New research from the UK government has revealed that close to half of SMEs rely on self-insurance rather than formal cyber cover, despite widespread awareness of the risks posed by cyber threats.
The report warns that SMEs are not investing enough in cyber insurance and that a lack of cover leaves smaller businesses at risk of facing extensive recovery times and even financial ruin in the event of an attack.
The Insuring Resilience report, released by the Department for Science, Innovation and Technology (DSIT), polled over 100 SMEs. The survey revealed that, despite 69 per cent saying their company faced a moderate-to-high risk from cyber threats, 28 per cent do not consider cyber insurance necessary.
While 62 per cent had some awareness of what cyber insurance policies were, there was a significant lack of understanding, with just 8 per cent saying that information provided by insurers or brokers was clear and 14 per cent saying that they found navigating complex policy documents a challenge.
Approximately a quarter (24 per cent) of respondents had purchased cyber insurance without being fully aware of their options. 35 per cent, meanwhile, have no insurance whatsoever.
65 per cent said that their business had to meet specific security requirements in order to qualify for cover and 29 per cent said that difficulty meeting such requirements was a major limitation to getting insurance.
50 per cent had to spend between £5,000 and £25,000 in order to meet cyber insurance criteria, while just 48 per cent that their provider had offered assistance of any kind in helping them to meet the requirements.
Among the respondents that hadn’t purchased insurance, 36 per cent stated that it was too expensive. 21 per cent of SMEs, meanwhile, said that high premiums meant that maintaining coverage was a challenge.
These challenges have led to almost half (47 per cent) of SMEs “self-insuring”. This means that, in the event of a cyber breach, they would rely on their own financial reserves to cover any losses.
The report concluded that, despite the “significant promise” that cyber insurance holds “as a tool for mitigating financial and operational risks”, a number of inter-related challenges means that its adoption among SMEs currently remains limited.
The study continued: “Simplifying policy terms, offering tailored and affordable solutions and boosting industry collaboration are essential for cyber insurance to shift from a reactive safety net to a proactive risk management tool, ultimately strengthening the security and competitiveness of UK SMEs.”
