Do SMEs need cyber cover?

Do SMEs need cyber cover?

Do SMEs need cyber cover? Smaller companies need not bother with cyber insurance, a new research by Southern California non-profit think tank RAND has suggested.

Sasha Romanosky, analyst at RAND, shared his views on the matter: "If I was a large business then I probably would want to buy cyberinsurance. For most companies it probably isn't all that necessary," TechRepublic reported.

Romanosky cited figures from his August 2016 report, saying that of the $200 billion insurance industry, 1 to 1.5 per cent, or over 70 companies, offer cyber insurance. Rand itself owns cyber insurance to protect its firm of 1,800 employees from hackers.

Romanosky noted a dangerous side effect to purchasing cyber insurance: "There's this moral hazard issue. Once you're insured you might stop taking the precautions, because why should you?”

Romanosky explained why companies should think twice about purchasing cyber insurance: "[W]e estimate the total costs from cyber events at approximately $8.5 billion annually. We find that the typical cost of a data breach is less than $200,000, far lower than the millions of dollars often cited in surveys.” That's far less than fraud involving billing, corruption, financial misstatements, and retail shrinkage, the study showed.

Romanosky also stated his views regarding whether a cyber cover helps reinforce data safety: "Nobody really knows except for insurance companies and they are the only ones who have the data." He said the insurance industry doesn’t seem to pursue this vein of research, due perhaps to a lack of effort or interest or a variety of what he called ‘goofy institutional excuses,’ TechRepublic reported.   

Related stories:
Big business worried more about data loss than hackers – survey
Zurich: SMEs increasingly worried by cyber risk
‘Every large firm to have cyber cover in three years,’ says Marsh leader
3 Comments
  • Simon 17/10/2016 1:31:39 PM
    "Smaller companies need not bother with cyber insurance..."
    Tell that to one of my clients who has just copped $60,000 in software/hardware and service costs after a hack from India. Covered by their policy.
    Just because the likelihood is rare does not mean it won't happen. With that logic why would anyone buy a fire policy? Low chance of it happening right!? Much more likely to have a Cyber loss than a lot of other exposures we talk to clients about.
    Post a reply
  • Andrew 17/10/2016 2:30:22 PM
    Smaller companies might have a greater need as they are more exposed in terms of poorer security, lack of staff rules/knowledge around opening suspect emails and higher financial susceptibility to even small losses.
    Post a reply
  • Robert Cooper 17/10/2016 2:32:11 PM
    It would be very dangerous for any Insurance Broker not to advise their clients of the Cyber exposure their business faces. Unless a business has nothing at all to do with any computers, IT or digital systems, which would be rare, all would have some degree of exposure.

    So do not stop the advice to your clients despite this article.
    Post a reply