Last month, Allianz Global Corporate and Specialty published its seventh annual risk barometer, a look at the top business risks in the eyes of risk managers globally. According to Allianz Risk Barometer 2018, for the first time, cyber incidents—described as cybercrime, IT failure, and data breaches—are the number one concern for U.S. risk managers and the number two concern for risk managers worldwide.
Cyber incidents are reportedly the most feared trigger for business interruption, the business risk that tops the charts worldwide and highlights business leaders’ concerns about an increasingly interconnected global economy.
Small businesses worry about cyber risk
One notable insight from the report is the increasing concern among smaller businesses about cyber incidents. In 2016, the report noted that enterprises with under $250 million in annual revenue ranked cyber incidents the sixth-highest risk, with the number rising to second in 2017. That indicated an acute increase in awareness of cyber incidents’ potential to affect business operations, reputations, data assets, and the bottom line.
A Verisk survey conducted in 2017 shows a similar high level of trepidation at the individual-consumer level. An astounding 91.5 percent of people surveyed are concerned about personal cybersecurity and/or that their devices might be hacked. The Verisk survey showed a small percentage of consumers feel that their data and personal information are safer with a small or midsize retailer than with a large organization. Fifty-two percent saw no difference.
Ransomware, data breaches, denial-of-service attacks
Widespread ransomware campaigns, social engineering–related data breaches, and denial-of-service attacks in 2017 brought the types of cyber threats most likely to affect small businesses into national headlines. Those opportunistic cyber incidents are carried out very often by hackers and criminals using mass distribution. Smaller businesses can be easy targets because of their potentially basic IT infrastructure, limited information security oversight, minimal formal social engineering, and lack of data security training.
Verisk found that 64 percent of data breach victims are businesses with under $250 million in annual revenue. An Intermedia study—Crypto-Ransomware: Survey of IT Experts—found that 78 percent of ransomware attacks affect companies with under a thousand employees.
Cyber risk-transfer products for small business
Until recently, cyber risk transfer products for the insurance market were typically developed for larger risks. The ISO Commercial Cyber Insurance Program from Verisk is an insurance program designed for businesses with up to $250 million in annual revenue. The program includes first- and third-party coverage under a single aggregate limit and is a short-form advisory application that addresses questions relevant to small and midsize businesses. It also facilitates informed pricing decisions using our detailed, data-driven rating plan.
In addition to cyber solutions for small businesses, ISO offers a suite of products for larger commercial, nonprofit, and government organizations; financial institutions; media firms; and publishing companies. To learn more about the ISO Commercial Cyber Insurance Program, email cyberinsurance@verisk.com.