Here are five key services cyber insurers might consider adding to their SME cyber risk management programs.

Enhanced inbox security. With cyber threats evolving constantly, popular off-the-shelf protection software may still leave insureds vulnerable to attacks. Most SMEs lack the IT infrastructure to make sure standard inbox protection software packages and updates are installed in all devices and universally maintained. New solutions for small businesses include inbox scanning tools that are automatically updated to check emails for malicious links and the expanding array of attack techniques used by cybercriminals. These systems leverage artificial intelligence to accurately analyze content for signs of social engineering.
Automated browser control features. Effective cyber risk management also calls for robust solutions that block employees from visiting dangerous websites and inadvertently accessing malicious code. They also can encrypt users' web traffic to prevent unauthorized access by potential cybercriminals. Tools deployed by larger employers typically are controlled by their system administrators and prevent employees from navigating to phishing, drive-by-download, and potential malware-infested sites, such as porn, gambling, and other websites unsuitable for work. New generations of these tools help smaller employers without IT resources to address these exposures, which have potentially more catastrophic consequences to their business.
Cyber risk resources for remote workers. For SMEs, as well as all employers, the expanded use of remote workers during the COVID-19 pandemic greatly increased their cyber exposures. To address these heightened risks, small employers can take advantage of solutions that expand firewalls to home devices, public Wi-Fi protections that wrap unencrypted HTTP traffic in HTTPS, and password manager capabilities that help all workers generate more secure passwords. Best practices for managing cyber risks also call for employee instruction and compliance regarding appropriate home routers and settings, suspicious email message and website recognition, and related internal reporting practices.
SME safeguards against vendor/supplier cyber exposures. Large employers have already implemented risk management strategies to address vendor-related cyber-exposures. For instance, they typically insist upon assurances from their SME trading partners with respect to cybersecurity and protection. Similarly, SMEs need to make sure they know how to check the cybersecurity policies and practices of their trading partners, vendors and any suppliers with which they share online data, tools, resources or conduct financial transactions. New online audit tools and interactive best practices checklists can help SMEs comply with customer requirements, as well as assess and manage potential cyber exposures associated with their trading partners.
Trackable employee cyber risk training. Whether an employer's workers are located onsite or perform their duties remotely, training remains a critical element of effective cyber-protection. New educational platforms geared for SMEs provide interactive training modules, including testing based on real-world cyberattacks, phishing simulations, as well as special instructions for remote workers. Completion of this training by individual employees and other workers, as well as their scores, can be monitored and validated centrally by designated managers and supervisors.

The list of cyber risk management tools and resources available to SMEs continues to grow, enabling more of these employers to address the increasingly complex and evolving exposures they face on a daily basis. When paired with appropriate cyber risk insurance, they provide more effective protection against potentially devastating attacks.

Special Reports /

5 keys for SME cyber insurers to improve insured protection and loss experience

Related Stories

Recommended For You