In a business environment that seems chronically susceptible to breaches, purchasing cyber-risk insurance may sound like common sense. Yet despite the historic increase in data breaches in 2014, a new survey has revealed that more than two-thirds (67%) of small and medium-sized businesses (SMBs) are not aware that dedicated cyber-insurance even exists.
Further, according to Software Advice, only 2% of SMBs surveyed actually hold cyber-insurance.
The results come even as it has been shown again and again that SMBs are more at risk than large companies to the after-effects of a data breach: With fewer resources to handle the fallout, an attack can put them out of business. However, juggling the demands of already-small budgets and narrow profit margins can discourage the purchase of potentially expensive cyber insurance. Plus, cyber-insurance products are often complex and expensive, and can contain many exclusions.
The area of greatest concern is understanding the business’s own liability for a breach, cited by 31% of respondents.
“Clearly, the thought of being on the hook for millions of dollars is highly persuasive to many,” Software Advice noted, in its report.
A knowledge of insurance premium costs is a relatively distant second, cited by 20% of the sample, while factors such as understanding the likelihood of a breach or knowing exactly what the policy would cover lag even further behind. Almost one-fifth (19%) said that they would never purchase cyber-insurance, unless required by law.
The confusion doesn’t stop there: Only 33% of SMBs are “very confident” that they understand the financial cost of a breach itself (e.g., fines, lawsuits or legal fees). A further 40% hedge their bets, claiming to be “moderately confident” that they understand the costs of a breach, while the remaining 27% (combined) are much less secure.
After defining cyber-insurance to the SMB decision-makers in the survey, Software Advice found that a majority of SMBs are at least a little interested in cyber-insurance. A combined 52% said that they are either “very,” or “moderately” intrigued, with a further 32% “minimally” intrigued—for a total of 84% expressing some level of curiosity.