Despite considering themselves too small to be targeted, small & medium enterprises (SMEs) are severely exposed to the risk of cyber-attacks and are not taking advantage of cyber insurance to help mitigate this risk, according to research from the Association of British Insurers (ABI).
Launched at the ABI’s inaugural Cyber Conference, the research identifies a severe cyber protection gap in the SME segment, which in turn makes these businesses a far easier and a more attractive target for cyber criminals.
There are 5.6 million SMEs in the UK, contributing more than £2.6 trillion in turnover and accounting for 99% of all businesses.1 A survey undertaken in 2024 found that 50% of UK businesses suffered some form of cyber security breach or attack.
‘Cyber resilience for SMEs: The Insurance Gap Explored’ explores how cyber insurance can help to prevent and alleviate the impact of cyber-attacks and cyber breaches - ultimately boosting the UK’s resilience.
Conducted in partnership with Grant Thornton, the report makes several recommendations to encourage a greater uptake of cyber protection products amongst SMEs, such as:
- Driving awareness though campaigns to help address the lack of understanding about the threats that cyber-attacks pose
- The use of clearer and consistent language and terminology to boost understanding and increase uptake of cyber insurance. Take-up is currently hindered by technical language which makes it difficult for SMEs to understand cyber risks and interpret the value that insurance products can offer
Together, improved awareness, increased investment, appropriate training, and risk mitigation, can ultimately contribute to the enhanced security and stability of the UK economy.
Laura Hughes, ABI Head of General Insurance Policy, said: “SMEs represent the backbone of the UK economy. Without adequate protection they are at particular risk from cyber-attacks and breaches, which is likely to only increase as more SMEs use increasingly complex technology.
“Our research has shown that, beyond financial safeguards, those who take out appropriate insurance also benefit from improved cybersecurity practices and education about the risks they face and tools on how to manage them. Improved awareness and understanding of cyber insurance as a preventative solution is crucial to help protect the UK from these modern-day threats.”
Vijay Rathour, Advisory Partner, Cyber and Digital Investigations at Grant Thornton UK LLP, said: “Previous research from Grant Thornton highlights that almost every business in the UK has encountered a data breach in the last three years. 2 With most of these incidents costing between £50,000 to £250,000 to address, cyber risk mitigation needs to be a top priority for business leaders. Preparing and testing training protocols, implementing data security and incident response plans, and putting in place effective Cyber Insurance solutions will reduce the risk and cost of a cyber incident.”
Notes for Editors
2 The digital CFO: Obstacles to bridging the worlds of tech and finance | Grant Thornton