CFC Underwriting says the industry ‘must do better at articulating the value of this cover’

Around a quarter (23%) of small to medium sized enterprises (SMEs) believe that cyber insurance is not fit for purpose, according to joint research by insurer CFC Underwriting and Biba-accredited premium finance firm Premium Credit.

The survey of 338 SME owners and senior managers, conducted at the end of last year, also found that 19% of respondents do not understand cyber insurance and a further 10% believe they cannot afford it.

Nearly two-thirds (63%) of SME owners, on the other hand, state that their organisation has never even been offered this type of cover.

A third of SMEs that have been offered cyber insurance have opted not to invest in it – many feel that their organisation is too small to be targeted, with 30% of firms that don’t have cyber cover citing that cyber security is not a big enough concern for them.

Better articulation

Pat Brice, distribution director at CFC Underwriting, said: “What this research shows is that we all must do better at articulating the value of this increasingly important cover.

“It is becoming apparent that businesses are far more likely to fall victim to cyber crime than they are to traditional crime, yet they routinely don’t have the cyber protection they need.

“Insurance providers and brokers need to work together to make sure they are encouraging businesses in all industries to complement good cyber security with cyber insurance in case the worst happens.”

Preventative measures

The joint research, however, found that only 3% of SMEs are doing nothing to protect themselves from cyber risks.

Nearly three-quarters (71%) of respondents use antivirus software, 66% regularly back-up their data, 57% scan for malware and change their passwords, 47% back-up their data to the cloud and 46% ensure all laptops use encryption.

Other measures being implemented by SMEs include devices being used outside the office having password or pin protection (43%) or being able to be locked or tracked if stolen (38%), password manager systems (37%), patching all software and firmware using the latest manufacturer software (33%) and that staff sending sensitive data outside of the organisation use a virtual private network (VPN), 3G or 4G (24%).

Adam Morghem, strategy and brand director at Premium Credit, added: “Cyber security is a growing risk. The Federation of Small Businesses data estimates SMEs are subject to around 10,000 attacks a day, costing as much as £4.5bn a year.

Cyber insurance is now a critical cover to every business, and the penetration needs to increase.”