Use the below code to add this video to your website.
The idea that cyber criminals only target large companies with a wide footprint and more assets is “profoundly wrong,” experts say, as cyber attacks are becoming a growing threat for small and medium-sized firms.
“A lot of them think, ‘Well, I read about these breaches, but it's big companies, and therefore I don't really need to worry about it.’ And that is just profoundly wrong,” said Tom Wetzel of Thomas H. Wetzel and Associates in the latest episode of The Insuring Cyber Podcast. “They have to take it seriously, and they have to understand what their risks are going forward. They're significant.”
According to a recent Small Business Administration survey, 88% of small business owners felt their business was vulnerable to a cyber attack. Even more alarming is that according to a recent Verizon data breach report, small businesses are the target of nearly half of all cyber attacks.
“The fact is everyone, in one way or another, is using technology or is a technology company today,” said Rob Meyer, founder and partner at Atlanta based, multi-family real estate developer Catalyst Partners, in this podcast episode. “The way we all do everyday business in the modern world makes us susceptible to risk.”
Meyer is one of TEKRiSQ’s small business clients. TEKRiSQ specializes in helping small and medium-sized businesses make improvements that minimize their technology risks, and Bill Haber, co-founder and head of business strategy, said in this episode that a lot of these firms are underserved by cybersecurity.
“We do think that cybersecurity is missing the mark, and I don't think we're alone,” he said. “Small businesses are sitting ducks and their trusted advisors, the insurance professionals, have got to help them move faster to solve this problem.”
This means agents selling cyber need to understand cybersecurity risks in much more detail than they do now, according to Wetzel.
“They can't counsel clients about cybersecurity unless they understand it themselves and practice what they preach,” he said.
For insureds, however, it’s important know that insurance companies likely won’t provide coverage to a small business unless demonstrated steps are in place to protect the company, educate staff and monitor for attacks.
“One of the first questions that an insurance company's going to ask is do you have a written plan? What happens if you have a breach? And what steps have you already taken?” he said. “Cybersecurity is now a core vulnerability for any small business. It's something that they have to take seriously and address seriously.”
Haber agreed.
“Cyber underwriters, they deal with this every day, and they've started to take a pass on companies that aren't doing the basic things they need to do to protect themselves,” he said.
However, Meyer added that this can be easier said than done for many small companies and brokers alike who are fairly new to the space.
“This is a new space for a lot of people like us, and even for our insurance broker,” he said.” I would say it's much more prevalent than I thought it was, and that's been eye-opening … there are a lot of companies that have just really not addressed this, and to Bill's point, those small and medium-sized companies are really sitting ducks right now. They've got to take it more seriously.”
Haber said this means hiring a trusted advisor as a third party if someone isn’t available in-house to do independent analysis, profile risks and make affordable recommendations within realistic budgets.
“It's not something that we can cultivate in-house. It's something that you really need to go to an expert for,” Meyer agreed. “That's not something we ever really spent much time thinking about, but it's going to be so important in the future for all companies to be focused on this.”
Check out the rest of this episode to find out what else Tom, Bill and Rob had to say, and be sure to check back for new episodes of The Insuring Cyber Podcast publishing on Insurance Journal TV and Apple Podcasts every other Wednesday along with the Insuring Cyber newsletter. Thanks for listening.