A considerable proportion of global SMEs have fallen victim to a cyberattack, yet cyber insurance penetration rates remain stubbornly low, as per a GlobalData survey. While the number of cyber-related claims went down in Europe in 2025, the severity of claims remains a concern of the industry, putting upward pressure on premium rates.
According to GlobalData’s 2025 SME Survey, 34.7% of global SMEs had experienced a cyber incident in the past three years. In Europe, German SMEs are the most vulnerable to cyberattacks, with this figure rising to 40.3%. Yet cyber insurance is often viewed as an unnecessary product, with just 16.8% of global SMEs stating they have a standalone policy in place. While some SMEs may be protected against cyber risks as part of another insurance policy, low penetration rates are alarming, signalling that most SMEs could be underinsured.
Go deeper with GlobalData
Access deeper industry intelligence
Experience unmatched clarity with a single platform that combines unique data, AI, and human expertise.
Marsh’s Europe Cyber Claims Report highlights that cyber threat notifications declined in Europe in 2025, driven by fewer large-scale systemic incidents. Yet the financial consequences of a cyberattack remain significant, with claim severity increasing.
While a fall in claims suggests that organizations are improving their cyber defences, low cyber insurance rates among SMEs suggest that many smaller businesses are still overlooking cover—possibly because they do not understand the value of such policies.
Smaller businesses are less likely to have the same level of technical defence as larger enterprises, making them more vulnerable. Hackers will naturally view SMEs as easier targets. A sizable cyberattack will have a massive financial impact on a large corporation, but on a smaller, less resilient business, an unexpected cash drain can cause immediate insolvency if they are not protected by an adequate cyber insurance policy.
Cyber insurance is characterised by high premium base lines to ensure profit margins, as providers grapple with ever-evolving risks and limited data. As a result, many smaller businesses have been priced out, unable to afford cyber cover. To bridge this gap, insurers must make cover accessible for small businesses through continuous risk monitoring and promoting good digital practices.
