Briefing: Sector must do more to protect SMEs from cyber bullies

By Kelly Ogley

They say time flies when you’re having fun. But I got a shock the other day when I realised it’s now 35 years since Marty McFly drove his Delorean into tomorrow in the brilliant Back to the Future Part II.

Those unfamiliar with the 1980s film are missing a treat. Marty magically finds himself in the future – 2015 – and ends up having to adjust to everything from flying skateboards and cars to self-tying shoes.

If the film’s more outlandish predictions haven’t quite come to pass, then Marty’s bewilderment at the pace of the technological change is eerily familiar – particularly when it comes to cyber.

It doesn’t seem that long ago that I was taking the backup tape home to ensure our data was secure. Today, we’re in the eye of the cyber storm thanks to generative artificial intelligence (AI), phishing scams and the most sinister advance of all – the deepfake.

Now, we’re the risk professionals. Cyber is already high on our agenda. We are all busy planning scenarios to strengthen our operational resilience – or we should be.

But, the trouble is that many companies are still treating these cyber threats as if they’re science fiction, not science fact.

Let’s put the danger into context. According to global cyber security firm NCC Group, last year ransomware attacks were up a staggering 85% on 2022. This year, it looks like the danger will ratchet up a further 30%.

And typically, like their real-world counterparts, the cyber bully loves nothing more than preying on the most vulnerable. So, it’s no surprise that SMEs are now in the firing line.

What is striking, however, is that 75% of those small firms don’t have cyber cover, as found by The World Economic Forum’s Global Cybersecurity Outlook 2024 report, published in January 2024.

Worse still, 60% of these firms face bankruptcy within six months of a cyber attack, according to US software company Cimcor, cited in Cybercrime Magazine in 2019.

More than just signposting

These brilliant companies might be the lifeblood of the British economy, but they’re doing the equivalent of leaving the latch off the hook and the back door open.

Of course, I get it. Some people simply don’t know about the risk. Some think it’ll never happen to them. And some are struggling to keep their head above water.

But I suspect the real problem is that many SMEs don’t know where to go to get insurance protection. And, when they do, they’re put off by long, convoluted processes. So, it’s up to us in the insurance industry to sound the alarm.

Don’t forget, this danger is not just financial. In the virtual world, everything is connected and we’re only as strong as our weakest link. In fact, more than 40% of organisations that experienced a severe cyber impact said it was because of a third party.

It’s even conceivable that an SME which is part of a larger business supply chain might suddenly find themselves replaced unless they practice good cyber hygiene.

However, we’ve got to set our sights higher than simply waving a digital warning flag. Like Marty McFly, we have to help people tackle the cyber bullies.

The good news is companies like Howden are already on the case. In May 2024, we launched a new cyber insurance platform for SMEs. Its strength lies in its simplicity. No lengthy questionnaires. No complex terminology. You get a quote in four simple steps. And once the policy is live, clients get assistance 24/7, along with the most advanced insights and software analytics.

In the Back to the Future movies, Marty and Doc escape the future and return to the reassuring present. But we’re still back in the future. A world of AI scams, phishing expeditions and deepfakes. And taking the backup tape home no longer cuts it.

Instead, we’ve got to get our cyber protection in place and be ever more vigilant about how we behave online. That means thinking twice about how we share details. That means knowing exactly who’s accessing our systems. And that means doing our bit as responsible insurers to keep banging the cyber drum.

But it’s not all doom and gloom. Some scams are easy to spot. If you ever come across a deepfake Kelly, you’ll know it’s a con immediately. Thankfully for all concerned – there’s only one of me.