Cyber attacks rise among SMEs while cover levels remain low – Aviva

More than a fifth (21%) of small and medium-sized enterprises (SMEs) have suffered a cyber incident or attack in the past 12 months, yet 34% have no cyber insurance cover, Aviva’s latest SME Pulse survey published today (26 October 2022) revealed.

The most common cyber incidents described by businesses comprised major system failures or outages (8%), theft of funds or phishing (7%), malware infections (6%) and ransomware or extortion attempts (5%).

Responses to the survey also highlighted that 50% of SMEs are more reliant on digital systems than before the Covid-19 pandemic, while 44% now utilise cloud technology.

Aviva’s latest research surveyed 512 British SMEs between 5 and 12 October 2022. 

Considering the responses to the survey, Aviva’s head of cyber Stephen Ridley said: “Cyber crime is a growing problem and it’s alarming that many SMEs either have no cover, don’t know if they’re covered, or are relying on non-specific cover that may not respond in the way that they think it will.”

Cyber misconceptions

Only 8% of survey respondents reported having a specific stand-alone cyber security policy in place, while 10% didn’t know if they had any cyber cover at all.

Out of those SMEs without cyber cover, 38% said the reason for the decision was because they did not believe they would be a target for a cyber-attack. Meanwhile, 27% reported that it was not relevant to their business.

Others said it was too expensive (18%), while 16% said they didn’t know cyber insurance existed and 11% reported not needing cover because the business had spent money on IT security controls.

Ridley continued: “It’s a misperception that because you’re an SME, cyber criminals won’t be interested in you. Often the criminals won’t even know whose system they’ve accessed until they’re in there and they will look to extract whatever value they can.

“People often think because they have got fantastic security, they don’t need to worry, but the impenetrable system just doesn’t exist. Even massive, highly technically savvy companies with big security budgets have fallen victim to cyber attacks.

“Whilst those attacks grab the headlines, lower value but equally disruptive attacks are becoming increasingly commonplace for SMEs.

“The survey shows many businesses believe they are insured but they need to be absolutely sure their policy will do the job.”

Cover requests

In terms of what respondents would like cyber insurance to cover, 52% selected business interruption (BI) cover and 46% chose data breaches.

Around 42% said system failure, network outages, cyber extortion and ransomware needed to be covered, followed by defence costs and damages in the event of being sued (38%), corrupt data (34%), regulatory fines (24%) and lost customers (23%).