By Ari Vared
Large organizations have long understood the intrinsic value of customer data. By using it to formulate and execute on key business decisions, customer data helps enterprises better meet customer demand, anticipate a buyer’s propensity to purchase, and stay ahead of savvy competitors. Because of the substantial amounts of resources required to successfully leverage customer data — and considering its highly confidential nature — large companies have also traditionally led the pack in implementing cyber insurance to protect this crucial business asset.
Despite having fewer human and monetary resources, small- and medium-sized businesses (SMBs) have started joining in on the data-driven movement, leveraging their existing customer data to deliver superior customer experiences and, in some cases, successfully compete with large organizations. Protecting that invaluable intelligence, however, has historically been overlooked. Many SMBs assume they aren’t as much of a target compared to large companies, or they simply aren’t aware that cybersecurity tools are available to them. Plus, complex buying processes and exorbitant pricing often prohibit even the most knowledgeable SMBs from adequately protecting their assets.
New and Improved SMB Habits
Thankfully, times are changing. As SMBs continue to take advantage of the business benefits that leveraging customer data can provide, they’ve caught on to the merits of defending their customer data with proactive cybersecurity measures such as cyber insurance.
According to recent research conducted by my company, demand for cyber insurance has skyrocketed among the SMB market as of late, with the highest quarterly growth being 150 percent and averaging approximately 69 percent per quarter. In Q2 of 2018 alone, 30 percent of our commercial insurance shoppers purchased cyber coverage, compared to just 12 percent one year ago. With a a quarterly growth of 34 percent over the last year, first-time cyber insurance shoppers are also on the rise among SMBs.
Key Factors Contributing to Cyber Insurance Growth
There are a variety of reasons for SMBs’ increasing enthusiasm for cyber insurance, such as a rise in SMB-targeted cyberattacks and widespread, difficult-to-detect network vulnerabilities. However after analyzing our digital proprietary data collected from Q1 2017 to Q3 2018, we found the following three factors equally critical in driving SMB cyber insurance adoption:
1) Compliance Requirements
Compliance requirements such as HIPAA, PCI and DCI have contributed significantly to the growth of the SMB cyber insurance marketplace. Recent data privacy regulation rulings such as GDPR and the California Consumer Privacy Act may also be pushing adoption, as the percentage of our shoppers who stated compliance requirements as a motivating factor increased 39 percent quarter-over-quarter.
2) Contractual Components
In the past, mandating cyber insurance for SMBs was difficult, due to the lack of affordability and accessibility. Today, digital-first insurance providers have drastically reduced distribution costs, allowing organizations to enforce cyber insurance as an essential component of third-party vendor contracts. According to our data, nearly 50 percent (46.3) of SMBs buying cyber insurance are purchasing due to contractual requirements.
3) Affordable Policies
The price of SMB cyber insurance has declined substantially over the past year, primarily due to carriers’ ability to provide tailored policies designed to meet SMB-specific needs. In April of 2017, our data shows the average monthly premium cost for a $1 million cyber insurance policy was $270. By June 2018, however, the average monthly premium cost for a $1 million cyber insurance policy dropped to just $77.
The Future of Cyber Insurance Adoption
Looking ahead, compounding factors will continue to drive the SMB cyber insurance market. From a business perspective, state and federal regulations will likely make cyber insurance a mainstream business priority, and enterprise-level contractual requirements will make cyber insurance a must-have for third-party vendors. On the consumer side, customers will continue to take an increasingly active role in their personal cybersecurity, demanding that SMBs effectively secure their personal data through security solutions, including cyber insurance.
Though our data is still maturing, the steady increase in SMB shopper awareness and overall market readiness indicate that 2018 serves as an important inflection point for the mainstream adoption of cyber insurance. Furthermore, with the SMB population in the U.S. expected to exceed 34 million by 2025, cyber insurance will be an essential factor in securing our collective digital world, and we can expect any business with assets to secure — and long-term viability to protect — in order to make cyber insurance a critical element of their comprehensive cybersecurity plan.
About Ari Vared
Ari Vared is the Senior Director of Product at San Francisco-based CyberPolicy, providing small businesses with the cybersecurity advice, tools and insights they need to protect their data, operations and reputation. A wholly-owned subsidiary of CoverHound Inc., CyberPolicy is the world’s first and only comparison site for cyber insurance, helping companies Plan, Prevent, and Insure against today’s modern threats.