Sponsored content: Ian Summerfield, head of cyber at Pen Underwriting, discusses trends in cyber crime and how the sector can stay ahead
People often talk about the essential triumvirate needed for effective cyber risk solutions. Because, without the twin ‘superpowers’ of risk mitigation and skilled breach response, the insurance indemnity in the middle sits significantly exposed – meaning claims frequency, cost and duration can spiral.
These elements are not only of equal importance – they are also interdependent in their relationship to one another.
Take the role of breach response teams. It is their first-hand experience of cyber crime trends, tactics and new nuances that feeds directly back into the actions that we, as cyber underwriting specialists, take to further improve risk management, loss prevention and policy coverage to drive the best customer outcomes in a fast moving risk space.
While we might not benefit from any superhero, superhuman sense of imminent dangers to divert and protect against, what we do have is data. And lots of it.
Breach responders and claims experts are our first port of call when deciding on and developing any tangible enhancements to overall offerings. So, what trends are we seeing when it comes to SME exposure?
SME risk trends
After a small lull at the start of 2025, we’ve seen ransomware attacks increase in frequency since the mid-point of the year.
Ransomware is arguably the most devastating type of SME attack because of the huge potential impact it can have on day-to-day business operations, as well as liabilities in respect of stolen data, if specialist help, intervention and support are not available.
Loss of systems and data through encryption and extortion could literally lead to the loss of an SME’s business. So, it is not surprising that the provision of expertise and resources to navigate ransomware attacks is our most in-demand service.
Right up there, vying for top SME cyber crime spot, is email compromise. Alongside ransomware, these are the most frequent types of incidents we see impacting SMEs, with human error the primary cause.
Unauthorised access to email resulting in attempts to misdirect payments or use of the account to send phishing emails is all too easily achieved through the inadvertent clicking on links or disclosing of credentials.
The frequency with which it is impacting SMEs also underlines the importance of the feedback loop into risk mitigation measures to tackle it through ongoing and tailored employee training as tactics evolve.
Bypassing security
Although the increased prevalence of two-factor authentication has improved resilience in this area, we now see instances where this is bypassed. For example, by the employee also disclosing verification codes, authorising access requests and other means. These incidents can be particularly costly – not only due to payment losses, but associated regulatory compliance following access to data within the mailbox.
Two other trends worthy of highlight by brokers in discussions with their SME clients are supply chain vulnerability and impersonation scams. Our data shows both are on the rise.
The increase in attacks we are witnessing on suppliers can impact SMEs two ways. If the SME is the supplier themselves, this can have huge ramifications and significant consequences for multiple customers. Equally, we see SMEs having to grapple with the downstream impact of a data breach or cyber incident at a commonly used supplier.
SMEs should also be alive and alerted to the rise in impersonation scams. We’re seeing an increase in companies having their online identity stolen, be that a complete copy of their website stolen and rehosted – such as with hidden text relating to gambling to increase that gambling website’s SEO rankings – or for other nefarious means.
All of which goes to prove – cyber risk never stands still, so we can’t either.
