Although many small and medium-sized enterprises (SMEs) have experienced cyberattacks, most of these organizations have yet to purchase cyber insurance, according to a survey conducted by international specialty insurance underwriter Argo Group.
Key findings from the Argo survey of 200 U.S. and UK SMEs included:
- 63 percent of SMEs have experienced some type of cyber incident.
- 60 percent do not believe their internal cybersecurity processes are adequate.
- 57 percent do not have cyber insurance.
- 27 percent said they plan to purchase cyber insurance.
Large companies are more likely than small businesses to purchase cyber insurance, Insurance Information Institute (III) stated.
However, cyberattacks against small businesses are increasing in frequency, severity and size, III pointed out. If these companies continue to ignore cyber insurance, they may suffer malware, ransomware and other cyberattacks that result in brand reputation damage and revenue losses.
"Without the necessary cybersecurity protections in place, small businesses across a variety of industries – many of which store customer information– are especially vulnerable to cybercrime and fraud," III said in a prepared statement.
Do Colleges and Universities Need Cyber Insurance?
Meanwhile, certain vertical markets are ramping up to address cyber insurance questions. For instance, EDUCAUSE and URMIA recently released the "Cyber Liability Insurance FAQ," a 15-page document designed to help colleges and universities purchase cyber insurance. The FAQ also provides the following best practices to help colleges and universities obtain the right cyber insurance coverage:
- Collaborate with an experienced insurance broker. Work with an experienced insurance broker who understands an organization's cyber risk and can provide expert cyber insurance policy recommendations.
- Perform a security risk assessment. Use a risk assessment to understand an organization's current security controls, as well as security vulnerabilities and improvement areas.
- Deploy security controls. Develop a corporate policy to restrict network access and limit human error; that way, an organization can minimize risk and reduce its insurance premium.
Cyber risks can affect college or university faculty, students and staff. Fortunately, colleges and universities can purchase cyber insurance to manage risk, thereby reducing the possibility of high-profile data breaches that otherwise could put a school, its employees and its students in danger.