’The challenge for insurers and brokers is to work together to engage businesses,’ says head of cyber 

Brokers have a key role to play in educating customers about emerging cyber risks, as only 36% of businesses have cyber cover according to Aviva’s latest research, published today (6 December 2023).

To help brokers increase the penetration of cyber policies, Aviva has launched accredited training programmes as well as its Campaign in a Box to provide marketing tools for brokers.

The research surveyed around 1,200 UK businesses of all sizes and industries, revealing that one in five businesses had been hit by a cyberattack in the last year.

Meanwhile, it also revealed that, at 51% of mid-market businesses, this size of business was the most likely to have cyber cover in place. This was closely followed by large corporates, with 45% of those firms surveyed having the cover in place.

However, only 17% of small businesses said they had a cyber insurance policy – and the same proportion said they were unaware that cyber insurance existed.

The research also found that more than half (67%) of surveyed businesses are more likely to have experienced a cyber incident as opposed to a physical theft – and five times more likely to have been hit by a cyber attack than a fire.

Stephen Ridley, head of cyber at Aviva, said: “There is a compelling need for brokers to help educate their clients about the evolving risk of cyber and the need for businesses to protect themselves.

“Cyber insurance must now be considered as essential as property and liability insurances – and brokers play an integral role in helping their customers close the protection gap.

”The challenge for insurers and brokers is to work together to engage businesses and ensure that they are protected from this emerging risk.”

In October 2023, Aviva launched Cyber Respond, a new cyber insurance policy targeted at micro-SMEs, which focuses on breach response services.

Low cyber uptake

Ridley added: “The low takeup of cyber insurance, coupled with the relatively high incidence of an attack, highlights the serious nature of the cyber risk facing businesses.”

The firm’s research found that only 30% of businesses had reviewed their cyber policies in the last 12 months, with this proportion dropping to 16% for small businesses.

More than half (54%) of small businesses said they did not intend to review their cyber cover requirements, while only 51% of those surveyed said they knew what to do in the event of a cyber attack – with this dropping to 39% for small businesses.

The three biggest concerns for businesses were found to be loss of data (54%), a malware attack (46%) and operational disruption (43%).

Business interruption was also a theme for those that had experienced a cyber-attack, while 21% suffered data loss and system lockdowns.

Businesses claimed on average £21,000 per incident, according to the insurer.

On the flipside, the majority (97%) of surveyed businesses said they had taken some or all of the necessary actions to improve cyber security.