Should small businesses be worried about cyber-attacks? Or is the craze around cyber-activity just a phase that will pass? Unfortunately, cyber-crime is very much real and it is here to stay. In fact, considering more than a third of Canadian firms do not report carrying cyber insurance coverage, cyber-crimes may become the biggest pain in the side of business-owners for years to come. Not only do cyber-attacks happen more now than ever before, they can have absolutely devastating consequences.
A 2018 study by Scalar Security demonstrated that smaller businesses in Canada had become more susceptible to breaches last year and that they were down for a cumulative 59 hours. Now, that might not seem that bad on the surface. A cumulative 59 hours throughout a year? Some business owners might think they could take that hit. However, those 59 cumulative hours turned into an average lost revenue of $1.1 million.
That certainly puts things into perspective. Even larger corporations in Canada would not scoff at over a million dollars in lost revenue – an amount that can absolutely decimate a smaller firm. Considering that mainstream trends point to cyber-crime becoming an increasing part of modern life going forward, protecting against it should be priority number one for many businesses.
Why, though, the sudden increase in attacks on smaller businesses? What has changed? Miki Ho, a cyber risk underwriter for Beazley Canada, notes that the strategies employed by hackers are changing in a way that threatens the safety of smaller businesses.
Ho notes “what has caught the attention of small business is the cyber extortion element of the policy … for small businesses, that’s the area of claims that we’ve really seen on the rise.” This is in-line with the changes in approach that hackers have taken. Whereas previously bigger businesses were targeted for larger sums of money, there has been a shift to seek quick scores on a smaller scale.
Ho continues “in the past, what we saw is the hackers would demand the equivalent of $100,000 to $1 million in bitcoin.” Bitcoin, amongst other cryptocurrencies, has become the favoured payment method for hackers because it is untraceable; however, it is not a simple process to obtain bitcoin. If you are not particularly tech savvy, it can become an entire ordeal to make these payments even if you wanted to.
This trend of going after larger businesses is changing. According to Ho, “now what they (the hackers) are doing is going for those quick wins. So, they will look at a small business and say, ‘if they are able to pay the equivalent of $500, they are likely to pay that, and they are likely not to notify the authorities.’” Therein lies the issue – once a small firm caves into this request, the hackers know they can keep coming back to this business.
Fighting back can also be really difficult for smaller firms. Most small firms these days have limited IT budgets meaning that either there is no in-house IT team or, if there is, it’s quite limited. Moreover, smaller firms – especially those just starting out – have yet to develop relationships with law firms, large tech companies, or public relations organizations so that they can better navigate a breach of this nature.
How, then, can a small business deal with such an attack? What does insurance get you? For one, a cyber policy will grant small business owners immediate access to an experienced breach response team. Furthermore, a good cyber policy will also mean that small business owners, in the event of an attack, will have available to them lawyers, IT forensic experts, and public relations representatives in addition to a breach coach that will help coordinate everything. Suddenly, a small business now has similar defence to a much large corporation.
If you were to ask a small business owner how they would respond to a ransomware attack on their business, they may respond with skepticism. Whilst that skepticism may have been warranted years ago, it no longer is – cyber insurance should be viewed now as any other important insurance policy. In the next 5 years, it may even be viewed as more important. The trends don’t lie – why not get ahead of the problem instead of playing catch-up to it?
Cyber risk is growing – it grows with the advancement of technology on a seemingly daily basis. As far as policies go, it is incredibly economical – frequently in the several-hundred dollar range for base coverage. What’s a few hundred bucks to safeguard against millions lost? To learn more about how to best move forward, contact one of our licensed brokers at