The SHA Cyber Security survey found that 42.5percent of businesses do not have adequate anti-cyber-attack procedures in place. It found that around 60percent of SMEs impacted suffered a financial loss of between R50000 and R1million. It's also been reported that up to 60percent of SMEs never recover after a significant cyber-breach.
Many SMEs still don't realise the importance of pro-actively managing their cyber-risks. The SHA Cyber Security survey shows that around 52percent of brokers are still finding it difficult to sell cyber insurance policies to their clients. This indicates that more than half of business owners are still not taking adequate steps to protect their organisations.
Cybercriminals target SMEs that hold valuable business data, such as personal customer or financial information. These small businesses often do not implement the stringent online security measures that large corporates have in place.
Beyond the risk of downtime and loss of income, SMEs that do not properly manage their cyber-risks through insurance and precautionary measures could also face crippling liability claims from clients and company stakeholders that suffer damages as a result of a cyber-breach. Other risks include substantial damage to networks and IT infrastructure as well as significant reputational damage that could severely hamper the future growth of the business.
Having insurance that covers an SME's cyber, privacy and reputational risks and liabilities has now become just as vital as insurance against fire or theft. Business owners need to start viewing these types of policies as standard requirements, for any venture cyberattacks are after all just another form of theft.
At the bare minimum, business owners should look for policies that cover their liabilities and legal costs following a breach. The cost of restoring data and expenses related to hiring specialists and investigators, loss of business income and crisis management should also be covered.
“This is where a broker becomes indispensable, a good broker will be able to put together a policy that covers all the potential risks that a SME is exposed to, while keeping premiums as affordable as possible.
"One of the first things that business owners need to do is educate themselves on the cyber-risks that they face as these are constantly evolving. Business owners should regularly read up about cyber-crime to ensure they are informed about the latest tactics being used by criminals. The more you know, the more likely you are to spot a threat.”
It is vital to raise cyber-risk awareness among staff members, implement proper password management policies, consult security specialists, limit access to sensitive information and invest in adequate safety tools.
Last, small business owners need a very clear strategy for how to react if a cyber-attack is in fact successful, the strategy should include a Disaster Recovery or Business Continuity plan. Being unprepared for cyber-related incidents has quickly become one of the biggest business risks, and SME owners need to take note of this if they are to survive in the years to come.
Santho Mohapelo is a digital distribution specialist at SHA Specialist Underwriters.