Small business owners in the United States are a wide, untapped customer base for property/casualty insurers developing coverage to address the escalating costs of cyber attacks. A recent Nationwide-sponsored survey illustrates both the challenges and opportunities of reaching this market subset.
Nearly 80 percent of small business owners lack a cyber attack response plan, the survey found, despite that fact that 63 percent acknowledged being hit by at least one kind of cyber attack, such as phishing attempts, viruses or hacking.
Harris Poll conducted the Nationwide-sponsored survey online between June 8 and June 19, 2015, targeting 500 small business owners who employed fewer than 300 employees. Respondents also had at least a moderate role in employee benefit selection.
Tony Fenton, associate vice president of commercial lines at Nationwide, argues that the responses point to a huge opportunity for the property/casualty insurance industry.
“The property/casualty industry can address this gap” by way of new insurance products, Fenton said in an email response provide to Carrier Management.
Such products and services can help business owners better prepare for a cyber attack, Fenton said, including practical tips and educational resources, preventative measures, and a pitch to consider cyber risk insurance.
“Education and options are key to driving awareness and cyber risk mitigation,” Fenton said.
Nationwide’s cyber survey comes as other cyber analyses have become public in recent weeks. Among them: a Wells Fargo-commissioned study that found there are still gaps in corporations’ incident-response plans, even though the vast majority of large U.S. corporations (with more than $100 million in annual revenue) have purchased cyber insurance.
This discrepancy between cyber attacks and need/awareness for coverage comes even as cyber attacks and breaches keep surging. The number of U.S. data breaches tracked hit a record 783 in 2014, with 85.6 million records exposed, according to the October 2015 Insurance Information Institute report “Cyber Risk: Threat and opportunity.”
At the same time, insurers are also rapidly issuing more cyber insurance policies and getting more savvy and skilled about underwriting and pricing the risk. More than 60 carriers now offer stand-alone cyber insurance policies. Marsh estimates that the U.S. cyber insurance market was worth more than $2 billion in gross written premiums in 2014, but it could grow to $7.5 billion by 2020, according to the I.I.I. report.
I.I.I. President and report co-author Robert Hartwig, said that the Nationwide survey is a stark warning about the gaps in cyber planning and coverage for small businesses, though opportunities abound.
“It is certainly a growth area. The threat is not receding,” Hartwig told Carrier Management. “This is one of the newest frontiers for insurers but it is one that can be a very profitable endeavor.”
With that in mind, Hartwig said that coverage to help mitigate damage caused by cyber attacks “is very much a product in need for businesses of all sizes.”
Other findings from the Nationwide report:
- Out of the 79 percent of small business owners who said they have no attack response plan in place, 46 percent said they feel their current software is secure enough. About 40 percent said they don’t expect their company to be hit by a cyber attack.
- 73 percent said they are at least somewhat concerned with a potential cyber attack.
- 63 percent of small business owners aid they have been a victim of at least one incident involving a computer virus (44 percent), phishing (30 percent), Trojan horse (22 percent), hacking (16 percent), data breach (11 percent), issues related to un-patched software (10 percent), unauthorized access to customer information (9 percent), or unauthorized access to company information (8 percent).