Globally, cyberattacks are on the rise and more small businesses are being targeted. According to the World Economic Forum, cybercriminals often target smaller companies that serve larger clients. SMMEs that serve critical infrastructure providers and global corporations are particularly at risk, as are those with systems that integrate into regulated industries like insurance, healthcare, banking, and credit monitoring.
For these smaller companies, the implementation of robust cybersecurity measures, and insuring against the effects of a breach are often constrained by budget. However, these costs must be factored into monthly operational costs, says George Parrott, a partner at King Price Insurance.
Parrott lists seven reasons why SMMEs need to invest in cybersecurity and insurance:
The actual cost of a breach: While IBM reports that the hard costs related to data breaches increased during and after the pandemic, it’s often difficult to define the real cost of a security breach, which includes intangibles like loss of trust, reputation, and loyal customers.”
Remote and hybrid work: IBM notes that, in 2021, the remote and hybrid work set-ups necessitated by Covid-19, which have since become the new norm, contributed to the highest average cost of cyber incidents in 17 years: $4.24 million. This is a full 15% increase from three years prior. In addition, breaches cost $1 million more when remote work was a factor, compared to companies that retained full in-house capabilities. These figures represent global statistics but, if you apply the current Rand/Dollar exchange rate, it becomes apparent that these numbers need to be taken seriously.
More mobile devices: There are now billions of connected devices, and each presents an opportunity for cybercriminals. Every new Bluetooth speaker and smart appliance, for example, represents a potential entry point for a cyberattack.
Increasing uptake of apps and AI tools: Time-savers like PDF and image conversion apps are handy but, if they’re not officially sanctioned, they’re known as ‘shadow IT’ because they could be doorways for cybercriminals to enter uninvited.
Cybercrime consortiums: Modern hackers have forums, networks and tools, and they work together to find technical vulnerabilities.
Time taken to detect: On average, it takes nearly 287 days to detect and contain a data breach. A solid cybersecurity and insurance strategy can reduce this time, helping businesses to bounce back faster.
Trust: When a company’s customers know that the security of their data is prioritised it helps to build trust – an important pillar for ongoing relationships.
Implementing sound protection against cybercrime has a myriad facets and if SMMEs don’t have adequate technical IT skills in-house, it makes sense to outsource these functions to a specialist company. At the very least, SMMEs should have a few security protocols in place, including firewalls, documented cybersecurity policies, ongoing employee education, enforced safe password practices, and regular data back-ups.
It’s important to bear in mind, though, that these are protections – not guarantees.
As both local and global SMMEs grapple with cybersecurity challenges, the World Economic Forum’s Global Cybersecurity Outlook Report 2024 states that more than 30% of organisations that are breached, report a reduced inability to deal with attacks. This supports the argument in favour of partnering with IT security professionals to help prevent breaches, as well as with insurers that offer protection and support in the wake of breaches.
“As SMMEs integrate into the global digital ecosystem, they encounter new risks and vulnerabilities. Any organisation that holds the personal information of clients or employees – which by default includes every single organisation – or which has access to systems operated by external parties must start prioritising cybersecurity. A failure in this regard threatens the organisations as well as the wider ecosystems that they operate in,” says Parrott.