关于亚洲业务Make a claimPay onlineBecome a clientJoin the Team
Cyber risks: the increased targeting of SMEs

Cyber risks: the increased targeting of SMEs

< Back

2025 February 23

As businesses become more reliant on technology, their exposure to potential cyber threats increases. The cyber threat landscape is constantly evolving, driven by rapid technological advancements, emerging threats, and the growing sophistication of cybercriminals.

As such, cyber risk has become a significant concern for businesses of all sizes, making cyber security and cyber insurance more important than ever.

While large corporations often make headlines with high-profile incidents such as the Medibank and MediaWorks data breaches, small and medium sized enterprises (SMEs) are increasingly targeted by cybercriminals. Cyber threat actors will target any business that appears vulnerable, often seeking the easiest and fastest way to succeed. SMEs typically lack the robust cyber security measures and resources available to larger organisations, making them more attractive targets.

Cybercriminals may attempt to infiltrate a business's computer systems or network to steal data, cause damage, or disrupt operations. These attacks often begin with unauthorised access, leading to more severe consequences for data or systems. The primary goals of these attacks are to access, alter, or destroy sensitive information, extort money from users, or interrupt normal business processes.

New Zealand government statistics show that SMEs commonly face cyber threats such as phishing, credential harvesting, social engineering, ransomware, invoice fraud, and data breaches. These incidents can lead to substantial financial losses, including direct costs like legal fees and ransom payments, as well as indirect costs like lost revenue and recovery expenses, such as hiring IT security services or investing in new security systems. Cyber incidents can disrupt operations, cause reputational damage, and lead to legal or regulatory penalties. According to CertNZ, the estimated cost of a data breach in New Zealand for 2024 was around $173,000. Proactive cyber security measures are essential to minimise these risks.

Practical Cyber Risk Management Tools

It’s not a matter of "if" but "when" a business will face a cyber threat. Therefore, it’s crucial to take steps to protect against this risk. Security controls help reduce the likelihood of a threat actor succeeding before an incident occurs.

Cyber insurers increasingly require businesses to implement certain cyber security controls, which not only reduce the risk of a cyber event but also help secure appropriate insurance coverage. Common controls include:

  • Multi-factor authentication (MFA): Adding an extra layer of security. Use strong password policies and password managers.
  • Endpoint Detection and Response (EDR): Implementing advanced security tools to monitor and protect devices.
  • Secured, encrypted, and tested backups: Ensuring data recovery in the event of an attack.
  • Least privilege access: Limiting employee access to sensitive data and systems based on job requirements.
  • Employee education: Since human error is a major security risk, training staff to recognise threats can reduce breaches.

Other important measures include:

  • Regular software updates.
  • Encryption of sensitive data.
  • Robust firewalls and up-to-date antivirus software.
  • An Incident Response Plan that is regularly reviewed.
  • Vendor risk management, ensuring third-party vendors follow strong security practices and clearly defining responsibilities in case of a breach.
  • Simulations to test breach responses and identify weaknesses.
  • Verifying emails or messages are legitimate before clicking links or opening attachments.

Cyber Insurance: A Key Risk Management Tool

Despite implementing the best preventive measures, no business is entirely immune to cyber threats. This is where cyber insurance becomes essential. A good cyber insurance policy works alongside an effective security plan to protect your business from financial losses due to cyber incidents.

A cyber insurance policy is designed to help businesses manage the financial risks associated with cyber events such as data breaches, hacking, and other forms of cybercrime. The policy addresses both direct losses to the business and claims for third-party losses resulting from a cyber event. A cyber policy includes:

  • Incident response: Access to an expert response team to help recover quickly and effectively from a cyber incident. The team typically includes IT forensics, public relations, legal, and crisis communication specialists.
  • Data and System restoration: Covers the costs of repairing, restoring, or recreating damaged systems or data following a cyber event.
  • Business interruption: Reimbursement for lost profits and additional expenses incurred due to an interruption caused by a cyber event or non-malicious system failure.
  • Cyber extortion: Covers losses from extortion threats, including the costs of resolving the situation and consulting with cyber extortion specialists.
  • Public relations and crisis management: Cyber insurance may cover the cost of hiring PR firms to manage a reputation crisis and minimise long-term damage after a breach.
  • Legal and regulatory fees: Covers the cost of legal defence, settlements, and fines related to data breaches or violations of data protection laws.
  • Privacy liability: Covers claims resulting from breaches of confidential information, along with defence costs and fines incurred during regulatory investigations. Can includes costs for notifying affected individuals, setting up call centres, and providing credit monitoring.
  • Electronic compromise: Covers attacks that involve hacking into networks or third-party platforms, including banking or accounting systems.
  • Social engineering: this optional cover is for losses from fraud where cybercriminals trick employees or customers into transferring funds to fraudulent accounts.

For SMEs, the risks of cyberattacks are significant and far reaching. As cyber threats continue to rise and attackers become more sophisticated, SMEs must prioritise cyber security and consider cyber insurance as a vital component of their risk management strategy.

An ICIB broker can help you navigate the complexities of cyber coverage. Contact a broker today to discuss cyber insurance for your business.