Betty Shepherd,
Divisional Senior Vice President of Cyber Risk
Great American Insurance Group

CINCINNATI – Cyber risk is a hot topic in the SME space. Headlines routinely show the risk involved in breaches of larger organizations, which can lull small companies into a false sense of security. That tees up many of these organizations to become targets of cybercrime.

"Outsourced IT services, a lack of security protocols and training awareness are common in the SME space," says Betty Shepherd, divisional senior vice president of Cyber Risk at Great American Insurance Group. "There is also a misconception that SMEs are not a target, when in fact, these organizations are considered the 'low-hanging fruit' for cyber criminals."

A recent study shows that 61% of businesses with fewer than 1,000 employees have suffered a cyber attack within the last 12 months. "The cost of recovering from a cyberattack is high," says Shepherd. "These costs can include everything from forensic investigation costs, the cost to restore data, legal costs and any potential indemnity costs from liability lawsuits."

The approaches aren't always sophisticated and elaborate. A common method that bad actors use to gain access to a SME network is email. "The bad guy sends an email with a link that contains malware that can be attached to a company's network once it's clicked," says Shepherd. "The employee thinks the email is from a trusted party and clicks on it. You can't underestimate the effects that human mistakes can have on opening up a company to cyber risk."

Brokers play a key role in helping clients understand the true risks. "Nobody wants to purchase more insurance, but the reality is that cyber risk is a real threat to SMEs," says Shepherd. "Carriers can help brokers assist their clients by simplifying policy language, which minimizes confusion about the details of these policies."

Access to the insurance carrier's professional network is a large benefit to the client. The claims department already has relationships with established vendors that are vetted and trained to help SMEs recover quickly from cyber incidents.

"Cybersecurity threats aren't slowing down, and businesses are in a constant struggle to guard against these threats," says Shepherd. "Brokers have to continue to educate their clients on these cyber threats and help them transfer these risks where possible. Carriers have a unique opportunity to simplify the presentation of these policies, which should increase the purchase of cyber risk policies in the SME space."