Here’s What They Can Do To Mitigate Their Risks. Gallagher’s 2024 survey of 1,000 US business owners shows cyberattacks continue to be a top concern, but a significant gap remains between the awareness of cyber risks and the adoption of cybersecurity measures and cyber insurance coverage.
According to the survey, 69% of business owners said they were extremely or very concerned about cyberattacks affecting their business, down slightly from 74% in 2023. However, only half of businesses reported having cybersecurity measures in place, and only 32% said they had cyber insurance.
In addition, the survey revealed cyber risk awareness among small and medium size businesses continues to be a challenge. For business owners with 1-50 employees, only 42% expressed major concerns about cyberattacks and only 15% had a cyber insurance policy.
We understand some business owners might have limited resources and personnel for robust cybersecurity, but threat actors continue to target small and medium size businesses, using ransomware as a preferred means, as revealed by the latest studies.
Although Gallagher’s survey found that an overwhelming majority (81%) of business owners were planning to maintain or increase artificial intelligence (AI) investments in 2024, business owners also expressed concerns about AI risks. Among the top AI concerns for businesses surveyed:
- Exposing sensitive information (37%)
- Regulatory risks (35%)
- Making their work obsolete (35%)
- Inaccurate data (34%)
- Reputational and brand risk (33%)
- Misinformation (30%)
Organizations are right to be concerned with potential threats posed by AI usage. For example, when AI systems are trained with inaccurate or incomplete information, this can lead organizations to make unfair assumptions or implement discriminatory practices.
The AI regulatory landscape continues to evolve as a number of states have proposed legislation on AI usage. In addition, businesses need to be aware of AI liability risks related to privacy and intellectual property.
Cyber Risk Transfer: Navigating the Cyber Insurance Marketplace
Cyber insurance remains a key risk management strategy for transferring cyber risk. Today’s marketplace remains competitive, with increasing capacity and customizable options for organizations of all sizes and most industry sectors. Businesses with cyber insurance coverage should consider the free and discounted cyber risk services their carrier may offer such as scanning services, compliance help and incident response planning. Companies that leverage these services may be better prepared to prevent or mitigate cyber incidents and ultimately be viewed favorably by underwriters during the application and renewal process.
However, buyers need to be mindful of potential modifications to policy language that sometimes lead to coverage constriction. In addition, applicants should be prepared for cyber insurance underwriter scrutiny around cybersecurity control requirements. These include but are not limited to multifactor authentication, data backups, privileged access management, endpoint detection and response, virtual private networks, data governance plans, patch management programs and incident response planning. Without these, applicants may face higher premiums, lower policy limits, be subject to co-insurance and exclusionary language and, in some cases, policy denials.
To help prepare our clients, we developed the Cybersecurity Controls Checklist, which helps explain what underwriters now expect to see when evaluating an applicant’s cybersecurity posture. Our recommended controls include employee training, multifactor authentication, email hygiene, patch management, access controls and backups and cloud storage.
Focusing on the latest cyberattack techniques, prevention and mitigation best practices, compliance to regulatory requirements, emerging technology and the latest developments in the Cyber insurance marketplace are all good steps to protecting your business from the ever-evolving cyber threat landscape.
John Farley leads Gallagher’s Cyber Liability practice, developing and executing insurance coverage across all lines in the U.S. He works closely with our teams around the world in our Global Cyber practice. John provides thought leadership on a variety of cyber risk management best practices and assists clients across all industries in navigating the dynamic cyber insurance markets as a means to cyber risk transfer while providing guidance on emerging regulatory risk, cyber attack techniques, cyber risk prevention and data breach cost mitigation strategies.
Cyberattacks stock image by luechai wanapapobsuk/Shutterstock
- Coveware 2024 Q2 Ransomware Report: https://www.coveware.com/blog/2024/7/29/ransomware-actors-pivot-away-from-major-brands-in-q2-2024