Cybersecurity concerns will likely remain a focus for startup founders in 2023, according to the recent Embroker Cyber Risk Index: Startup Edition, published today.
The report said startup founders cited cybersecurity protections as one of their three non-negotiable areas of investment for the coming year, along with product innovation and equipment upgrades. Of the founders surveyed, 71% said that they’re considering new cyber protections or tools for next year.
Embroker surveyed more than 400 venture capital backed startup founders in the U.S. between November 10-14 about the importance of cybersecurity, including cyber insurance, how they protect their business from modern external risks, and how their perception around the reality of cyber risks is changing year over year. The survey was completed online and responses were random, voluntary, and anonymous.
These results come as today’s startups are facing substantial headwinds, according to the report.
“Beyond the everyday challenges of running a company, building a product and trying to grow, external risks abound,” the report said. “Many founders are worried about a restrictive funding environment, volatile public markets and broader socio-economic shifts.”
In addition to these risks, the report said one external risk that keeps resurfacing in founders’ minds is cyber. In fact, the survey found that expectations among startup founders around the likelihood of facing a cyber attack have risen from 36% in 2021 to 50% in 2022, a 14% increase year over year. More than half of founders – 68% – said that they have already experienced a cyber attack on their business.
The report predicted that ransomware attacks will likely persist and evolve into next year, exacerbated by the remote and hybrid work environment that has amplified since COVID-19.
“Remote and dispersed workforce will continue to present security challenges for organizations large and small, and social engineering tactics will remain a key method for bad actors to obtain employee data and credentials,” the report said.
However, the survey did find some good news. Of the founders surveyed, 86% said they currently have some cyber insurance protections in place. From the first quarter to the second quarter of 2022, Embroker itself saw a 50% increase in shopped cyber policies. The InsurTech also found that cyber went from 15% of its total applications submitted in Q1 2022 to 22% in Q2. Nearly half (49%) of founders surveyed in the report cited cybersecurity insurance protections as required by their investors, their board or both.
“Pressure from investors and board members is a key component in driving investments in cyber security insurance,” the report found.
Almost all of the founders surveyed – 97% – said that they discuss their cyber protections and issues with investors and board members. Despite these seemingly positive numbers, more work remains, evidenced by the 14% of startups who said they don’t have cyber insurance at all. Of those startups, nearly half cited cost as the main reason. For the startups that do have cyber insurance, half said they believe their policies would only partially cover them in the event of a cyber incident.
Despite this, Embroker said in its report that survey results showed worry and awareness around cybersecurity is rising among startup founders, and many of them are taking action.
“They are becoming more concerned about cybersecurity protections but they often factor external risks like inflation and current events – in addition to internal elements like investor requirements – into their decision-making processes,” the report said.
Embroker is an InsurTech focused on commercial insurance in lines such as directors and officers, employment practices liability, cyber, and professional liability. It uses predictive modeling powered by technology to fully automate underwriting. Founded in 2015, Embroker is headquartered in San Francisco, California.