Few SMEs Have Cyber Insurance Despite Growing Cyber Threats, ABI Report Warns

Posted on By Martin Hinton

Small and medium enterprises (SMEs) vastly underestimate their risk of cyber-attacks, leaving them vulnerable due to low cyber insurance adoption, according to a new report from the Association of British Insurers (ABI).

Despite making up 99% of UK businesses and generating over £2.6 trillion in turnover, SMEs remain under-protected from cyber threats. The ABI’s report, Cyber Resilience for SMEs: The Insurance Gap Explored, highlights a major cyber protection gap, making SMEs easier targets for cybercriminals.

ABI logo featuring stylized text with colored vertical lines on the left.
SMEs at Risk but Unprepared

A 2024 survey found that 50% of UK businesses suffered a cybersecurity breach or attack. However, many SMEs believe they are “too small” to be targeted and are not investing in cyber protection.

The ABI’s report urges SMEs to recognize cyber insurance as a key tool to reduce cyber risks and improve resilience. These businesses face significant financial and operational damage from cyber-attacks without adequate protection.

Challenges to Cyber Insurance Adoption

The report, developed with Grant Thornton, offered several explanations for why SMEs don’t secure cyber insurance:

  • Lack of Awareness – Many SME owners do not understand the scale of cyber risks or the benefits of cyber insurance.
  • Complex Terminology – Technical language in cyber policies makes it difficult for SMEs to assess coverage options.
  • Perceived Cost – Some businesses see cyber insurance as an unnecessary expense rather than an essential safeguard.
Call for Greater Awareness and Simplified Policies

The ABI recommends targeted awareness campaigns to educate SMEs on the importance of cyber resilience. Simplified policy language and clearer explanations of cyber risks are also necessary to boost cyber insurance adoption.

“SMEs are the backbone of the UK economy,” said Laura Hughes, ABI Head of General Insurance Policy. “Without adequate protection, they are at risk of costly cyber-attacks, which will only increase as they adopt more advanced technology.”

The Cost of Cyber-Attacks

Grant Thornton’s research found that nearly every UK business has experienced a data breach in the past three years. The financial impact is severe, with most incidents costing between £50,000 and £250,000 to resolve.

“Cyber risk mitigation needs to be a top priority,” said Vijay Rathour, Advisory Partner at Grant Thornton UK LLP. “Businesses must implement security training, data protection measures, and incident response plans. Effective cyber insurance solutions can help reduce the financial and operational impact of an attack.”

A Critical Step for UK Economic Stability

Summing up, Improved awareness, increased investment, and better cybersecurity training are essential for the UK’s economic resilience. By addressing the cyber insurance gap, SMEs can protect themselves against growing cyber threats and strengthen the nation’s cybersecurity landscape.

Other News: ABI and Lloyd’s Publish Comprehensive Guide on Defining Major Cyber Events(Opens in a new browser tab)

Martin Hinton

Martin Hinton is the Executive Editor and Publisher of Cyber Insurance News and Information. With over three decades of journalism experience across six continents, his work encompasses investigative reporting, documentaries, and coverage of cultural, political, and business news. To learn more about his career, click on his name to visit his LinkedIn page.

Cyber Insurance for SMEs/SMBs, Cyber Insurance Reports, Cyber Insurance UK Tags:, , , , , , , , , , , , , , , ,

Related Posts