New survey reveals top five reasons middle-market businesses go without cyber insurance
KEY HIGHLIGHTS
- 42% of middle-market business owners reported that their business had experienced a cyberattack
- 63% of middle-market businesses that have experienced a cyberattack did not resume normal business operations for over a month
- Only about half of agents (52%) say they talk to their customers often or always about cybersecurity threats
Each year, it seems as though more aspects of our daily lives move online. This is true not only in our personal lives, but also in our business dealings. In this interconnected world, it is increasingly imperative that businesses do everything in their power to protect their digital assets from cybercrime. This position has been further proven this year as COVID-19 drives more Americans to turn to virtual or digital business interactions, which provide cybercriminals with fertile hunting ground for new opportunities to exploit cyber weaknesses.
As 2021 approaches, it is essential for insurance agents to consider their role in cybersecurity and stay up to date on the latest trends in cyber insurance in order to provide sound advice to their clients. Doing so can help agents serve as trusted advisors, deliver value and be true risk management partners to their clients.
Trends within the cybersecurity and cyber insurance landscape were recently examined in Nationwide’s latest Agent Authority research, which surveyed 400 middle-market businesses and 400 independent insurance agents from across the country. In this article, we will examine key findings from that research and explain how independent agents such as you can leverage this information to meet the needs of your clients and prospects year round — not just during National Cybersecurity Awareness Month.
Where middle-market businesses stand
Before examining other cyber trends in the middle market, it is important to get the lay of the land. Nationwide’s research shows that middle-market businesses, which are typically more sophisticated operations, have a greater awareness and are more prepared for cyber threats than small businesses. Relative to their smaller counterparts, middle-market businesses have done a much better job of purchasing cyber insurance coverage. According to the Agent Authority research, 71% of middle-market businesses reported having some form of cyber insurance in place — versus just 17% of small businesses.
The survey results make it clear that many middle-market business owners appear to be more attuned to risks and are proactively preparing their defense. While this is encouraging news for the middle market, this still means more than a quarter of these businesses do not carry dedicated insurance protection for cyber incidents.
Why businesses go without cyber insurance
Forms of cyber insurance have been commercially available since the 1990s. However, there are still a number of misconceptions about cyber risks and their related insurance products, even in the middle market. These misconceptions often act as barriers that agents must contend with when discussing cyber insurance coverage with their clients.
| Top Five Reasons Middle-Market Businesses Go Without Cyber Insurance | |
|---|---|
| Rank | |
| T-1 | Feeling that their business will not be affected by a cyberattack |
| T-1 | Impression that cyber insurance is too costly |
| 3 | Insurance agent has yet to recommend a cyber insurance policy |
| 4 | Feeling that current cybersecurity software provides their business with sufficient protection |
| 5 | Unaware that cyber insurance coverage was available for their business |
Source: Nationwide Agent Authority research on cybersecurity
Complacency is a primary reason that businesses feel they do not need cyber insurance. In fact, a sense that a cyberattack will not affect their business was the number one reason for middle-market businesses not having purchased cyber insurance. Put another way, those businesses are likely to feel they are not an attractive target for cybercriminals. Along similar lines, many businesses feel that their current cybersecurity software is providing sufficient protection to defend against cyberattacks. This line of thinking can be risky, as no business — large or small — is immune from cyberattacks.
Lack of awareness is another factor that contributes to middle-market businesses going without cyber insurance. A number of businesses reported that either their agent had yet to recommend a cyber insurance policy or they were unaware that cyber insurance coverage was available for their business.
While organizations’ reasoning for not having a cyber insurance policy will differ, it is important for agents to be familiar with the most common objections to coverage. This knowledge will help prepare agents to navigate these challenges and better stress the value and necessity of cyber insurance for all businesses.
What motivates middle-market businesses to pursue cyber insurance?
Nationwide’s Agent Authority research also examined the tipping points that convinced business owners to get serious about cyber insurance. On this point, one consistent theme showed through: Education is key to advancing conversations on cyber insurance. According to agents, business owners in the middle market tend to respond to news of cyberattacks as well as reports of businesses such as their own becoming victims of cybercrime. The more well-informed a business is about cyberattacks, the more willing they are to discuss cyber insurance coverage. This speaks to the need for agents to become cyber-literate themselves and truly understand the issues their clients face from a cybersecurity standpoint.
| Top Five Reasons Middle-Market Businesses Go Without Cyber Insurance | |
|---|---|
| Rank | |
| 1 | They have read articles in the news warning about increasing cyberattacks |
| 2 | They have witnessed similar businesses become victims of cyberattacks |
| 3 | They are well-informed about cyberattacks and are thinking ahead |
| 4 | They were recently a victim of a cyberattack |
| 5 | Their agent continuously discusses the need for a cyber insurance policy |
Source: Nationwide Agent Authority research on cybersecurity
While the agents surveyed are well aware of the knowledge and protection gap, only about half (52%) say they talk to their customers often or always about cybersecurity threats. This highlights a potential opportunity for agents moving forward to provide even more support in the cybersecurity and cyber insurance space.
The importance of coverage and a proactive approach to cybersecurity
The importance of proper cybersecurity and cyber insurance coverage cannot be understated. According to the Nationwide Agent Authority research, 42% of middle-market business owners reported that their business had experienced a cyberattack. Thankfully, 93% of these businesses reported having cyber insurance in place to cover that attack. However, this does not mean that the businesses were not impacted.
While many business leaders often focus on the potential financial impacts of cybercrime, the day-to-day disruptions that cyber incidents can cause should not be overlooked. According to our research, 63% of middle-market businesses that have experienced a cyberattack did not resume normal business operations for over a month. This statistic speaks volumes to the potential business interruptions cyberattacks can inflict.
These findings highlight both the need for middle-market businesses to obtain proper cyber insurance and also for those same businesses to leverage their carrier partner for cybersecurity loss control resources. Doing so can not only help prevent cyber incidents from occurring in the first place, but can also position businesses to respond in an effective manner in the unfortunate event that a cyberattack occurs. Knowing what to do in the event of a cyberattack is critical to limiting the damage caused by an incident, but also reducing the amount of time it takes for a business to resume normal operations.
Trends to watch for in 2021
The Agent Authority research also examined a number of emerging trends, including deepfakes and the Internet of Things (IoT). Deepfakes refer to media — most often videos, but sometimes audio recordings — that have been created, modified or synthesized with the help of machine learning. The goal of deepfakes is to deceive viewers or listeners so that they will believe a false message. These videos or recordings have the potential to harm the reputation of a business or be used as part of extortion campaigns. Middle-market businesses are increasingly worrying about the potential harm of deepfakes.
Concerns business owners have about deepfakes:
-
- 52% — It could lead to extortion attempts against my business
- 51% — It could damage my business’s reputation
- 51% — It could be used to undermine my company’s customer relationships
- 47% — It could lead to fraudulent transfers of funds
- 45% — It could be used to impact sales by spreading false information
Simply put, the IoT refers to a system of interrelated computing devices that are capable of communicating together to perform a task. IoT devices range from simple applications such as smart TVs all the way up to complex industrial systems. As more and more businesses utilize IoT devices, the related risks grow. In fact, 68% of middle-market business owners worry about an IoT device being hacked. This once again speaks to an opportunity for agents to provide counsel to their clients, as 72% of middle-market businesses trust their insurance agent to provide guidance on these devices and the insurance implications.
KEY TAKEAWAYS
- Nationwide’s Agent Authority study surveyed 400 middle-market businesses and 400 independent insurance agents from across the country
- The survey found that middle-market businesses have a greater awareness and are more prepared for cyber threats than small businesses
- But more than a quarter of middle-market businesses still do not carry dedicated insurance protection for cyber incidents, and only about half of agents say they talk to their customers often or always about cybersecurity threats
Survey methodology
Nationwide commissioned Edelman Intelligence to conduct a 20-minute quantitative online survey among a sample of 2,400 U.S. independent insurance agents, small-business owners, middle-market business owners, African American business owners, Hispanic business owners and general consumers between June 9 and June 25 to understand what business owners and consumers value when buying or renewing insurance policies, explore the different challenges each audience faces around insurance, gauge perceptions of the economy and how each audience is managing uncertainty, and find out the actions business owners and consumers have taken as a result of COVID-19 and the conversations they’re having with agents. As a member of CASRO in good standing, Edelman Intelligence conducts all research in accordance with Market Research Standards and Guidelines.