Kathmandu. With cybersecurity breaches on the rise, many small and medium enterprises around the world are increasingly vulnerable.
A recent study by the Geneva Association shows this. The association warned of the under-use of cyber insurance, saying that only about 10% of small and medium-sized enterprises worldwide have cyber insurance. “In some countries, especially for very small firms, it may be even lower,” the association said.
According to a report prepared by Darren Payne, research director at the association, and Sasha Romanowski, senior policy researcher at RAND, 92% of cyber losses are covered by insurance, and the average payment for small and medium enterprises covers about 70% of incident costs. In the last 15 years, the average annual loss from cybersecurity breaches has increased 15-fold, from $190,000 to nearly $3 million.
In the top 10% of the largest incidents, the average damage increased to more than $28 million in 2024. This means that cyber insurance is now doing more than just transferring risk. Insurance companies are setting basic safety requirements, providing monitoring and alerts, and helping to cover expert response costs when incidents occur.
The report shows that cyber insurance is also changing behaviour. It cites a 2024 survey that says “76% of companies have increased cybersecurity spending to qualify for coverage.” ’
However, the report shows that insurance companies still face limitations. These include difficulty accurately estimating risk, limited information about policy support services, and uncertainty about the damage caused by major cyber incidents. –Agency
