The $600 000 question

Issue 7 2022 Cyber Security, Security Services & Risk Management, Financial (Industry)

Usman Choudhary.

Cybercrime continues to be a persistent and pressing issue for small businesses. In fact, according to the National Cyber Security Alliance, nearly 60% of small businesses that experience a cyberattack shut their doors within six months.

Despite the rise in risk, many small businesses remain vulnerable to cyberattacks due to a lack of resources and – surprisingly – a lack of knowledge of the threat. Moreover, a recent survey uncovered that just 19% of companies possess cyber insurance, which can be devastating should bad actors circumvent your company’s defences.

Before we dive any further into the case for cyber insurance, let’s first discuss how cyber insurance works and who can benefit from a policy.

How does cyber insurance work?

Cyber insurance is a policy that helps an organisation pay for any financial losses incurred following a data breach or cyberattack. It also helps cover any costs related to the remediation process, such as paying for the investigation, crisis communication, legal services and customer refunds.

Who needs cyber insurance?

While all businesses can benefit from having cyber insurance, small businesses frequently lack the coverage, usually because of the cost, time involved in finding a provider, and lack of understanding of the importance of a cyber insurance policy.

The need for cyber insurance

It’s no surprise that bad actors are getting more cunning and creative when it comes to targeting businesses – and small businesses are usually the bullseye of their predatory plan.

Beyond the reputational risk involved, the cost of a cyberattack can be devastating. Today, data breaches can reach more than $600 000, while the average cost to investigate and recover from an attack is approximately $2,4 million.

With the constant and ever-increasing threat of potential cyberattacks, many companies are applying for cyber insurance, which generally covers a variety of attacks, including:

• Data breaches.

• Business email compromises.

• Cyber extortion demands.

• Malware infections.

• Ransomware.

• Network business interruption.

Not so fast…

Before applying for cyber insurance, you must first show that your business has implemented a long list of cybersecurity technologies and practices, such as multifactor authentication (MFA) and endpoint detection and response (EDR), to get coverage.

Multi-factor authentication: MFA is a security technology that combines two or more independent credentials: what the user knows, such as a password; what the user has, such as a security token; and what the user is, by using biometric verification methods to create a layered defence, making it more difficult for a bad actor to access a target, such as a physical location, computing device, network or database.

MFA is highly effective at thwarting bad actors. A study by Microsoft found MFA provides an added layer of security that can block up to 99,9% of attacks stemming from compromised accounts.

Endpoint detection and response: EDR uses endpoint data collection software installed on machines to constantly monitor, flag and respond to cyber threats like ransomware and malware. If suspicious activity is detected, the system is triggered. EDR can also automatically block malicious activity to temporarily isolate an infected endpoint from the rest of the network to stop malware from spreading.

Protecting your business, your employees and your customers is your responsibility. When you’re ready to protect your business from a potential cyberattack, be sure to do your research and choose a reputable partner to implement MFA and EDR technology. However, it’s important to remember that obtaining cyber insurance is not enough. You must constantly monitor your business, stay informed on the latest cyberattack trends, and train your employees on cybersecurity with a comprehensive security awareness training programme. Do your part to stay on top of potential risks and protect your employees, your customers and your business from bad actors.

Find out more at

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Industrial control systems under attack
News Cyber Security
According to Kaspersky ICS CERT statistics, from January to September 2022, 38% of computers in the industrial control systems (ICS) environment in the META region were attacked using multiple means.

Top fraud trends to watch in 2023
News Security Services & Risk Management
Even though financial concerns remain a significant obstacle for companies in implementing new anti-fraud technologies, 60% of businesses expect an increase in their anti-fraud technology budgets in the next two years.

Be cautious when receiving deliveries at home
News Perimeter Security, Alarms & Intruder Detection Security Services & Risk Management
Community reports of residents being held up at their gate when collecting fast food deliveries at home are once again surfacing.

OSINT: A new dimension in cybersecurity
Cyber Security
The ancient Chinese strategist Sun Tzu noted, you should always try to know what the enemy knows and know more than the enemy.

Sasol ensures Zero Trust for SAP financials with bioLock
Technews Publishing Editor's Choice Cyber Security Security Services & Risk Management
Multi-factor authentication, including biometrics, for SAP Financials from realtime North America prevents financial compliance avoidance for Sasol.

Building a holistic application security process
Altron Arrow Cyber Security
Altron Arrow asks what it means to build a holistic AppSec process. Learn what’s involved in a holistic approach and how to get started.

Managing data privacy concerns when moving to the cloud
Cyber Security
While the cloud offers many business benefits, it can also raise concerns around compliance, and some organisations have taken the approach of staying out of the cloud for this reason.

Accelerating your Zero Trust journey in manufacturing
IT infrastructure Cyber Security Industrial (Industry)
Francois van Hirtum, CTO of Obscure Technologies, advises manufacturers on a strategic approach to safeguarding their businesses against cyber breaches.

The democratisation of threats
Cyber Security
Bugcrowd looks at some of the primary vulnerabilities the world faced in 2021, and the risks moving forward with growing attack surfaces and lucrative returns on crime.

Protecting yourself from DDoS attacks
Cyber Security Security Services & Risk Management
A DDoS attack, when an attacker floods a server or network with Internet traffic to prevent users from accessing connected online services, can be costly in both earnings and reputation.