’Insurers need to show they can help businesses stop attacks by offering preventative coverage, security systems and staff training’ says GlobalData insurance analyst

Cyber insurance penetration remains low for SMEs in the UK – only 56.2% of medium-sized businesses, 40.0% of small businesses and 16.8% of micro businesses had a cyber insurance policy in 2022, according to results from GlobalData’s latest survey, released today (10 October 2022).

GlobalData’s 2021 and 2022 UK SME Insurance Survey revealed that many UK SMEs remain uninsured for cyber risks, despite their awareness of the increased risks they face from cyber attacks compared to before the Covid-19 pandemic.

When asked, 32.7% of SME respondents in this year’s survey said they believed cyber risks had either increased or significantly increased since the pandemic – this was an increase from the previous year’s survey, when 30.7% of respondents said the same. 

However, 61.8% of SMEs this year said that cyber risks had neither increased or decreased – this was compared to 63.6% in the previous year’s survey.

GlobalData’s research surveyed 2,000 SMEs in the UK and was carried out across Q3 2022. 

Ben Carey-Evans, senior insurance analyst at GlobalData, said: “Insurers need to show they can help businesses stop attacks by offering preventative coverage, including security systems and staff training, which would make the often expensive premiums worth paying.”

Targeted SMEs

Last month both Revolut and Holiday Inn were hit by cyberattacks.

Carey-Evans continued: “This degree of concern is likely to have been increased by high-profile businesses in the UK continuing to fall victim to cyberattacks. Holiday Inn announced it had been hit on 7 September 2022, which stopped its online systems from working.

“Similarly, digital bank Revolut announced it had been a victim on 20 September 2022. This saw a third-party gain access to a small (0.16%) proportion of its customers’ data for a period of time.

“These prominent attacks will raise awareness among SMEs that anyone can be targeted and that cyber attackers can cause disruption in a range of different ways. Larger businesses are also more likely to have more robust IT systems in place, so it is likely to be easier to attack an SME.”

SMEs_Globaldata 2022