Insurance broker: 'low-risk' companies are attractive cyberattack targets

If you’re with an organisation in a low-risk sector, you can relax when it comes to cyber threats, right?

Wrong, says an industry observer.

Andrew Lai, the Chief Operating Officer of Anapi, a digital insurance broker, has seen organisations in sectors that don’t handle large amounts of sensitive data being targeted by cyber criminals.

“In Singapore, for ransomware, a lot of the claims and clients that have claimed multiple times on their policy actually come from sectors with very minimal personal data.

“But because [their] cybersecurity procedures are so weak, they are actually a very attractive target for attackers. We have [seen] cases where the same client was a victim of multiple ransomware attacks, with insurers sometimes having to pay twice already.”

Get our free guide on Preparing for a Data Breach with the help of a data protection management tool. Log in as a DPEX Network member (sign-up is free) to download.

Mindset shift, and budgets, needed

According to Lai, whether organisations consider themselves to entail very low risk, or think that they are not in an industry that actually requires cyber insurance, cyber attacks such as ransomware can happen to anyone.

“The one mindset shift or takeaway for organisations is that they should really look at [cyber insurance during] their budgeting. Cyber insurers very clearly know which are the low-risk factors, and they will price accordingly,” he told DPEX Network.

“It is possible now to get really good premium pricing if you are low-risk and have decent cybersecurity procedures.

“If you see insurers come back [and quoting] very high pricing, it's actually a sign that maybe your sector isn't low-risk and actually there have been claims.”

Get our free Data Protection Impact Assessment (DPIA) Cheat Sheet. Log in as a DPEX Network member (sign-up is free) to download.

Does higher risk mean ‘uninsurable’?

Not necessarily, said Lai.

“If you are in a high-risk sector, you need to consciously show that you're constantly upgrading your cybersecurity. You spend money, you take it seriously, and that's how you flatten your premiums, even if you are in a high-risk sector.

He added that for those organisations that are in a low-risk sector, insurability also hinges upon being able to demonstrate proper risk management procedures are in place.

Stay tuned for our upcoming webinars and events on data governance by following us on Facebook and LinkedIn.

Cyber insurance as part of a holistic strategy

“I think cyber insurance is part of a holistic management strategy,” Lai said.

“For clients that are operating in the service industry or providing a service to your clients, it actually works in tandem with your other insurance policies, like professional indemnity.

“You need to see it as [part of] a whole, especially if you're a startup or you're in the technology service space.”