Price is a key barrier to cyber insurance take-up, but potential risk keeps arising amid the Russia-Ukraine war and continued remote working following the pandemic.
Our 2021 UK SME Insurance Survey found that the leading reason why SMEs did not have cyber insurance was because they thought it was unlikely their company would be a target of a cyberattack (38%). However, the leading reason why SMEs cancelled policies in 2021 was because they needed to cut costs (29%).
The need for cyber insurance had been highlighted throughout the pandemic, as employees working remotely has left companies more susceptible to cyberattacks. This led to an increase in phishing attempts and several high-profile attacks, with the UK government releasing a ‘Cyber Security Breaches Survey 2022’ in March 2022. This found that 39% of UK businesses had been victim of at least one cyberattack in the past 12 months. News stories such as this will see reduced resistance to purchasing cyber insurance because of SMEs not seeing themselves as targets, but price will remain a stumbling block to uptake.
The issue for insurers and potential customers is that as this risk increases, so will the cost of premiums. This is already a significant obstacle and the leading cause for existing customers canceling policies. Therefore, even if these SMEs do become more concerned, they are unlikely to be willing to pay even higher premiums. Cyber insurance is a difficult product for insurers to price, as unlike other products, they cannot look to limit risk, as any SME could be hit by a cyberattack at any time, and the costs can be significant.
The Ukraine-Russia war has only heightened potential risks further, with Aviva saying this week that SMEs need to take on more cybersecurity, with the threat continuing to grow. The UK’s National Cyber Security Centre (part of GCHQ) advised all organisations in the UK to bolster their cybersecurity in March 2022, specifically due to the increased risk posed from the Ukraine-Russia war. Companies with any links to Russia will be targets for hackers, while there is likely to be an increased threat from Russian hackers to Western businesses.
Therefore, the number of SMEs not purchasing cyber insurance because they do not see themselves as a target should reduce, as high-profile attacks and warnings emphasise that anyone is vulnerable. However, the issue of pricing remains, as premiums will get more expensive, while SMEs are already struggling with a difficult economic environment.