A substantial proportion of UK businesses remain unprotected against cyberattacks amid the rising frequency of these unforeseen events, as per a GlobalData survey. Cyberattacks are evolving and employing more sophisticated techniques, making even the largest businesses increasingly vulnerable.
According to GlobalData’s 2025 UK SME Insurance Survey, 40.2% of small and medium-sized enterprises (SMEs) hold cyber insurance. Adoption of cyber insurance rises sharply with business size, ranging from 13.1% among sole traders to 63% among medium-sized enterprises (with 50–249 employees). SMEs hold off from purchasing cyber insurance mainly because they consider it unlikely that their business will be a target of a cyberattack (40.5%), while a further 16.4% find insurance unnecessary as they believe their company is already well protected.
Go deeper with GlobalData
Access deeper industry intelligence
Experience unmatched clarity with a single platform that combines unique data, AI, and human expertise.
What is the main reason for your company not to have cyber insurance? 2025
Meanwhile, recent data from the Association of British Insurers highlights the magnitude of the problem, with cyber insurance claims payouts reaching £197.3m ($257.8m) in 2024, more than triple the £59.7m ($78m) disbursed in 2023. As hackers become more adept with their techniques, both the number and severity of claims have spiralled. The average claim paid was over £276,000 ($360,637.45) in 2024—up from under £113,000 ($147,652.29) in 2023. Malware infection was the most significant claims reason, accounting for almost a third of claims and a much higher 64.5% of payouts.
Average payouts are likely to go up as there is no sign of abatement. 2025 has been characterised by a string of high-profile attacks, with known brands Harrods, Marks & Spencer, and Jaguar Land Rover (JLR) impacted. In fact, JLR was not covered by cyber insurance, signaling that while adoption levels are higher among larger businesses, coverage is still not universal among large corporations.
Businesses with no cyber insurance in place may not necessarily have a safety net to manage the costs and reputational damage associated with a cyberattack if one arrives. Given that these incidents can be particularly costly, some businesses may well end up having to close their operations for good. Cyber insurance policies offer better resilience as they can assist with forensic investigation and data restoration, legal fees, regulatory fines, lost revenue during downtime, and crisis management.
US Tariffs are shifting - will you react or anticipate?
Don’t let policy changes catch you off guard. Stay proactive with real-time data and expert analysis.
By GlobalDataBrokers will play a crucial role in educating clients on the importance of cyber insurance. Further findings from GlobalData’s 2025 UK SME Insurance Survey reveal that the main trigger to purchase a cyber insurance policy was because a broker advised them to (26.7%), closely followed by media reports of cyberattacks (26.2%). Businesses with no cyber insurance are highly vulnerable to the impacts of a cyberattack; this is particularly true for SMEs due to their perceived weaker security, while they are inherently less resilient. Insurers should look to develop more tailored solutions given that many smaller businesses operate on tight margins, often viewing cyber insurance as an unnecessary expenditure.
