Estimated reading time: 0 minutes
Cyber insurance for small and medium-sized enterprises faces clarity and cost hurdles –
Despite SME leaders recognising cyber risk, nearly half of uninsured firms self-insure. That choice invites financial ruin after major attacks. Surveying 104 SMEs about cyber insurance, the UK Government’s Department for Science, Innovation and Technology commissioned this study to map the gap. The gap presents an opportunity for cyber insurers. It also means bad actors have a window of vulnerability, one they have exploited to significant success. From phishing, to ransomware to data breaches, the threats of a cyberattack are real and persistent.
Think a cyberattack won’t hit you? It will
- A London retailer’s records were encrypted after a £50,000 demand. Backups were poor. The shop paid a partial ransom and endured downtime. Revenue fell 20% across three months. Confidence sank.
- A Manchester legal practice clicked a phishing link. Criminals accessed client files. The firm faced UK GDPR exposure, ICO fines, and legal bills. Training costs followed.
- A Midlands manufacturer installed a poisoned update. Malware broke inventory systems. Production slipped, and deliveries were missed. Clients issued penalties. Third-party risk controls tightened.
Editorial note – While this report focuses on UK SMEs, its findings are similar to those we have reported on in the United States. Small and medium-sized enterprises sit in the crosshairs, and many don’t even note the reality.
Awareness is rising; understanding still trails
Awareness sits at 62%, but depth is thin. Only 8% call insurer or broker information “very clear.” Many still purchase without knowing all the options. These gaps slow confident buying.
Adoption challenges: clarity, cost, and time
Sixty-nine percent see moderate to high risk. Yet 35% remain uninsured. Cost blocks 36% of holdouts. Unclear broker advice hinders 31%. Twenty-eight percent doubt the necessity. Another 28% lack knowledge.
Self-insurance and absent plans increase exposure
Among uninsured SMEs, 47% “self-insure.” Another 47% have no formal approach. Significant incidents can overwhelm reserves and plans. The report flags catastrophic risk from this strategy.
Security requirements: the gate to cover
Sixty-five percent had to meet security requirements to qualify. Half spent £5,000–£25,000 to comply. SMEs struggle to assess outsourced IT against technical criteria. Many call for stronger board education.
90 Second Watch – Small Business Cyber Risk: 2025 Alarming Trends and Urgent Cyber Protection Gaps
What SMEs buy and pay
Fifty-nine percent cap limits at up to £1 million. The median premium there is £11,500. Above £1 million, the median rises to £55,000. Targeted packages show a £26,000 median. Business interruption and crisis response lead cover choices.
The challenges faced: ranked by SMEs
Why not? Meeting security requirements ranks first at 29%. High premiums follow at 21%. Policy complexity sits at 14%. Only 48% received help meeting requirements.
Communication gaps add friction
SMEs want clear, plain-language terms and exclusions. They ask for case studies and loss-ratio transparency. They also want requirement roadmaps and consistent engagement.
Benefits buyers value
Continuity ranks first at 42%. Financial protection follows at 24%. Access to experts and resources ranks third at 22%. These benefits match board priorities.
Get The Cyber Insurance News Upload Delivered
Every Sunday
Subscribe to our newsletter!
Advice channels that shape decisions
Seventy-six percent of insured SMEs relied on brokers. Financial loss protection drives 71% of purchases. Continuity or peace of mind drives 62%. Board directives and broker recommendations matter.
Government guidance remains underused
Awareness of Cyber Aware sits at 25%. “10 Steps” registers 13%. Cyber Essentials recognition is 12%. Limited awareness weakens structured risk practice.
The cost of getting it wrong
Hidden costs can exceed immediate bills. Lost revenue and reputational damage linger. Recovery drags can blunt competitiveness for months.
Bottom line
Cyber insurance for small and medium-sized enterprises is a rising priority. Clearer terms and scalable pricing will accelerate adoption. Practical support with controls unlocks cover. The threat landscape offers little slack.
Related Posts
