Phishing for small fish: Why SMEs need cyber insurance

Cyber criminals don’t go after small fish, right?  Actually, nearly three-quarters of small and medium-sized businesses have suffered a security breach.

A report from the Federation of Small Business (FSB) says cybercrime targeting small and medium-sized businesses costs the UK an estimated £5.26bn a year.

The report also notes that it costs small businesses disproportionately more than big businesses, when adjusted for organisational size.

Cyber criminals love smaller businesses because they have more digital assets than consumers, and less security than larger organisations. In fact, the FSB report found that only a quarter of small and medium-sized businesses have a strict password policy – and just 4% have a cyber attack strategy.

Phishing for small business
The most common cyber crimes affecting small and medium-sized businesses are phishing emails (49%), spear phishing emails (37%), and malware attacks (29%). Other threats include ransomware (where data is seized and encrypted for ransom), hack attacks (where hackers access the company network), and Denial of Service (DOS) attacks which push a huge amount of data to a company’s website to make it crash.

Phishing emails send you to a website that looks legitimate, and ask you to update your account details. The fraudsters can then easily steal your personal information to commit identity theft.

Spear phishing attacks are even more sophisticated, and harder to spot. They target individuals within the organisation, often mimicking their colleagues, by using email headers and addresses to extort money. Statistics from cyber security firm Symantec show more than half of spear phishing attacks last December were against SMEs.

Malware attacks are just as damaging. You might click a link or unknowingly download malicious software (abbreviated to ‘malware’) designed to infiltrate your computer and steal sensitive information, extort money, or send unwanted advertising (adware).

It’s not just stolen funds that business owners have to worry about. There’s also the cost of loss of data and damage to IT systems and networks as well as replacing any stolen or infected devices. There’s the cost of notifying your customers, and in some cases paying compensation, as well as re-building brand confidence through public relations advice and campaigns.

There’s also investigation and legal costs, money spent responding to regulatory bodies and penalties from banks for losing customer credit card data. On top of all this there is the issue of damaged reputation and lost profit while your system is down. It’s a lot to lose and can often destroy SMEs who don’t have adequate cover in place.

It’s clear cyber insurance can minimise the damage caused by a cyber-attack, however, the best policy is to have robust prevention mechanisms in place. This means keeping your IT software and systems up-to-date, training your staff on safe online practices, and implementing formal policies to reduce your risk. Putting in place measures such as these, combined with comprehensive cyber coverage, will help keep your business safe from cybercrime.

Tips for choosing cyber insurance
As with all insurance, it’s important to choose your cyber insurance policy carefully. Check that it includes:

  • Cybercrime cover as standard as it’s not automatically included in all policies.
  • Adequate cover and adequate limits.
  • Cover for first-party risks (including the risk of cyber extortion and ransom demands on your business) and third-party assets (your customers’ data).
  • 24/7 support from cyber specialists which ensures a prompt response meaning you can minimise damage and get back to business sooner.
  • Cover for all your business devices from desktop and mobile through to other electronic office equipment such as printers etc.

To find out more about Cyber insurance and get a quote, contact Guy Penn today on 01253 723456 or email your enquiry to