You click on a link and a ransomware message pops up on your screen, demanding payment before your computer’s contents can be unlocked. What do you do?
Your business is hacked and customer information is stolen. Who should you call?
You’ve mistakenly transferred $80,000 to someone you believed to be your CEO, only to find out later you were swindled. What now?
Standard business insurance won’t compensate for losses related to a hack, ransomware, malware or social engineering fraud, yet these are the risks faced by SMEs every day.
And where there’s risk, there’s insurance.
An online-only cyber insurance company Edmund Insurance has launched in Australian offering SMEs cyber insurance.
Edmund co-founder Richard Smith said small businesses were often ignored by big companies offering security products, yet are amongst the most vulnerable in terms of an attack.
“SMEs are becoming increasingly aware of security risk, and also aware about cyber insurance but they didn’t really understand it. The process of buying cyber insurance was just too difficult,” he told Information Age.
Smith says the insurance, which is underwritten by Munich Re Syndicate at Lloyd’s, can be purchased online in about 10 minutes and cover begins immediately.
KPMG provides the emergency response to policy holders’ cyber incidents.
There is an optional extra for social engineering fraud, also known as business email compromise fraud.
This is your CEO, wire me $200,000
Social engineering fraud involves tricking someone into believing you are someone they know, in order to benefit financially, for example, by having money transferred to you.
Ransomware is the most common fraud, but social engineering is the fastest growing.
“Social engineering fraud is very much a human risk,” said Smith.
Richard Smith, co-founder of Edmund Insurance
“A business can have all of the security measures in place, but it won’t prevent that social engineering fraud-type risk.”
Smith says social engineering fraud cover adds about $1,000 to a policy.
Not all businesses will be eligible for this cover, which poses a series of probing questions into the operations of the business, such as:
· Does the person responsible for IT security have a formally recognised qualification in IT?
· Do you store, process or transmit Payment Card Data (including both credit and debit cards)?
· Do you back up critical data at least once a week?
Not pretty
According to PWC, cyber crime costs the global economy more than $400 billion a year – and the cost is growing.
It estimates that cyber insurance will be a $7.5 billion industry by 2020, up from just $2.5 billion in 2017.
Many of the businesses hit are SMEs, which in Australia make up 94% of all businesses.
Smith said the companies that sign up for its cyber insurance generally have 5 to 50+ employees and a maximum revenue of $20 million.
Since launching the insurance product in April, Smith says none of the businesses that have bought its policies have experienced a breach.
“I’m sure when we speak in about six months’ time, there will be a number of claims which I’ll be able to talk you through,” he said in an ominous prediction.