Estimated reading time: 4 minutes
SMEs at the Heart of the Global Economy
Small and medium-sized enterprises (SMEs) matter. They power half of the global economy. They drive innovation, jobs, and growth. At the same time, they face relentless cyber risks that threaten their survival. The 2025 Hiscox Cyber Readiness Report highlights the urgency of stronger SME cybersecurity. “More than half told us they had experienced a cyber attack in the last 12 months,” the report stated.
“No business, however small, can afford to underestimate the devastating impact a cyber-attack can have,” said Eddie Lamb, Global Head of Cyber at Hiscox.
Cyber Attacks Hit Majority of SMEs
The report found that 59% of SMEs faced cyberattacks in the past year. Attacks often came in multiples, not isolated events. Firms with more employees or higher revenue reported an average of six or seven attacks annually.
These incidents disrupted operations, drove costs higher, and exposed sensitive data. One-third of affected firms faced regulatory fines that were significant enough to damage their financial health.
Methodology Behind the Report
The report is based on research with 5,750 businesses across seven countries. Respondents came from the UK, USA, France, Germany, Spain, Ireland, and Portugal. Each participant was responsible for cybersecurity strategy at their firm.
Ransomware Creates Ongoing Damage
Ransomware remains a serious threat. Twenty-seven percent of SMEs reported ransomware incidents. Most paid, but recovery was uncertain. “For almost a third of those who paid a ransom, the attackers went on to demand more money,” the report noted.
Even when firms regained access, many faced new attacks. Governments worldwide are now debating the mandatory disclosure of ransom payments. Seventy-one percent of SMEs support the idea.
“Cyber criminals are now much more focused on stealing sensitive business data – things like contracts, executive emails, financials, and intellectual property – because it’s easier to monetise than personal information,” commented Eddie.
AI: Friend and Foe
Artificial intelligence presents opportunities and vulnerabilities. While 65% view AI as an asset, 57% have suffered attacks due to AI-related weaknesses.
Top AI-driven threats include social engineering scams, AI malware, and unauthorized access to sensitive data. Nearly all SMEs plan to boost cybersecurity investments. This includes hiring AI-savvy employees and conducting AI audits.
“AI is a game-changing tool… but it does increase an organisation’s vulnerability to cyber-related risks,” said Nicolas Kaddeche, Hiscox France.
Cyber Insurance as a Safety Net
The study revealed 71% of SMEs have some form of cyber insurance. Smaller firms remain less covered, but uptake rises with company size.
Insurers are playing a growing role in supporting SMEs during the recovery. Insurance also influences resilience planning, helping firms manage fines, costs, and damage to their reputation.
Human and Financial Fallout
Cyber attacks inflict heavy stress on employees. Thirty-nine percent of staff reported high stress. Thirty-two percent faced burnout. Sick days increased for 31% of workers.
Eddie Lamb, Hiscox Global Head of Cyber, warned, “Cyber-attacks don’t just disrupt day-to-day operations; they can threaten the very survival of a business.”
One Minute Watch – Small Business Cyber Risk: 2025 Alarming Trends and Urgent Cyber Protection Gaps
SMEs Respond with Investment and Training
Despite the risks, SMEs are stepping up. Ninety-four percent of companies plan to increase their cybersecurity investment this year.
Key steps include:
- Employee training: 70% are boosting staff awareness.
- Hiring specialists: 60% are expanding cyber teams.
- Regular checks: 91% conduct quarterly vulnerability tests.
- Supplier scrutiny: 88% review partner risks quarterly.
These actions boosted resilience. Eighty-three percent of SMEs reported an improvement in their cyber strength over the past year.
Mandatory Ransom Payment Disclosures
Australia now requires disclosure of ransom payments within 72 hours. Debate grows on whether others will follow.
While 71% of SMEs back disclosure, half fear it could embolden attackers. Alana Muir, Hiscox UK Head of Cyber, stated, “The need to dismantle the cyber criminal business model is universally recognised.”
Get The Cyber Insurance News Upload Delivered
Subscribe to our newsletter!
Practical Steps for SMEs
The report offers actionable tips for SMEs:
- Install reputable security software.
- Use password managers with multi-factor authentication.
- Keep systems updated.
- Back up data securely and test recovery.
- Limit employee access to sensitive information.
Why This Matters
SMEs underpin the global economy but face growing cyber risks. Their resilience affects communities, industries, and supply chains.
The Hiscox report stresses proactive action. Insurance, training, AI awareness, and clear disclosure rules may shape a safer digital future.
“We hope this report empowers SMEs to better understand the risks they face and to take meaningful steps to protect themselves, so they can stay secure and pursue further growth,” added Eddie.
Related Posts
