The cyber insurance market is expected to grow, by a lot. Researchers at PricewaterhouseCoopers predicted in 2015 that the market would hit $7.5 billion in annual premiums by the end of the decade (and at least $5 billion by next year).
With recent high-profile attacks like WannaCry, cyber insurance demand is spiking as corporations look for ways to safeguard against the financial fallout of an event. All businesses are at risk, but according to Ross Pounds, digital marketing executive at Kingsbridge Contractor Insurance, some firms are more exposed than others.
“We’ve seen numerous cybersecurity breaches over the last 12 months across big organizations and entire countries, but people don’t realize that small businesses and independent professionals are just as, if not more, susceptible to the same risks,” he recently told PYMNTS.
Kingsbridge is looking to address that concern with the launch of a cyber insurance product for smaller firms. In a statement announcing the solution, the firm’s COO, Dorian Zanker, said it’s a response to a changing strategy against cybercrime.
“The days of relying solely on antivirus software are gone,” he stated. “The number of advanced persistent cyber threats is rapidly going up.”
While SMBs are just as vulnerable to cyberattacks, and may not be equipped to endure such an attack as well as a larger organization may be, Kingsbridge’s newest tool is designed for a particular kind of SMB: the independent contractor.
“Now more than ever we all exist in a digital world,” Pounds said. “The contractors and freelancers we look after at Kingsbridge are no different.”
Cyber insurance, he explained, protects the contractor and her or his employees, but also “focuses on the unique risks contractors face.”
Pounds cited data from the Assn. of British Insurers, which found that three-quarters of SMBs have experienced some type of cybersecurity breach in the last year. For independent contractors, the executive noted, the consequences can be dire.
“Any kind of cyberattack is likely to stall a business, but given that contractors are solely reliant on themselves for their livelihoods, they are particularly at risk,” he explained.
“Contractors, in general, are more aware of the risks their businesses face than a “traditional’ employee,“ Pounds continued. “That being said, they remain more vulnerable than a large business because they are seen as easy targets. It’s unlikely that an individual will have the wealth of experience and deep pockets needed to keep themselves as digitally secure as a big company.”
Indeed, smaller companies can be just as vulnerable, if not more so, to cyberattacks than larger enterprises, despite some believing they may not be at risk because they are so small.
But experts are looking to dispel that myth. Last year, members of Congress heard testimony from experts outlining SMBs’ cybersecurity risks. George Mason University adjunct law professor Jamil Jaffer told policymakers in the House Small Business Committee that the fact that small businesses are less able to protect themselves against cyber crimes makes them more vulnerable. Another expert, Nisos Group Cofounder Justin Zeefe, agreed.
“Malicious hackers follow the path of least resistance,” Zeefe said.
Earlier research from Nationwide found 80 percent of small businesses operate without a cyberattack response plan.
“We’re still in the state that ‘it won't happen to me,’” Nationwide Associate Vice President Tony Fenton told reporters when the research was released. “Maybe they don’t perceive themselves as a target. But a look at the research shows that they are as much of a target as a large company.”
That report found 40 percent of SMBs do not believe their company is at risk of a cyberattack whatsoever.
Pounds said he has seen this troubling trend among independent contractors.
“Most people, contractors included, do tend to operate under the assumption that they don’t want be the victim of a security breach and, as such, probably aren’t fully aware of the havoc one can cause,” he said.
Education, he said, can be an effective tool for these companies to get protected.
“I think in general most companies do still need educating about the importance of appropriate [cyber] cover,” he said, adding that “cybersecurity is in a constant state of flux and is always changing.”
“When one gap is plugged, another tends to open up,” he continued. “Hyper-vigilance is very important. Being aware of the possibility of a security breach is half the battle.”