Michael Drummond, Head of Cyber and Tech E&O at At-Bay answers 3 questions on myths, trends, and the evolution of cyber risk insurance and threats
When contemplating cyber risk insurance for small businesses, it’s first important to understand the cyber threat environment and how cybercriminals operate. The reality is that most cybercriminals are lazy, and the attacks themselves are not very sophisticated to execute. In other words, cybercriminals are generally looking for “low-hanging fruit” when selecting victims, and small businesses are often easy targets because they lack the expertise and/or resources to combat constantly-evolving cyber threats.
Small and medium-sized business (SMB) owners have plenty on their plate in terms of serving customers and growing their businesses. A cyber attack can be detrimental to the hard work invested in building their company. That’s where cyber risk insurance can be very effective at transferring this risk to experts who are able to get SMBs back on their feet quickly after an attack. For many small companies, the cost of responding to and remediating a cyber event could be the difference between staying afloat or closing their doors. This is why it’s critical for SMBs to consider insurance as part of their risk management strategy.
The most notable trend is the rising frequency of cyber incidents against small businesses, along with the rising costs of cyber incidents over time. Companies are attacked much more frequently today, and there’s no indication of this slowing down any time soon.
The attack methods remain constant whether against small or large businesses – nobody is safe in today’s cyber threat environment. Most often it’s an open port allowing easy access to systems, an unpatched software vulnerability that is simple to exploit, or social engineering events such as email phishing that enable an attacker to gain a foothold in the network or to commit financial fraud.
As for tailored cyber risk insurance solutions, not all coverage is created equal. Cyber is a dynamic risk that requires specialty products for the most comprehensive coverage. And coverage should extend beyond the insuring agreements in the policy wording to additional cybersecurity services that will help companies prevent attacks and manage cyber risk.
Both cyber risk insurance coverage and the underwriting of cyber risk has evolved substantially in the past few years. Insurers that utilize technology in their underwriting process in order to better understand the risk of companies in their portfolio are the most well-positioned to deliver better outcomes.
Additionally, cyber risk insurance coverage is no longer limited to the insuring agreements in the policy form, and cybersecurity services offered alongside the policy coverage are becoming even more important. This is especially true for small businesses, which often, through no fault of their own, lack the resources to stay ahead of the curve. Companies should be partnering with insurers that not only provide comprehensive coverage, but also offer cybersecurity services and access to security products that help them protect their business.
Ryan Schaffner, Bold Penguin’s Senior Product Manager, answers questions about our HawkSoft Agency Management System (AMS) integration.
We recently hosted a Bold Penguin "Coffee with Carlos" webinar and sat down with a member of biBERK’s auditing team to discuss a few ways agents can prepare customers for audit season. We’ve included some of their tips and videos below.
We’ve compiled a list of frequently asked questions that have bubbled up while interacting with our current and future Terminal users. Below are just a few of the questions we’ve answered, in no particular order.