‘The rapid adoption of new tools, techniques and procedures by threat actors is outpacing traditional risk assessment models,’ says report
Many UK SMEs are underestimating the risks that cyber attacks pose to their operations and are not allocating sufficient budget to their cover.
This is according to a report from professional services firm Grant Thornton, commissioned by the UK government department for science, innovation and technology, which investigated adoption challenges, costs and perceptions of the SME cyber market.
The report found that some 35% of small businesses reported having no cyber insurance at all, with cost (36%), unclear advice from brokers (31%) and perceived lack of necessity (28%) the most commonly cited prohibitory factors.
Furthermore, 59% of insured small businesses were found to have coverage limits of no more than £1m, with the median cost of a policy standing at £11,500, values the report described as “relatively modest”.
That cover tended to focus on business interruption and crisis management provisions. Firms that had more comprehensive policies including assistance with PR services, ransomware, extortion and data breach coverage saw median policy prices climb to £55,000.
Policy confusion
The report also found that a lack of understanding of policy details and wording was prevalent, a fact that was not unexpected given the complicated and changing nature of cyber coverage.
Read: Cyber insurance market surges as threats diversify
Read: Recent international retail attacks ‘not big enough’ to harden cyber market
Explore more cyber related content here, or discover other news stories here
The report explained: “The rapid adoption of new tools, techniques and procedures by threat actors is outpacing traditional risk assessment models.
“For instance, while conventional models might evaluate risks based on historical data and static threat landscapes, cybercriminals are now using sophisticated methods such as AI-driven phishing, automated ransomware deployment and real-time dark web monitoring to quickly adapt and launch attacks.
“Many SMEs, constrained by tight budgets and basic cyber security measures, often resort to self-insuring. This approach, although seemingly practical in the short term, exposes them to potentially catastrophic financial impacts when a major incident occurs.”
He graduated in 2017 from the University of Manchester with a degree in Geology. He spent the first part of his career working in consulting and tech, spending time at Citibank as a data analyst, before working as an analytics engineer with clients in the retail, technology, manufacturing and financial services sectors.View full Profile
No comments yet