GlobalData findings suggest that SMEs are more wary about the threat of cyberattacks than they were in 2021, but Aviva ’s latest SME Pulse survey found that over a third of SMEs have no cyber insurance. Disruption is not a good thing for cyber cover
Low cyber insurance penetration rates are not necessarily due to a lack of concern. GlobalData’s 2022 UK SME Insurance Survey found that 50.7% of SMEs are concerned about the risk of a cyberattack – a 1.2 percentage point increase from 2021. Despite this, Aviva’s October 2022 SME Pulse survey found that 34% of such businesses have no cyber insurance cover while 21% have suffered a cyberattack in the last 12 months.
Price remains a key barrier to entry for SMEs, with 17.1% citing this factor as the main reason they do not have cyber insurance cover as per GlobalData’s 2022 survey. Additionally, 37.1% of respondents said that the reason for canceling or switching their cyber insurance policy was because they needed to cut costs. The lack of uptake is somewhat understandable with many SMEs looking to cut costs wherever possible amid surging inflation and energy prices. Yet the financial and reputational cost of being a victim of a cyberattack can be fatal, especially in such uncertain macroeconomic conditions.
Cybercrime is an increasing problem. It is alarming that many SMEs have no cover as the damage caused can be huge. Despite being increasingly concerned about the risk of cybercrime, 42.6% think it is unlikely their company will be a target of a cyberattack according to GlobalData’s 2022 survey. Yet as Aviva’s findings highlight, this is a common misconception. Aviva’s survey also found that 59% of SMEs thought that in the event of losing access to files and systems in a cyberattack they could be back to normal within a month. Others estimated it could take far longer. For many SMEs, being out of business for over a month would ultimately end in business closure.
Overall, the cost of falling victim to a cyberattack far outweighs the cost of a cyber insurance policy. Insurers need to communicate the importance of these policies and convince SMEs that they need to increase their protection as cyberattacks become a growing concern.