SMEs ignoring cyber riskJanuary 18 2019 by Nick Ferguson
Cyber insurance remains a difficult sell in Asia, with many small and medium enterprises in the region ignoring the level of cyber risk they face.
More than half say they are less vulnerable to cyber incidents than bigger companies, even though the majority of SMEs have experienced a cyber error or attack during the past 12 months, according to a survey conducted in Hong Kong and Singapore by Chubb.
“SMEs are the low-hanging fruit for cyber attack,” says Andrew Taylor, cyber underwriting manager for Chubb in Asia Pacific.
Indeed, the survey reveals significant confusion among SMEs about the risks. In Hong Kong, close to two-thirds of respondents said they could overcome a breach within 12 hours, yet more than half said they are not aware of all the cyber threats they face and 21% of SMEs that experienced cyber incidents did not know which data files were affected.
The results were similar in Singapore, where 62% of respondents said that a cyber incident had made them realise they were more vulnerable than they had previously thought, but only 44% increased their security as a result and 22% took no action at all.
Educating this segment of the market, as well as the brokers and agents they rely on to sell the product, is a significant challenge for insurers. SMEs account for close to half of all private employment in Hong Kong and make up 98% of businesses.
Taylor says there is a tendency for entrepreneurs and business owners to see cyber risk as an IT issue and, as a result, to dismiss it as too expensive to deal with.
“People believe this is a technology issue, but in reality human factors are the major component of what’s allowing non-public information to be taken from SMEs,” he says.
Addressing the problem doesn’t have to be expensive. “It’s about good governance and strong internal controls, it’s understanding the humans that allow networks to be compromised,” says Taylor.
Typical measures include a strong password policy, training about cyber security, keeping IT equipment up to date and creating a cyber incident response plan.
Even so, cyber premiums are growing fast. In Hong Kong, while the overall industry is growing at around 6%, Chubb says that cyber premiums are expanding at a triple-digit rate. However, those premiums are growing from a very low base and the level of cover is still inadequate in terms of standalone protection, according to Stanley Wong, Chubb’s country head for Hong Kong, Taiwan and Macau.
To sell more cyber coverage, says Taylor, the industry needs to move beyond the traditional promise to pay and raise awareness about the value-added services that insureds can access through a standalone cyber policy, such as threat response, IT forensics, legal advice and public relations.
“As an industry, we need to do a better job of saying what cyber is,” says Taylor.
Part of the complacency may be due to benign liability claims in the region from cyber incidents. Small businesses may be somewhat inconvenienced by the business interruption that occurs as a result of a cyber attack, but liability claims are more effective at motivating insurance purchases.
Despite this, awareness of the cyber threat is seemingly on the rise. Insurance professionals in Asia Pacific cited cyber risk as the second biggest threat they face in Allianz’s latest Risk Barometer, published earlier this week, just behind business interruption.
The challenge is translating that threat perception into sales of cyber insurance.
- February 22
China’s roadmap to integrate the Pearl River Delta region lacks details but is a positive step.
- February 22
Prudential is seeking to escape EU regulations through its demerger, but investors are unconvinced.
- February 15
Private sector P&C insurers won a bigger market share than their public sector competitors in 2018.
- February 15
Initiatives are starting to take shape in Asia as local startups and international groups innovate new solutions.