SMEs are leaving themselves exposed to cyber attacks

The majority (86%) of British small to medium enterprises (SMEs) do not have any cyber insurance cover in place, research from Aviva shows.¹

Our latest SME Pulse Survey found that this lack of insurance protection comes at a time of rapid digitisation. The survey showed that 41% of SMEs updated their website in response to the pandemic, and 39% moved online or improved their online offering. Nearly all (96%) of those who made a change confirmed that they would keep the changes. However, despite increasing their digital presence, only 11% updated their cyber cover at the time.¹

Key Outputs:

• 86% of SMEs have no cyber cover despite increases in cyber fraud and breaches.
• Up to 41% of SMEs made digital changes to their business during the pandemic with 96% or more planning to keep their digital changes
• Only 12% SMEs updated their cover to reflect the digital changes they had recently made
• As few as 3% of SMEs in some UK regions have cyber cover

EG Action Fraud reported a 400% increase in cyber-related fraud² in March 2020 and 46% of businesses experienced a breach during 2020³, yet many SMEs are leaving their livelihoods at risk by not selecting cyber insurance.

Alana Muir, Senior Cyber Underwriter at Aviva, said, “Customers will often have cover for ‘tangible’ risks like fire, flood and theft, but the impacts on a business of a cyber breach extend beyond the initial costs. They also result in loss of revenue and damage to both reputation and trust.

The pandemic has accelerated digital adoption across all businesses, meaning cyber insurance has quickly moved from a perceived luxury to an absolute must-have. Cyber cover doesn’t just protect businesses against an attack, but it also ensures they have fast access to expert specialists, so they can return to normal as quickly as possible in the event of a cyber incident.

We know from our Aviva Risk Insights report that cyber-attacks are one of the biggest issues faced by SMES. This gives us a perfect storm where cyber-attacks are increasing while businesses leave themselves exposed through lack of cover. So it is important that businesses make sure they are not just staying on top of their digital admin but they are also covered if they are one of the increasing number being targeted by online criminals.”

Top tips for business owners:

• If you are unclear about your digital risk, contact your insurance broker to understand the risks to your business and what protection you may need.
• Always use individual identification and passwords to access your computer equipment and change default or manufacturers passwords.
• Back up all data every 7 days or less and store backups securely and away from the data or programs they relate to.
• All personal and business data must be stored and disposed of in a secure manner. Remember the definition of ‘personal data’ includes information you hold on suppliers, business emails, and employee data.
• Install any updates for firmware, operating systems, software, or programs within 14 days of release where the updates address a vulnerability described by provider as critical, important, or high.
• Ensure that any equipment connected to the internet or other network is protected by a suitable firewall and ensure it is updated automatically or at intervals of a month or less.

Cyber support

For more on our Cyber proposition and insight into how we can support you and your clients understand their cyber risk, take a look at the information and supporting materials available on our Commercial Cyber page.

¹All data is taken from a survey of 505 British SMEs across the UK, in a wide variety of industry sectors, conducted by YouGov from 12 April – 24 April 2021 on behalf of Aviva.

²Coronavirus-related fraud reports up 400%. Action Fraud press release 2020

³2020 Cyber Security breaches Survey. DCMS