With the insurability gap within the small and medium-sized enterprise (SME) market continuing to grow as cyber attacks and the digitisation of work processes increase, one key issue that surrounds this, is that the cyber insurance products offered do not always match up with the financial losses that businesses may face in a cyber incident, according to Trent Cooksley, co-founder and COO of Cowbell Cyber.
Cooksley states that big businesses can get custom policies, and very small ones may have basic coverage bundled with other insurance, but many SMEs are left with a gap in coverage.
He said: “The heart of the problem lies in how we assess risk. Insurers often take an outside-in approach, which doesn’t give the full picture. If you can’t pinpoint and measure the risk accurately, it’s tough to offer the right coverage.
“For example, with more businesses using cloud tools, we’re seeing common misconfigurations that increase cyber risk. These need to be factored into risk assessments. When risks aren’t fully assessed and losses aren’t properly quantified, insurers get hesitant about offering substantial coverage. Sadly, this means most policyholders might not even realise they have inadequate coverage until it’s too late.”
Moving forward, Cooksley highlights how the adoption of tech such as mobile and cloud is only adding “complexity to the situation”.
He also added that organizations can “easily double” their cloud-stored data, however tracking the associated risks can be quite a challenging task.
“Many SMEs also aren’t aware of the benefits of cyber insurance. Brokers can have a hard time explaining it to clients who don’t fully grasp their cyber risk.
“The other clear gap is between coverage – where policies are typically underwritten only once a year – and cyber risk, which is changing daily with new threats and tech developments.
“However, with the right tech, risk assessment and modelling, we can bridge these gaps. It means collecting data for detailed risk profiles, keeping coverage updated, and making sure SMEs understand the benefits of cyber insurance. It’s all about keeping pace with the changing cyber landscape.”
Furthermore, Cooksley also explained how he feels that the cybersecurity market landscape will remain both dynamic and challenging for the foreseeable future. Highlighting how bad actors are continuing to advance their tactics and techniques, while AI technology also continues to change the landscape of the market week by week.
He said: “The result of this will see cyber threats becoming more sophisticated and targeted as time goes on, posing significant challenges for organizations. Businesses will need to be vigilant, continuously monitor and audit their cybersecurity systems, and make sure they’re compliant with security standards.”
Adding: “The remote working (WFH) trend – something we’ve seen continue in popularity post-Covid – also presents challenges in educating employees about cybersecurity.
“In fact, we recently commissioned research that showed 77% SMEs’ C-suite and senior managers aren’t confident that their employees’ own devices are operating securely with their business’ systems, while 89% are not checking with employees to ensure their devices are running the most up to date software. Additionally, 68% are not actively making their employees aware of the risks of using public wifis to access company devices; something that’s common working remotely.”
Cooksley explained that ensuring that all workers are made aware of cybersecurity best practices and behaviours is extremely crucial, but remains more challenging on a remote basis.
“On the upside, I believe the cybersecurity market will see some much-needed gamechangers bring new tech-powered solutions to the table. We’re already seeing efforts to integrate AI and data-driven analytics into the underwriting process, for example, which is enhancing risk assessment and pricing strategies,” concludes Cooksley.