The Growing Importance of Cyber Insurance for Small and Medium-Sized EnterprisesIf you’ve been putting off buying cyber insurance, now is a good time to stop procrastinating. Cyber insurance rates are presently stable, while cyber threats are growing, so this may be the ideal time to buy cyber insurance for small and medium-sized enterprises.
Cyberattacks Aren’t Letting Up
Research from Check Point shows that cyberattacks per organization surged by 47% in the first quarter of 2025. Although the education sector was hit the hardest, no industry was spared. Whether you’re in consumer goods and services, business services, transportation and logistics, real estate, or any other industry, you have cyber risks.
Small to Medium-Sized Enterprises Have Become Common Targets
If hackers are looking for a multimillion-dollar ransoms, they may focus on large enterprises with deep pockets. However, going after large corporations may also be more challenging because these companies will have invested resources in cybersecurity. In contrast, smaller businesses often have gaps in their cybersecurity practices, leaving them more vulnerable to attacks.
For example, large corporations may have a team dedicated to cybersecurity. Nationwide found that 64% of business owners don’t even have an employee or vendor in charge of detecting and combating cyberattacks – many of these are likely small and medium-sized enterprises.
Hackers may see small businesses as low hanging fruit. According to Execweb, 73% of small businesses experienced a cyberattack last year.
Costs Are Increasing
According to the Cost of a Data Breach Report 2024 from IBM, the global average cost of a data breach is $4.88 million – a 10% year-over-year increase. Businesses in the U.S. face the highest costs, where the average is $9.36 million.
Headlines often focus on large ransom demands, but that’s only one of the many costs associated with cyberattacks. Businesses also face costs from:
- Cyber forensic analyses to understand the nature and scope of the attack.
- Restoration, repair, or replacement of computer systems and files.
- Compliance with state data breach notification laws. Businesses may also need to pay for credit monitoring.
- Lost revenue due to business disruption and reputational harm for failing to keep consumer data safe.
Smaller Businesses Are Hit the Hardest
When cyberattacks succeed against smaller businesses, the impact may be brutal. Although the total cost may be lower, smaller businesses often lack the resources needed to recover from an attack. Some businesses don’t survive. According to the BBC, a 160-year-old haulage company permanently closed after a cyberattack. In another case, ZDNet says 300 workers found themselves without jobs after the telemarketing company they worked for was hit with a ransomware attack.
A report from the Royal United Services Institute for Defence and Security Studies found that cyberattacks may also be psychologically devastating for the impacted business owner and workers, leading to stress, burnout, anger, guilt, and other negative emotions. As a result, individuals may suffer physical harm, such as sleep deprivation and exhaustion. Some individuals even report feeling suicidal.
AI Is Making the Problem Worse
AI has been a double-edged sword for cybersecurity. On the positive side, some businesses are using AI to detect and fight against cyberattacks, which may greatly reduce the likelihood and impact of an attack. At the same time, hackers are using AI to carry out attacks that are more frequent and harder to avoid.
CrowdStrike says hackers are using AI to automate, accelerate, or enhance multiple phases of a cyberattack. For example, they might use AI to identify vulnerabilities and then automate the attacks. They may also use AI to create sophisticated social engineering attacks, and they can use deepfake technology to make those attacks exceptionally convincing.
According to research from SoSafe, hackers can compose phishing emails 40% faster by using generative AI, which means they can launch more phishing attacks. Even worse, Axios warns that phishing messages created with generative AI are often harder to spot since they don’t have the telltale mistakes like weird phrasing and bad grammar.
Is Your Business Protected Against Cyberattacks?
Cyber threats aren’t disappearing. In fact, thanks to AI, they’re becoming worse. You can protect your business by training your team, securing your systems, monitoring potential intrusions, and creating policies to minimize your risk. However, these measures may not be enough to stop all attacks, which is why cyber insurance is recommended. If you suffer a cyberattack, your cyber insurance will provide support to facilitate a fast recovery and offer coverage for much of the financial fallout.
Cyber insurance rates have actually been falling, making this the perfect time to review your coverage needs. Heffernan Insurance Brokers can help. Learn more.
