In a predominantly digital-first ecosystem, everything, from opportunities to risks, occurs on the digital layer, including cyberattacks.
One of the most significant data breaches in 2022 occurred at Medibank, an Australian health insurance provider, exposing approximately 9.7 million customers’ personal information. As various countries have established data privacy regulations, businesses must adhere to stringent compliances or incur heavy penalties. Especially in the case of small and medium-sized businesses (SMBs), the damage is more severe compared to large companies in the event of an incident. On an average, SMBs spend between $826 and $653,587 on cybersecurity incidents, according to Verizon’s Data Breach Investigations Report 2021. Given how crucial it is for SMBs to protect their businesses from such risks, cyber insurance policies have become a necessity as they allow them to transfer any risk from cyber incidents to an insurer.
For cyber insurance providers, while the SMB segment has potential, it is relatively untapped. Some of the roadblocks to market penetration for SMBs are inherent challenges such as no standardization of loss data, coverage, and risk quantification. There is a scarcity of actuarial and underwriting data, which adds to the challenges in pricing the premium accurately for SMBs.
Cyber insurance opportunities in the SMB segment
A significant number of cyberattacks are targeted at SMBs and this number is increasing.
While almost all SMBs experienced loss of money, some of them reported damage to their reputation, resulting in a loss of clients or difficulties in attracting new talent. However, only a small share of SMBs have cyber coverage when compared to large enterprises.
Compared to larger organizations, SMBs have a dearth of resources like funding, subject matter experts (SMEs), and sophisticated technologies, making it difficult for them to invest in improving cyber resilience. For insurers, this means that to provide coverage to SMBs against cyber threats, they must improve the cyber resilience of SMBs and minimize the threat impact by taking proactive or preventive measures.
Insurers and their role
For SMBs, partnering with cyber insurance providers is much less costly than setting up in-house security infrastructure.
Here, insurers can play a major role in providing bundled or add-on services with insurance cover. These services can be offered on a subscription basis to SMBs, based on their specific needs or perceived risks. There are different categories of services under prevention, detection, and response. Of particular importance, continuous monitoring services are designed to collect information on threats in real-time, and the same is fed to an insurer’s risk SME for periodic risk monitoring and preventive action, if any.
However, since security prevention service provisioning is not often an insurer’s core competency, it is recommended that insurance providers choose a partner who will bring in the required expertise for such services. This will help the insurance provider to continue focusing on its business.
Choosing the right partner
Insurers must work with partners who can meet the scale of the SMB market and provide local support in different geographies.
Through such strategic partnerships, insurers can educate their staff and increase awareness about cyber risks and vulnerabilities while extending the commercial advantage to SMBs. Insurers can also engage with brokers who have expertise in preventive services and offer them to SMBs along with insurance cover.
Several insurance companies in the cyber insurance business are looking at attractive growth opportunities. However, only those providers that are equipped to help SMBs minimize cyber risks and work hand-in-hand with them during crises, will stand out in the race. While insurers cannot increase premiums beyond a certain limit to cover unknown risks, they must aim to stay ahead of the insured’s risk and take any preventive action needed to minimize claims and improve profitability.
Co-creating value by co-managing risks
With increasing digitalization, SMBs are now more aware of the risks and exposures they face.
This makes them more open to opting for cyber insurance coverage. Insurance companies are rightly positioned to introduce innovative products and address this change. For any insurance provider to succeed in the SMB market, a mere risk cover product is not enough. They must look at the overall risk and the ways to reduce it collectively. In order to stay profitable, it is important for insurance companies to move away from offering price-driven coverage to providing preventive or protection services along with coverage, thereby giving firms more value.