SMBs boost cyber insurance uptake amid rising threats
67% of ransomware attacks in Q4 2023 affected SMBs with less than 1,000 employees.
Small and medium business (SMBs) demand for cyber insurance has grown, with SMB exposure rising from 31% to 45% of the total cyber market over the past five years, according to Guy Carpenter’s “Small Businesses And The New Frontier Of Cyber Catastrophe Modeling” report.
Cyber catastrophe (CAT) modelling has become essential for insurers and reinsurers to assess their cyber risk and manage exposure. Cyber CAT models help quantify risks, deploy capital, and minimize CAT exposure.
Initially designed for large businesses, cyber insurance is now sought after by small and medium-sized businesses (SMBs), as 98% of cyber claims over the past five years came from businesses with less than $2b in revenue.
However, current cyber CAT models struggle to accurately assess SMB risk due to the lack of historical data on technology adoption and security practices.
Cyber CAT modelling also plays a key role in capacity deployment. Major cyber incidents like WannaCry, NotPetya, and the CrowdStrike Falcon outage have shown the potential for widespread damage.
These events highlight the importance of managing aggregate limits to ensure that insurers can cover losses without exceeding their capacity. CAT models simulate various scenarios and interdependencies to provide a comprehensive view of potential losses, helping insurers develop strategies to mitigate risks.
These models identify single points of failure (SPOFs), such as common digital assets, that could lead to widespread damage. By combining client data with external scans, insurers gain a better understanding of their exposure and can make more informed decisions about capacity deployment.
Cyber insurance was initially driven by large-scale data breaches, but threat actors have shifted to exploiting vulnerabilities in widely used technology.
Ransomware, in particular, has become a common attack method, with 67% of ransomware attacks in the fourth quarter of last year, affecting SMBs with fewer than 1,000 employees.