Passer au contenu principalCliquez pour consulter notre Déclaration sur l’accessibilité ou contactez-nous si vous avez des questions concernant l’accessibilité.

glasses with binary code

The Prospect of Cyberattacks Got You Nervous? Cyber Insurance Can Help (If You Meet the Requirements, That Is)

What unites many small- and medium-sized businesses regardless of industry? The tendency to underestimate their own vulnerability to cybercriminals – and therefore the need to take proactive security measures.

The truth is that cybercriminals are always going for easy targets – and too often SMBs offer precisely that temptation. Fortunately, cybersecurity insurance is increasingly available to companies large and small, offering a needed layer of protection and a comforting backstop for if the worst happens.

So what’s the catch?

Being insurable means taking some foundational steps so that you can invest in this protective mechanism – as with anything else, insurance companies need to see you nailing the basics in order to view you as eligible. In this piece, we outline what cybersecurity insurance is, why you might want it, and how to take the first steps forward to embracing cybersecurity fundamentals.

What SMBs are up against

What’s the difference between large and small companies with respect to cybersecurity? It’s not size – it’s money. Large Fortune 500 and Global 2000 businesses have the means and the technical talent to shore up their defenses and strengthen their cybersecurity posture; SMBs typically don’t. This is why larger companies saw a bit of a decrease in attacks in 2021 – and it’s also why mid- and small-sized businesses experienced more, according to research by insurer Hiscox. Simply put, the attackers are seeking the faster, lower-effort path with SMB targets – and they’re finding it.

Other experts confirm this trend: cybercriminals are three times as likely to attack these small businesses, contributing substantially to the overall economic gut punch of such intrusions (currently projected to reach $10.5T by 2025).

What’s more: the majority of SMB owners expressed unconcern about the possibility of cyberattacks and confidence in their ability to weather any possible cyber storm, despite research that says exactly the opposite.

What cyber insurance companies are looking for

To get cyber insurance coverage, more and more companies will require some serious cyber hygiene. Every SMB should consider these factors:

Correctly configuring the services your business commonly uses.

One expert noted that more than 80 percent of ransomware attacks are directly correlated to cloud services configuration errors – and posited that cyberinsurance carriers will “require more stringent security controls and policies to contain this threat vector.”

Conducting a risk assessment and creating an incident response plan.

This ensures SMBs understand both their strengths and their vulnerable areas – and have anticipated ways to mitigate the impact of an attack. These also demonstrate a welcome proactive posture to the insurer.

Taking common-sense precautions.

Insurers are actively looking to see that companies have instituted measures which address the most significant areas of concern. For example, ransomware attacks increased 80 percent year over year, prompting a “mandate to enforce multi-factor authentication (MFA) across all admin access in a network environment as well as protect all privileged accounts.”

What SMBs should look for in cybersecurity insurance

It’s true that SMBs have to clear a couple of hurdles to get cybersecurity insurance but it’s equally necessary to ensure the coverage received is comprehensive. In other words, don’t sign up for just any insurance policy.

The Federal Trade Commission (FTC) offers some useful guidance. Must-haves include coverage for data breaches, cyberattacks on data held by vendors and other third parties, network breaches, cyberattacks that occur anywhere in the world, and terrorist acts. Nice-to-haves include the duty to defend, which means the insurer will defend a business in a lawsuit or regulatory investigation.

Consider two different kinds of coverage, the agency urges:

First party: This “protects your data, including employee and customer information” and pays for things like forensic investigatory services plus fees, fines and penalties related to any attacks.

Third party: This “generally protects you from liability if a third party brings claims against you” and includes elements like payments to consumers and litigation costs.

6 ways to be smarter with cybersecurity

When it comes to cybersecurity, there’s no reason to wait to do the smart things that protect a business. The Cybersecurity & Infrastructure Security Agency (CISA) recommendations are straightforward and include:

  1. Educating staff to avoid common pitfalls like phishing and conducting simulations to prepare people for what to do in a cyberattack

  2. Enforce strong password requirements for all and MFA for remote workers and admins

  3. Identifying staff to act as “surge support” to enact an incident response plan in the event of an attack

  4. Backing up critical data and regularly testing backup procedures to ensure data can get back up and running quickly

  5. Automatically updating software to ensure patches and upgrades are made in a timely manner

  6. Using a Managed Service Provider for security services, which offloads more specialized tasks and responsibilities to experts, lightening the load for SMBs

What’s next

Xerox’s cybersecurity experts have advised SMB clients in industries that range from small dental practices to large government contractors. Our assessments provide a neutral, objective, and actionable look at how you’re stacking up against your peer verticals. We pride ourselves on forging a planning partnership, where we collaborate hand-in-glove with clients like you to leverage our real-world experience and body of resources while reducing your cyber risk and meeting business objectives.

Contact us today to learn more about simple steps that will exponentially increase your business’s cybersecurity.

Fingers typing on a laptop keyboard, behind a transparent row of security icons

Xerox® IT Services

We help you manage, maintain and support your entire IT infrastructure.

Articles connexes

  • trucks driving on highway

    La transformation de Triumph Business Capital

    Découvrez comment Triumph Business Capital a bénéficié des Services de TI Xerox pour rationaliser ses opérations et augmenter son chiffre d’affaires.

  • People sitting at tables working on computers.

    Techaisle présente Xerox comme le partenaire d’ARP idéal pour les PME

    Dans un récent article de Techaisle, Xerox a été nommé le partenaire idéal des PME qui veulent un service d’ARP (automatisation robotisée des processus) pour aider à automatiser les flux de travail et solutionner des problèmes complexes de l’entreprise.

  • city lights

    Managed IT Services Non-Profit Case Study

    See how a major housing Nonprofit turned to Xerox for Managed IT Services and grew its capacity to serve at-risk people.

  • Busy, fast paced office. People walking are blurred.

    IT Staffing Solutions

    See how Xerox Staffing Solutions can help you find experts that range from project managers and executives to PowerBI/data engineers & systems administrators; with an extensive network of experienced industry experts in IT and professional services.

  • Students sitting at table looking at laptops

    Opportunities for Success with Gibraltar School District

    Discover how Xerox technology helped the Gibraltar School district increase productivity and reliability while providing the best educational experience and equipping students with opportunities for success.

  • hand working on tablet

    Unleash the Power of Automation to Transform Your Business

    Discover how Xerox® Robotic Process Automation (RPA) Service can revolutionize your business and help you thrive in the era of digital transformation.

Partager