‘Their lack of cyber resilience can have serious consequences, not only for their own organisations, but also for their supply chains,’ says head of cyber
Small and medium enterprises (SMEs) have been warned that a lack of cyber resilience can have “serious consequences” as cyber threats continue to grow.
Gamze Konyar, head of cyber at Marsh Europe, said that SMEs are ”considered to be the backbone of the financial system” and are as much a target for cyber criminals as larger firms.
This comes after Claud Bilbao, regional vice-president of underwriting and distribution at Cowbell UK, highlighted that while 77% of UK SMEs lack in-house security, 32% of chief executives remain confident that a cyber attack would not impact their operations.
“But here’s the truth – cyber resilience is not an add-on or a nice to have. It needs to be a priority from day one,” he added.
And speaking at Marsh’s H1 2025 Cyber Market Update in June of this year, Konyar said: “According to the European Union’s (EU) annual report, SMEs make up over 99% of the businesses in the EU and are considered to be the backbone of the financial system.
“Therefore, their lack of cyber resilience can have serious consequences, not only for their own organisations, but also for their supply chains.
“SMEs can also manage sensitive customer data – including personal information, financial records or intellectual property – and a lack of cyber resilience increases the risk of data breaches.”
Breaches
Data breaches cost UK businesses an average of £3.2m in 2023, with the UK being the sixth most expensive country for data breaches in the world, according to the Cost of a Data Breach Report 2023.
Read: Cyber resilience is imperative for SMEs – Cowbell UK
Read: Brokers must bolster commercial cyber cover takeup
Explore more cyber-related content here, or discover other news stories here
This is in addition to the government’s Cybersecurity Breaches Survey, published on 24 January 2024, which revealed that 59% of medium-sized businesses experienced cyber breaches or attacks in the previous 12 months.
Florian Sättler, cyber incident management leader at Marsh Europe, explained that not only are attacks becoming increasingly prevalent, but threat vectors are evolving.
He said: “In 2024, cyber claims notifications to Marsh increased by 61% compared to 2023. We recognise that contributing factors were on the one hand the evolving threat landscape, but also how the organisational and tech service was growing – and that was tied to the still increasing use of digital tools, systems and interconnectivity with internal systems, but also with external applications.”
Macarena Bandrés, cyber placement leader at Marsh Europe, added: “From a risk environment perspective, notifications are rising and stabilising at a high level. Aggregation exposure and supply chain risk remains a top concern, with insurance products effectively addressing these issues.
“Cyber extortion is still significant, with business interruption being the main impact of ransomware attacks.”
She also said there were companies that ”are now much better prepared and more resilient for these kinds of incidents”, but warned of lower penetration rates in the cyber market.
“Pricing and purchasing in the mid-market are becoming more competitive due to the increased capacity and lower penetration rates in this segment. Capacity per layer is still growing into 2025,” she said.

He graduated in 2017 from the University of Manchester with a degree in Geology. He spent the first part of his career working in consulting and tech, spending time at Citibank as a data analyst, before working as an analytics engineer with clients in the retail, technology, manufacturing and financial services sectors.View full Profile
No comments yet