Risk managers in major companies across Europe have been urged to use their expertise and resources to support SMEs in closing the cyber insurance and resilience gap.
Typhaine Beaupérin, CEO, at European risk management association FERMA has told StrategicRISK, that large businesses now have an opportunity to support their smaller peers and in doing so strengthen third party and supply chain resilience.
Her comments came as FERMA collaborates on a new cyber support by insurance broker Marsh.
Why SMEs must act
The report warns that the cybersecurity controls of small and medium-sized enterprises (SMEs) across the European Union (EU) lag behind larger organisations by an average of 15%.nIt added that SMEs face significant challenges in achieving cyber resilience compared to larger organisations.
The research analysed the cyber resilience gap among 320 SMEs, mid-cap, and large organizations across the EU – defined by annual revenues of less than €51 million, between €51 million and €250 million, and over €250 million.
The results showed that large organisations implement cybersecurity controls more effectively than SMEs.
“99% of businesses operating within the European Union are SMEs. And while they represent 50% of the EU’s GDP, their insurance penetration rate is only around 15%”
Large organisations scored 80% across 12 cybersecurity control categories, while SMEs averaged 65%. Notably, 91% of large organisations require multi-factor authentication for remote logins, compared to 75% of SMEs.
The report concluded there is now a “critical need” for improved incident response plan testing, with only 40% of SMEs conducting tests, compared to 61% of large organisations.
Despite enhancements in incident response capabilities, SMEs and mid-cap organisations lag behind. Additionally, there are significant industry differences: 85% of finance SMEs require cybersecurity training for employees, while only 58% in manufacturing do.
The role of insurance
The report underscores the need for SMEs to engage in the rapidly expanding cyber insurance market, as many are currently uninsured or underinsured, leading to a significant protection gap.
While historical barriers have restricted access to adequate coverage, recent innovative market solutions present SMEs with an opportunity to close this insurance gap.
When asked if FERMA were surprised over the report’s finding and if is the 15% figure was higher than expected Beaupérin said it came as little surprise and unless steps were taken to address the issue it would only worsen.
“The data points within this report provide a confirmation of the scale of the cyber protection gap which exists between SMEs and larger corporates – and in that regard are not hugely surprising,” she said.
“There clearly needs to be a combined effort to drive up cyber risk-related awareness levels”
“99% of businesses operating within the European Union are SMEs. And while they represent 50% of the EU’s GDP, their insurance penetration rate is only around 15%, according to Munich Re.
“And this gap is set to widen. The recent Global Risk Managers Survey revealed that 53% of respondents believe that key business activities and locations will become uninsurable, of which 55% cited cyber-attacks, 33% digitalisation risks, and 31% technological risks as those areas potentially uninsurable in the future.
“There clearly needs to be a combined effort to drive up cyber risk-related awareness levels, boost efforts to enhance cyber resilience, and improve overall cyber insurance penetration amongst SMEs.
In her contribution to the report Beaupérin, stated: “As cyber threats continue to evolve, this report shows the urgent need for all organisations, particularly SMEs, to strengthen their cybersecurity measures to ensure resilience.
“Larger companies have a clear opportunity to help bolster cyber resilience at the SME level through their supply chains.”
“It calls for increased awareness, education, and support for robust cybersecurity practices, urging key stakeholders - governments, industry associations, and larger organisations - to provide resources and collaboration opportunities to enhance SME cyber resilience.”
On her comments around the potential for larger companies to collaborate with their smaller peers to support their efforts she said it needed to be viewed as an opportunity not a task.
“Larger companies have a clear opportunity to help bolster cyber resilience at the SME level through their supply chains. This is particularly prescient given the growing acknowledgement of the potential for supplier networks to be a source of cyber-attack,”
“Such opportunities exist, for example, in the procurement process where they can require companies to demonstrate their cyber resilience, help them to conduct assessments of their cyber security measures, or involve them directly in their incident response plans or training given their critical role in their value chain.”
Quick wins for companies
Beaupérin said risk managers did have the opportunity to deliver some quick wins.
“One potential quick win is something which FERMA has already highlighted in our Cyber insurance dialogue – How Europe can lead the way to cyber resilience, which is to create a standardised cyber security assessment tool specifically designed for SMEs,” she continued. “There are already several cyber security measurement tools available, whether through brokers or insurers, or at the national level.
“By helping instil that greater understanding of their overall cyber security maturity amongst their SME peers, this will help not only boost cyber awareness levels but help instil a greater drive to enhance cyber resilience measures, and as a result help close the cyber protection gap by enhancing the potential insurability of smaller organisations.”
Beaupérin concluded: “Closing the cyber protection gap, and in particular in the context of SMEs, is already a key area of focus for FERMA.
“A core component of that is creating a sustainable cyber insurance market which is underpinned by a more cyber aware and cyber resilient SME community.”
No comments yet