The Small Business Fallacy – Why You Need Cybersecurity and Insurance More Than Ever

March 17, 2023

A common misconception of small business owners is that they can fly under the radar when it comes to ransomware, social engineering, and other cyberattacks. But it turns out that the opposite is true.  

According to Hiscox’s 2022 Cyber Readiness Report, cybercrime is disproportionately targeting small and medium businesses, with half of them experiencing a breach in the past year and 40% experiencing multiple. That’s bad! But even worse, six in ten small businesses that experience a cyberattack go out of business within one year.  

Ignoring this threat is simply not worth the risk. Businesses must keep up with current trends in both cybersecurity and cyber insurance to be as protected as possible.  

Apptega’s recent conversation with Robert Merva, owner and CEO of the security-focused managed services provider Avrem Technologies, and Mercy Komar, an insurance advisor and risk manager at L. Calvin Jones Insurance, provides insights into what is currently happening in the world of cybercrime and how businesses can best protect themselves. The following is a transcript of the conversation edited for clarity. This is the second part of a three-part conversation. If you missed part one, check it out here.  

Robert Hilson – VP, Apptega: As somebody who’s been in the insurance and cybersecurity spaces for more than 40 years, and has experienced rapid changes in both, what was most challenging in terms of staying up to speed on these fast-moving trends?  

Mercy Komar – Cyber Risk Manager, L. Calvin Jones Insurance: It was difficult for me. I had to take several courses, listen to other people, and do a lot of reading to get myself to the point where I understood what was going on. Since that point, I've been able to keep up with the evolution of the space and share my knowledge with my clients. The most important thing is to ensure your clients buy in on the idea that you must secure your assets and also insure your assets.  

Apptega: Absolutely. And it’s well known that cybercrime is on the rise. In fact, Hiscox recently issued a report stating that more than half of small businesses have experienced a breach in the last year, and four in ten have suffered multiple incidents. Those are alarming statistics, especially when you consider the cost of a breach or a cyber incident. And, of course, insurance companies have responded by tightening requirements and making it much harder and more expensive to obtain coverage.

So, Robert, what are some of the emerging trends that you're seeing in cybersecurity of which businesses should be aware?  

Robert Merva – CEO, Avrem Technologies: I think the biggest change that we've seen recently is simply that GRC (governance, risk, and compliance) law is starting to drive small businesses towards a better cybersecurity outlook and posture. Three years ago, the average cybersecurity insurance application that we helped clients fill out was about one page, maybe two pages, and was primarily regarding top-line revenue. You checked a couple of boxes and that was it – you had your coverage.  

Now, we're seeing applications that are dozens of pages long; they're getting more and more complicated. They're asking for more things. There are now many different systems that are driving businesses toward the outcomes that we've been pushing for as MSPs (managed service providers). Insurance, legal requirements, compliance requirements, and regulations are all essential now.  

Apptega: Mercy, how does that compare to what you're seeing? 

Komar: That's absolutely right. It's all down to security now. The first thing insurance companies want to know is what your security measures are and how much security you need.  

Apptega: Right. And Robert, as you mentioned, there is an insurance aspect of this, but there are also the legal and regulatory requirements. How can businesses ensure they are compliant with all the requirements and how do they stay on top of the trends? 

Merva: It's difficult. We are pushing for everybody to select and implement a cybersecurity framework, and that’s going to be huge for our business in the coming few years. This is a problem that has been on our radar for a while. Very few people in our area are talking about it, but it's really important that people educate themselves on what these frameworks are and how they work. 

Apptega: Mercy, you're an educator. What have you seen in terms of resistance to this transition and its urgency? And how has this mindset changed over time?  

Komar: When I first started to work on this, the reaction from clients was that this is just something else I wanted to sell them -- that this is just another piece of business. I do understand this view because that is what insurance agents have done for years. But as you started to educate clients on the true value and need for cyber insurance, and as the public started educating themselves and seeing the security breaches happening around them, people started to realize that there was something happening – and it could happen to them, too. Now, they understand that it is real, and we are trying to do something that's going to help them. 

Ransomware attacks, social engineering, and data breaches are an imminent threat to small businesses, but you can be prepared. Ensuring that you have strong cybersecurity and cyber insurance can offer you comprehensive protection so that your business can handle anything thrown your way.  

To hear more, listen to the full conversation here

To learn more about how you can empower your clients to meet their cybersecurity obligations in an affordable way, while also growing your business, check out Apptega, the only GRC automation platform purpose-built for MSSPs.