For an optimal site experience, we recommend using a different browser.
Using Internet Explorer may prevent you from accessing, and some site features may not function as expected.

skip to main content

Small companies not under the radar for cyberattacks

handshaking for agreement

The devastation caused by the WannaCry ransomware attack in May will not be forgotten anytime soon. It resulted in billions of dollars in losses and serves as a cautionary tale that every networked device is a potential target of cyberattack.

As businesses gear up to embrace Industry 4.0, they should also be looking at protecting themselves, says Stanley Wong, regional head of financial lines at Chubb Asia Pacific Pte Ltd, who was addressing a 500-strong crowd at The Edge SME Forum 2017 in Kuala Lumpur recently.

Wong says a common misconception among small and medium enterprises (SMEs) is that their operations are too small to be noticed by predators and, hence, do not need cyber protection.

The targets of cyberattacks are not only IT or large companies. “The statistics show that healthcare is one of the sectors most affected by cyberattacks because of the kind of data it has. Hospitals have all your details stored, including your credit card information,” says Wong.

According to Chubb’s global claims data, compiled over the past 10 years, the cyberattacks on the healthcare industry made up 30% of the total claims filed as at October 2015. This was followed by professional services (14%), technology (11%), retail (9%) and financial institutions (7%).

Evidently, the cyberattackers are ruthless when it comes to breaching private data, and no sector is safe, stresses Wong. “One of our clients was affected by the WannaCry ransomware and the attacker demanded US$300 worth of bitcoins. It may not seem like much, considering the kind of information you may lose if you do not make payment, but how many companies in Malaysia actually trade in bitcoin? How many even know anything about the cryptocurrency for that matter?”

A study conducted by security products and solutions provider Symantec Corp found that last year’s cyberattacks involved a multimillion-dollar virtual bank heist, overt attempts to disrupt the US electoral process by state-sponsored groups and some of the biggest distributed-denial-of-service (DDoS) attacks on record, powered by a botnet of Internet of Things (IoT) devices.

According to the 2017 Internet Security Threat Report (ISTR), ransomware is one of the common threats plaguing businesses and consumers, with indiscriminate campaigns producing massive volumes of malicious email. “Attackers are demanding more and more from victims. The average ransom demand last year was US$1,077 compared with US$294 in 2015,” it says.

Referring to the 2016 ISTR report, Wong points out that the number of attacks on small companies with fewer than 250 employees rose from 18% in 2011 to a whopping 43% in 2015. Meanwhile, attacks on large enterprises with more than 2,500 employees decreased from 50% in 2011 to 35% in 2015.

Wong says the US appears to be most targeted country because its legislation requires that consumers be notified when such breaches take place. In other regions, cyberattacks sometimes go unreported.

This is where cyberinsurance is crucial, he says. The WannaCry ransomware attack, for example, hit over 200,000 computers and crippled government and private infrastructure in more than 150 countries. The losses are believed to be in the billions of dollars.

“At least big companies can afford to pay and have their own teams to keep tabs of breaches. The same cannot be said of small companies. If you have some form of software installed that offers protection, you need to make sure that it is continually updated so that your network systems are safe. What if one employee forgets to update it? You are the one exposed, not the software provider,” says Wong.

Cyberinsurance policies reimburse a company for immediate cleanup costs such as hiring a forensics firm and notifying customers, he adds. Some also cover legal fees and the cost of hiring a crisis management firm. In the event of a ransomware attack, the ransom is paid in full while investigations are underway.


Written by Pathma Subramaniam / The Edge Malaysia.
This article first appeared in EnterpriseThe Edge Malaysia Weekly, on July 24, 2017 - July 30, 2017.


© 2022 Chubb. All rights reserved.

No part of this article may be reproduced in any written, electronic, recording, or printed form without written permission of Chubb.

Disclaimer - All contents of this article are intended for general information/guidance purposes only and not intended to be an offer or solicitation of insurance products or personal advice or a recommendation to any individual or business of any product or service. This article should not be relied on for legal advice or policy coverage and cannot be viewed as a substitute to obtaining proper legal or other professional advice, or for reading the policy documents. You should read the policy documents to determine whether any of the insurance product(s) discussed are right for you or your business, noting different limits, exclusions, terms and conditions apply in each country or territory, and not all cover is available in all countries or territories.

Contact us
Contact us

Have a question or need more information?

Contact us to find out how we can help you get covered against potential risks