Whitepaper explores cyber risk modeling for SMEs
The whitepaper encourages insurers to step beyond their traditional role with SME clients and also serve as cybersecurity consultants.
Small and medium-sized enterprises (SMEs) may be unlikely direct targets for large cyber threats, but the interconnectedness of the digital world means they are still vulnerable to the ripple effect of these attacks – especially since many SMEs lack appropriate cybersecurity resources.
Despite being smaller operations, SMEs create almost two-thirds of new jobs and account for 44% of economic activity in the United States, according to Cowbell. Recently, the cyber insurance provider released a new whitepaper – “Modeling Catastrophic Cyber Events” – which aims to help SMEs prevent and recover from potential cyber disasters.
While no systemic cyber event so far has been catastrophic enough to rival non-cyber events like the COVID-19 pandemic and 2008 economic crisis, the paper states, the scope of the cyber ecosystem means it’s imperative to consider how to best prepare for and model these events if digital catastrophe strikes.
The whitepaper encourages insurers to step beyond their traditional role with SME clients and also serve as security consultants, “thereby establishing clear and quantifiable risk-sharing mechanisms between policyholders, private insurers, and the government, and increasing the overall resilience of the cyber ecosystem.”
In analyzing an SME’s risk, Cowbell suggests insurers take into account the unique considerations for these clients, including:
- Ideologically motivated bad actors are less likely to directly target SMEs. While inside, individual attackers are always a possibility, SMEs generally fall outside of the circles of significant influence that would put them on larger attackers’ radars.
- The quality and security of an SME’s digital touchpoints are most significant measures of exposure for these clients.
- Swaths of the SME market at-large are still behind in the adoption of cyber insurance and monitoring technologies, which can leave them exposed to risk.
- Modeling risks for SMEs involves considering the types of threat actors, types of systemic cyber losses and technological mitigation.
A full copy of Cowbell’s whitepaper, “Modeling Catastrophic Cyber Events,” can be found here.