Times are hard, but please don’t skimp on cybersecurity

Take insurers' first-quarter financial results with a pinch of salt

Excessive monetary tightening has ushered in a period of economic instability for businesses in both developed and developing countries. This is, understandably, causing alarm bells for business leaders, who had hoped for some reprieve post-pandemic.

While some businesses are considered recession-proof – such as grocery stores, healthcare providers, or those with a market monopoly – due to the essential goods and services they provide, most businesses feel the sting of inflation through increased costs of wages, overhead, raw materials, and inventory, as well as supply chain disruptions and changes in demand.

At times like these, businesses are looking to cut costs – but they need to be smart about this. As explained by Oracle Netsuite: “Broad untargeted cuts can be unsustainable and impede growth. [Businesses should] analyse which expenses are essential to the core function of [their] business and which can be cut without impacting profitability.”

Read next: Insurers “run risk” of relying on government cyber warfare declarations

This got me thinking about businesses’ insurance and risk management spend, particularly for discretionary purchases like cyber insurance. If companies are not contractually obliged to buy cyber insurance – which is not yet a common practice – they may opt to cut costs by reducing their cybersecurity spend, or foregoing cyber insurance coverage altogether.

That is problematic in many ways – first and foremost, because all businesses (regardless of size or sector) are vulnerable to cyberattacks and breaches. If they’re not prepared for an almost inevitable cyber incident, they could potentially suffer a loss that puts them out of business, either through sheer financial devastation or through the slow burn of disrepute.  

See also  Revealed - $120 billion-plus average annual insured catastrophe losses price tag

However, cybersecurity comes with a cost. While basic things, like enabling multi-factor authentication (MFA) on networks and applications, are very cheap (sometimes free) to implement, other tools like endpoint detection and response (EDR) and securing appropriate backup and network segmentation come with quite the price tag.

Furthermore, as the cyber threat landscape evolves – and it is always evolving, with bad actors seemingly one step ahead at all times – companies must update their cybersecurity in tandem. It is an ongoing business expense, which is a sensible investment in the grand scheme of things, but a real pain when companies are teetering on the brink of financial hardship.

Read more: All eyes on cyber: The celebrity of commercial insurance

As well as investing in cybersecurity measures, companies also have the option to purchase cyber insurance. As I mentioned, this is mostly a discretionary insurance purchase – but it is one that more companies should consider, especially in this elevated threat landscape.

However, cyber insurance is really expensive. It has been for the past few years as cyber insurers have responded to a plague of very costly ransomware attacks and data breaches. My concern is that businesses are looking at the price tag, and they’re considering the inflationary pressures in the global economy and UNCTAD’s warning that we’re “on the edge of a global recession”, and they’re going to say: “No thank you!”

If companies reject cyber insurance, and they fail to effectively self-insure their cyber risk by investing time and money into their cybersecurity, then they’re sitting ducks for potentially business-destroying cyber events.

See also  First Indemnity boosts MGA capacity with Knight Specialty

The message is simple – and it is one that insurance brokers should be considering internally, and communicating externally with clients: No matter how hard times may be, or how dire the economic outlook is, don’t skimp on your cybersecurity spend. If you do, the consequences could be catastrophic.