‘The rapid adoption of new tools, techniques and procedures by threat actors is outpacing traditional risk assessment models,’ says report

Many UK SMEs are underestimating the risks that cyber attacks pose to their operations and are not allocating sufficient budget to their cover.

This is according to a report from professional services firm Grant Thornton, commissioned by the UK government department for science, innovation and technology, which investigated adoption challenges, costs and perceptions of the SME cyber market.

The report found that some 35% of small businesses reported having no cyber insurance at all, with cost (36%), unclear advice from brokers (31%) and perceived lack of necessity (28%) the most commonly cited prohibitory factors.

Furthermore, 59% of insured small businesses were found to have coverage limits of no more than £1m, with the median cost of a policy standing at £11,500, values the report described as “relatively modest”.

That cover tended to focus on business interruption and crisis management provisions. Firms that had more comprehensive policies including assistance with PR services, ransomware, extortion and data breach coverage saw median policy prices climb to £55,000.

Policy confusion

The report also found that a lack of understanding of policy details and wording was prevalent, a fact that was not unexpected given the complicated and changing nature of cyber coverage.

The report explained: “The rapid adoption of new tools, techniques and procedures by threat actors is outpacing traditional risk assessment models.

“For instance, while conventional models might evaluate risks based on historical data and static threat landscapes, cybercriminals are now using sophisticated methods such as AI-driven phishing, automated ransomware deployment and real-time dark web monitoring to quickly adapt and launch attacks.

“Many SMEs, constrained by tight budgets and basic cyber security measures, often resort to self-insuring. This approach, although seemingly practical in the short term, exposes them to potentially catastrophic financial impacts when a major incident occurs.”

Insurance Times Fantasy Football