, cyberattacks can lead to lasting damage to SMEs.”
Individuals and SMEs, therefore, need to start looking at how they can protect their data or vulnerability and financial loss arising from cyber theft or attack, added Vazayil.
Cyber incidents have the potential to damage both the bottom line and the reputation of a company. In recent years, with the rise in digital transactions and use of the internet for personal and professional use, cyber incidents are deemed to be one of the leading risks to businesses worldwide.
The challenges are pronounced for small and medium businesses, whose simple acts of using a POS machine, digital payment gateways for financial transactions, or perhaps, using the digital forms of data storage and communication make them vulnerable to cyberattacks.
A cyber insurance policy offers protection to both individuals and businesses from internet-based risks such as hacking, data breaches, and losses resulting from problems with IT infrastructure.
According to Statista, the global cyber insurance market is rapidly growing. The market size is expected to increase from around $8 billion in 2020 to $20 billion by 2025.
Talking about some of the common misconceptions about this type of insurance, Vazayil said, “Small businesses believe a firewall or strong passwords will protect them from cyberattacks. But that is not true. We have seen accounts being logged in remotely and hacked. Small businesses and individuals also make themselves vulnerable by accessing or transacting over open source or public WIFI systems.”
The 2023 NetDiligence Cyber Claims Study shows 98 per cent of claims worth $1.6 billion were made by SMEs with less than $2 billion in annual revenue. The study assessed 9,028 claims, arising from incidents that occurred during 2018-2022. The report also highlights that ransomware and business email compromise were the two leading causes of loss. They accounted for 46 per cent of claims during the five-year period 2018-2022, and nearly 56 per cent in 2022.
As per Swiss Re Institute, cybercrime is expected to cost $8 trillion to the global economy in 2023. This figure is expected to grow incrementally as technology makes further inroads into our lives and businesses. Cybersecurity Ventures, a researcher and publisher covering the global cyber economy, predicts that global cybercrime damage costs will grow by 15 percent per year in the near term, reaching $10.5 trillion annually by 2025, up from $3 trillion in 2015.
Even though there is no data available for the region or the UAE in particular, the global data reflects the growing challenges to business locally, too.
“Cyber insurance coverage plays a significant role in mitigating risks stemming from digitalization. In the case of SMEs, insurance helps absorb shocks and manage risks associated with irregular income. All in all, protection against cyber threats can make SMEs resilient to shocks,” notes Vazayil.
Cyber insurance offers different levels of covers. In some cases, for instance, insurance can pay to the hackers who lock company technology systems, or it can help offset the cost of responding to data breaches.
Gargash Insurance had launched cyber insurance more than 15 years ago with international experts AIG. Yet, this remains a niche category among individuals and SMEs. In Gargash’s portfolio, a negligible percentage of small and medium businesses have bought cyber insurance. This largely reflects industry trends.
Organizations, especially the small and medium ones, must understand the risks to their businesses, assess the gaps and cover them through insurance, concluded Vazayil.