For small and medium-sized businesses (SMBs) the evolving cyber insurance landscape can be particularly challenging to navigate.
With the rise in ransomware attacks and their associated costs for many organizations there is a place for cyber insurance as part of their business coverage. IBM’s Cost of a Data Breach Report 2022 noted that the average cost of a breach in the US is $9.44m.
“Responding to a major cyber incident is not a solo sport. When a ransomware attack or business email compromise (BEC) occurs, you need security experts and financial support to respond in the most effective manner possible,” noted Jason Rebholz, CISO at Corvus Insurance.
In 2021, a CNBC survey of US businesses found that only about 26% of small businesses reported having cyber insurance.
“Due to the lack of protection and cyber insurance, more often than not these smaller size companies struggle to survive after falling victim to a cyber-attack and are forced to close their doors permanently. We resolve this catch-22 for small businesses by not only securing them from cyber-attacks but by enabling them to qualify for and providing insurance against them,” noted Dor Eisner, CEO and Co-Founder, Guardz.
In January 2023, Guardz launched plans to expand its cyber insurance line of business to specifically focus on small businesses. The company has raised $10 million in seed funding led by Hanaco Ventures, with participation from iAngels, GKFF Ventures, and Cyverse Capital. Guardz was founded in 2022.
“The smaller companies that Guardz caters to generally lack proper cybersecurity, and yet cyber insurance companies won’t cover SMBs with no security, leaving this segment in a bind. This is a huge untapped market Guardz aims to address,” Eisner said.
Guardz has developed a cybersecurity and protection platform for small companies, which it notes many of whom sit in high-risk industries possessing sensitive data, such as law, healthcare, financial services and retail.
Another challenge facing small businesses is the cost of premiums. In the UK it has been found that pricing increased 102% in the first quarter of 2022, driven mainly by ransomware, according to Marsh.
“For small businesses, cyber insurance is generally handled by either the business owner, an employee who takes responsibility for the company’s IT, or an external IT supplier (MSP). Guardz specifically caters to small businesses of 20-250 employees who do not have a dedicated CISO,” said Eisner.
He explained that their solution will assist companies with low IT proficiency who cannot afford to pay for, or manage, complicated and expensive platforms that are typically used by larger enterprises.
Eisner believes that in the next 5-10 years cyber insurance will be an industry standard, like business insurance.
Speaking to Infosecurity, Rebholz provided advice on what businesses, of any size, should consider when taking out an insurance policy: “Businesses should work with their insurance brokers to understand what type of cyber insurance policy is right for them and the risks they face as a business. The cyber threat landscape is vast and impacts different industries in different ways. Tailoring your insurance policy helps to ensure you are properly covered for the risks you face.”