Most bosses think that traditional insurance policies cover them for cyber-attacks but specialist cover is needed 

Nearly half of all business owners (43%) buy a policy direct from an insurer, without the advice of a broker.

This leaves them potentially unaware of the risks their businesses may be exposed to, with the majority of businesses (82%) not having specialist insurance in place to cover them against the cost and impact of a cyber-attack.

And although 2.3m (39%) of all UK business leaders say that cyber attacks are one of their biggest concerns, less than one in five (18%) companies have a standalone cyber insurance policy to cover them, according to research by Gallagher.

The broker found that bosses mistakenly think that traditional business insurance typically covers these costs, without realising that specialist cover is needed.

This demonstrates that the issue of silent cyber exposure is being caused by UK business leaders thinking traditional insurance covers them.

Biggest risk

Tom Draper, head of cyber at Gallagher, said: “It is evident from our research that many bosses believe they are covered in the event of a cyber-attack, however traditional or off the shelf business insurance policies do not typically provide cover for cyber related issues.”

He said that the issue of cyber-crime is “one of the biggest risks” facing businesses today.

“Clearly there are practical steps businesses can take to help protect against cyber-attacks, but unfortunately the risk remains significant and many businesses are leaving themselves exposed to financial and reputational damage if they do not consider having specialist insurance in place,” he added.

The most common types of cyber issue are:

Phishing attacks (identified by 80% of business that experienced a problem)

Impersonation in emails or online (28% of businesses) and viruses, spyware or malware Ransomware attacks (27% of businesses)

For the majority of businesses surveyed 59% of leaders in larger organisations cite cyber-attacks and data breaches as a big issue.

This is compared to a minority of bosses running firms employing 50 people or less (19%).

Meanwhile last year, a third of all businesses (32%) admitted they had been subject to a cyber-security breach or attack, showing that the risk is considerable to businesses of all sizes.

“While there is evidence to suggest larger businesses are more commonly targeted, small and mid-size businesses are still very much exposed to cyber security breaches or attacks and may not have sophisticated protection in place like large businesses, and cyber criminals will be aware of this vulnerability.

“They are also liable to be caught up in cyber-attacks aimed at third party suppliers or those targeted at common systems and software, such as the cloud, on which their business may rely,” Draper added.

Major discrepancies

But on an industry sector basis, there are also major discrepancies in bosses’ views on cyber-attacks.

Over half (54%) of leaders in the manufacturing sector believe cyber-attacks are an issue mainly for other types of organisations, followed closely by healthcare leaders at 42%, and 44% of those in transport.

However, all three of these sectors are at high risk of cyber-attacks or data breaches.

Draper added: “Our data shows that bosses in some industries think they are less likely to be targeted but the reality is that the majority of businesses now have some exposure to cyber-crime. Both healthcare and manufacturing are industries that have been singled out as at high risks.

“In healthcare this is due to the nature of customer information they handle. The manufacturing sector, which includes automotive, electronics and pharmaceutical companies, is particularly vulnerable because cyber-attacks are primarily financially motivated and are therefore likely to target businesses where they can demand a high amount of money as well as sell information to competitors.”