'Petya' will make you 'WannaCry' if your company’s data is compromised

Cyber insurance is an effective way to manage the risk of cyberattack, but it’s surprisingly underused.

In a recent survey, more than half of small and medium-sized businesses lacked any kind of cyber insurance. (Photo: Shutterstock)

What do the odd-sounding names of Shadow Brokers, WannaCry and Petya have in common? They were behind recent massive security breaches. Shadow Brokers made off with NSA hacking tools; WannaCry and NotPetya are both strains of ransomware that infected computers all over the world.

These security breaches made headlines around the globe and plenty of others have compromised millions of consumers’ information. Here are the four breaches that directly affected the most consumers, all of which have taken place in the past few years.

Although these breaches received a lot of media attention, most of the news stories pretty much ended with the breaches themselves. What happens – and what needs to happen – after the breach created relatively little discussion. That, in my opinion, is a problem.

Related: 5 tips to prevent and mitigate the effects of identity theft

There is a cybersecurity disconnect

According to a recent study by Argo Group, there is a big disconnect between the threat of a cyberattack and preparations to counter that threat. Curiously, only four in 10 believe their company is a potential cyber target despite nearly two-thirds of the respondents (63%) saying they have experienced some form of a cyberattack.

More than half (57%) of small and medium-sized enterprises (SMEs) surveyed lack any kind of cyber insurance. The future doesn’t look much better. Six in 10 SMEs do not believe their current cybersecurity is adequate, but only 27% of SMEs report they are “likely” or “very likely” to purchase cyber insurance.

Cyberattacks are expensive

I might understand such a disconnect if data breaches were relatively inexpensive. I could imagine that companies have simply conducted a cost-benefit analysis and decided that the investment in insurance wasn’t worth the cost. However, the average consolidated cost of a data breach (including the hundreds and thousands of small ones you’ve never heard of) in 2016 was $4 million, according to IBM. That is no small amount, and you can be sure that larger breaches cost much more.

With that kind of potential liability, one would expect a reasonable manager to spread the risk, perhaps through insurance. However, that does not seem to be happening as often as it should.

Related: Threat from cyber hackers is growing, U.S. grid regulator says

Cyber coverage creates satisfied customers

There may be another reason more companies have not considered cyber insurance: Perhaps cyber insurance policies don’t perform up to customer expectations. If another cost-benefit analysis had demonstrated that insurance wasn’t worth the expense or doesn’t perform as desired, the insurance option would be certainly be less attractive.

Nevertheless, that doesn’t seem to be the case. Companies that have cyber insurance appear to value and use it. According to Argo’s study, 36% of respondents with cyber coverage had filed a claim with their provider in the past 12 months and more than one in five companies with cyber insurance policies were hoping to expand their policy coverage.

SMEs that have a cyber insurance policy are highly satisfied.

Related: New study urges comprehensive approach is needed to manage cyber risks

One size does not fit all

Cyber insurance options are customizable and can be adapted to a company’s size and needs. It is also not the only solution to mitigate the risk from a cyber event. Security solutions like risk assessment and management are among the services most demanded by clients.

Although data breaches get a lot of media attention, those responsible for managing data security need to prepare for the next cyberattack because it is coming.

Simon White is senior vice president and head of cyber at Argo Group. He can be reached at simon.white@argogroupus.com.

Recommended Stories