News Room

What You Need To Know About Cyber Insurance For Your SME

Author: Megan Ellis
Date: 2017-06-22
Cybercrime is becoming an ever-more real threat for SMEs. What risks do you face and can you get cyber insurance? We take a look...
As the digital sphere integrates more into our lives and businesses, there are cyber risks that come with it. This is especially true for businesses, which now not only face the threat of criminals in the area, but also criminals on the web. Cybercrime is consistently on the rise, with ransomware becoming particularly prevalent in 2016. So what are the risks your company faces from cybercriminals - and can you get cyber insurance to protect yourself?  

Cyber Risks for Businesses: Ransomware

While you may think that cyber criminals would focus on big companies, smaller businesses are actually an easier target. This is especially true when it comes to ransomware - a type of malicious software (malware) which encrypts your files. Hackers hold these files ransom - only granting you the encryption key if you pay them. These hackers often ask for Bitcoin, with some asking for as much as one Bitcoin. This doesn't sound like much - until you realise that one Bitcoin is worth over R35 000. Small businesses are a prime target - not only do they have more money than the everyday individual, but often their networks and servers aren't as protected as large businesses'. Furthermore, files are much more important for businesses than individuals. This is because they hold valuable information and records needed by owners. This compels them to pay up to decrypt their files. Malware is often loaded onto your network through employees - often, unwittingly. If your employee downloads an infected email attachment, for example, the ransomware can make it onto your system. There are anti-virus solutions from companies like Kaspersky. But ransomware and anti-ransomware software are essentially in an arms race. Once anti-virus companies find a solution, hackers find a workaround or develop more advanced ransomware - and the cycle continues.

Cyber Attacks on Businesses

Ransomware is not the only way that cybercriminals can attack a company. If the goal is to impact the company's business by taking down services, hackers use other strategies. For websites and online services especially, Distributed Denial of Service (DDoS) attacks are particularly common. This is when your server becomes overloaded with traffic or requests from hackers - meaning your actual customers cannot access your services. Your online resources are essentially overwhelmed, meaning that your services can't be used. Since hundreds to thousands of devices are used during a DDoS attack, it's not as simple as blocking one user. Even large companies and government websites are impacted by these attacks. This often happens when they get on the wrong side of hacktivist groups like Anonymous. Depending on how long the attack lasts, this can cost you valuable income. For example, if you provide online shopping or online booking, a DDoS attack can cost you thousands by preventing customers from buying from you. There are other ways hackers can also affect your website - sometimes by fully taking control of it. They will usually 'vandalise' your website, post on your behalf on your social media accounts and sometimes delete all your data.

Cyber Insurance: A Solution?

Since cybercrime is becoming an increasing threat to businesses, there are insurance options available. These policies usually go under the name "cyber liability cover". There are various forms of cyber insurance, however. Depending on the cyber insurance policy provider, these plans cover businesses for cyber attacks and cyber extortion. This includes helping with the loss of income and the increase in operating expenses due to a cyber incident.
"We should also be mindful of the impact from the loss of corporate data and information such as intellectual property and proprietary information, which in the hands of a competitor or even an extortionist can severely disadvantage business," insurer American International Group (AIG) says on their website.
While more policies are becoming available, SHA says that this aspect of SME insurance is often overlooked locally. The insurers, however, emphasise that it can be vital for some businesses.
"An SME may not be able to afford a messy legal battle following a breach or two weeks of down-time following a hack attack," Candice Sutherland, Business Development Consultant at SHA says.
Some cyber insurance plans also provide PR support to help a company's reputation after a cybersecurity breach. If you are interested in getting this type of insurance, make sure that the policy covers you against the various risks your company faces in terms of cyber breaches.

Call us on 021 204 8110

Other Precautions

If you would like to take preventative measures to reduce the risk of a cyber attack, there are a few precautions you could implement.
  • Training your staff in cyber security awareness so that they don't download malware. You can also teach them to not be tricked by phishing scams.
  • Backup all your information and records regularly on a machine that is not connected to the rest of your network. This will mean you have your files safe and secure on another hard drive in the event of a ransomware infection.
  • Implement up-to-date and strong firewalls to prevent unauthorised access.
  • Make sure that there is adequate anti-virus protection that can cope with the latest threats.