IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

29% of UK SMBs cancelled cyber insurance policies in 2021

Even if SMBs are becoming more concerned about cyber attacks, they’re unlikely to be willing to pay even higher premiums to protect themselves

Almost 30% of small and midsize businesses (SMBs) cancelled their cyber insurance policies in 2021 due to cost cutting.

The price of cyber insurance is likely to still be too high for UK SMBs, according to a survey from GlobalData released on Friday. 38% of these businesses think it is unlikely they will be targeted in a cyber attack while 29% cancelled their policies in 2021.

The data and analytics company carried out the survey between August and September last year, where it explored SMB behaviours, purchasing preferences, and attitudes across commercial insurance products. Every company included in the survey had fewer than 250 employees, with 2,001 businesses surveyed in 2021.

GlobalData noted that as risk of attack increases, so will the premiums. It said that given that cutting costs is one of the leading causes of policy cancellation, this will be a significant obstacle.

The firm added that the Ukraine-Russia war has only heightened potential cyber security risks. It pointed to the UK’s National Cyber Security Centre (NCSC) advising all organisations in the country to bolster their cyber security in March 2022, specifically due to the increased risk from the war.

“Even if UK SMBs do become more concerned about their business being targeted by cybercriminals, they are unlikely to be willing to pay even higher premiums to protect themselves,” said Ben Carey-Evans, senior insurance analyst at GlobalData. “It is a difficult product for insurers to price, as unlike other products, they cannot look to limit risk—any SMB could be hit with a cyber attack at any time, and the costs can be significant.”

This is the biggest challenge for NCSC as SMBs are more vulnerable as they don’t take cyber hygiene seriously, said Muttukrishnan Rajarajan, professor of Security Engineering and director of the Institute for Cyber Security at City University of London. This, in turn, makes them the most vulnerable targets for a cyber attack.

Rajarajan has been teaching cyber security essentials for CEOs and CTOs as part of a programme at the university. He found that most of the individuals from the companies he taught didn’t take cyber security seriously and didn’t know about cyber insurance.

“Interestingly, a few came back to me after a few months of my lessons and said they have been attacked and need help! So I have seen first-hand the impact of these SMBs without any cyber security protection,” he explained.

Related Resource

Security awareness training strategies for account takeover protection

Why you need an inside-the-perimeter strategy for internal threats

Security awareness training strategies for account takeover protection - whitepaper from MimecastFree download

A good cyber insurance policy should offer training to employees that specifically targets areas of risk within a business, said Steve Arlin, VP of the Americas, UK and APAC at ProLion.

“It can cover loss in income from a data breach and it can cover the cost of investigation work following a GDPR breach as well. While the cost of cyber insurance has certainly risen in recent years to keep pace with developments in cybercrime, it is definitely worthwhile.”

“This is a disturbing statistic as it illustrates that arguably businesses – faced with rising costs – are looking at saving money where they think it won’t matter,” he added. “This is short sighted in the extreme.”

Small businesses were warned in December 2021 to prepare for a potential surge in ransomware attacks in 2022 as cyber criminals turn to campaigns that are less likely to draw coordinated action from law enforcement. A report found that cyber criminals were adapting to increased pressure from police agencies that launched several successful operations to dismantle criminal networks.

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Recommended

The total economic impact™ of Datto
Whitepaper

The total economic impact™ of Datto

24 Aug 2021
Senate report slams agencies for poor cyber security
cyber security

Senate report slams agencies for poor cyber security

3 Aug 2021
Most employees put their workplace at risk by taking cyber security shortcuts
cyber security

Most employees put their workplace at risk by taking cyber security shortcuts

27 Jul 2021
The most significant challenges facing SMBs post-pandemic
SMB

The most significant challenges facing SMBs post-pandemic

7 Jul 2021

Most Popular

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack
hacking

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack

16 May 2022
Researchers demonstrate how to install malware on iPhone after it's switched off
Security

Researchers demonstrate how to install malware on iPhone after it's switched off

18 May 2022
Windows Server admins say latest Patch Tuesday broke authentication policies
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

12 May 2022