The $600 000 question

Issue 7 2022 Information Security, Security Services & Risk Management, Financial (Industry)

Usman Choudhary.

Cybercrime continues to be a persistent and pressing issue for small businesses. In fact, according to the National Cyber Security Alliance, nearly 60% of small businesses that experience a cyberattack shut their doors within six months.

Despite the rise in risk, many small businesses remain vulnerable to cyberattacks due to a lack of resources and – surprisingly – a lack of knowledge of the threat. Moreover, a recent survey uncovered that just 19% of companies possess cyber insurance, which can be devastating should bad actors circumvent your company’s defences.

Before we dive any further into the case for cyber insurance, let’s first discuss how cyber insurance works and who can benefit from a policy.

How does cyber insurance work?

Cyber insurance is a policy that helps an organisation pay for any financial losses incurred following a data breach or cyberattack. It also helps cover any costs related to the remediation process, such as paying for the investigation, crisis communication, legal services and customer refunds.

Who needs cyber insurance?

While all businesses can benefit from having cyber insurance, small businesses frequently lack the coverage, usually because of the cost, time involved in finding a provider, and lack of understanding of the importance of a cyber insurance policy.

The need for cyber insurance

It’s no surprise that bad actors are getting more cunning and creative when it comes to targeting businesses – and small businesses are usually the bullseye of their predatory plan.

Beyond the reputational risk involved, the cost of a cyberattack can be devastating. Today, data breaches can reach more than $600 000, while the average cost to investigate and recover from an attack is approximately $2,4 million.

With the constant and ever-increasing threat of potential cyberattacks, many companies are applying for cyber insurance, which generally covers a variety of attacks, including:

• Data breaches.

• Business email compromises.

• Cyber extortion demands.

• Malware infections.

• Ransomware.

• Network business interruption.

Not so fast…

Before applying for cyber insurance, you must first show that your business has implemented a long list of cybersecurity technologies and practices, such as multifactor authentication (MFA) and endpoint detection and response (EDR), to get coverage.

Multi-factor authentication: MFA is a security technology that combines two or more independent credentials: what the user knows, such as a password; what the user has, such as a security token; and what the user is, by using biometric verification methods to create a layered defence, making it more difficult for a bad actor to access a target, such as a physical location, computing device, network or database.

MFA is highly effective at thwarting bad actors. A study by Microsoft found MFA provides an added layer of security that can block up to 99,9% of attacks stemming from compromised accounts.

Endpoint detection and response: EDR uses endpoint data collection software installed on machines to constantly monitor, flag and respond to cyber threats like ransomware and malware. If suspicious activity is detected, the system is triggered. EDR can also automatically block malicious activity to temporarily isolate an infected endpoint from the rest of the network to stop malware from spreading.

Protecting your business, your employees and your customers is your responsibility. When you’re ready to protect your business from a potential cyberattack, be sure to do your research and choose a reputable partner to implement MFA and EDR technology. However, it’s important to remember that obtaining cyber insurance is not enough. You must constantly monitor your business, stay informed on the latest cyberattack trends, and train your employees on cybersecurity with a comprehensive security awareness training programme. Do your part to stay on top of potential risks and protect your employees, your customers and your business from bad actors.

Find out more at

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Understanding the power of digital identity
Access Control & Identity Management Security Services & Risk Management Financial (Industry)
The way we perceive business flourishing is undergoing a paradigm shift, as digital identity and consumer consent redefine the dynamics of transactions, says Shanaaz Trethewey.

Access & identity expectations for 2024
Technews Publishing IDEMIA ZKTeco Gallagher Salto Systems Africa Regal Distributors SA Reditron Editor's Choice Access Control & Identity Management Information Security AI & Data Analytics
What does 2024 have in store for the access and identity industry? SMART Security Solutions asked several industry players for their brief thoughts on what they expect this year.

What you can expect from digital identity in 2024
Access Control & Identity Management Security Services & Risk Management
As biometric identity becomes a central tenet in secure access to finance, government, telecommunications, healthcare services and more, 2024 is expected to be a year where biometrics evolve and important regulatory conversations occur.

Prepare for cyber-physical attacks
Gallagher Information Security Access Control & Identity Management
As the security landscape continues to evolve, organisations must fortify their security solutions to embrace the changing needs of the security and technology industries. Nowhere is this more present than with regard to cybersecurity.

Zero Trust and user fatigue
Access Control & Identity Management Information Security
Paul Meyer, Security Solutions Executive, iOCO OpenText, says implementing Zero Trust and enforcing it can create user fatigue, which only leads to carelessness and a couldn’t care attitude.

Passwordless, unphishable web browsers
Access Control & Identity Management Information Security
Passkey technology is proving to be an easily deployed way to bring unphishable, biometric-based security to browsers; making identification and authentication much more secure and reliable for all parties.

Time is of the essence
Information Security
Ransomware attacks are becoming increasingly common. Yet, many individuals and organisations still lack a clear understanding of how these attacks occur and what can be done to secure their data.

All aspects of data protection
Technews Publishing Editor's Choice Information Security Infrastructure AI & Data Analytics
SMART Security Solutions spoke to Kate Mollett, Senior Director, Commvault Africa, about the company and its evolution from a backup specialist to a full data protection specialist, as well as the latest announcements from the company.

The song remains the same
Sophos Information Security
Sophos report found that telemetry logs were missing in nearly 42% of the attack cases studied. In 82% of these cases, cybercriminals disabled or wiped out the telemetry to hide their tracks.

How hackers exploit our vulnerabilities
Information Security Risk Management & Resilience
Distractions, multi-tasking, and emotional responses increase individuals’ vulnerability to social engineering, manipulation, and various forms of digital attacks; 74% of all data breaches included a human element.