Data breach attacks costing SMEs without cyber insurance policies thousands each year

Luke Conn-Goodman, account executive at H&H Insurance Brokers

SMALL businesses across the UK are counting the cost of not having insurance policies protecting them against the increasing risks of cyber attacks or data breaches.

As small or medium sized enterprises (SMEs) are being targeted by cyber criminals because more employees are working from home, companies across the country are thousands of pounds out of pocket by not having cybersecurity insurance cover.

Figures from the UK Gov Cyber Security Breaches Survey 2022 showed that 39% of SMEs reported cyber breaches or attacks in the space of 12 months, with the average cost of the breaches estimated at £4,200.

It was revealed a large percentage of SMEs do not have insurance policies covering them from such breaches and the most common objection to purchasing insurance is that the companies have ‘good IT security’ in place so don’t think they are at risk of cyber attacks.

Luke Conn-Goodman, an account executive at H&H Insurance Brokers which works across the north of England, south of Scotland and Wales, however, said that IT security does not fully protect a business and there is no financial reimbursement if cyber criminals successfully breach the business’ digital security.

He said: “Not purchasing a cyber insurance policy because you have good IT security is similar to suggesting that an organisation doesn’t need theft cover on a property policy because you have high quality locks on your doors, or you don’t need fire cover because you have a new sprinkler system in place.

“There is a big difference between vulnerability and risk. No matter how much a company invests in IT security, they will never be 100% secure.

“The purpose of a cyber insurance policy is to respond in the event that the worst happens, with experts on hand to manage the situation and financial remuneration for the costs involved.

“For example, if a business is attacked and the criminals demand £10,000 for return of data, the insurance policy would cover the cost of the attack but the IT security providers wouldn’t and that would mean the business would be heavily out of pocket.

“This can be fatal for small businesses and it is reported that more than half of SMEs shut down within six months of being a victim of a serious cyber attack.”

It is believed that, since the outbreak of Covid-19 in March 2020, cyber attacks and data breaches have increased worldwide by 300%.

While security breaches at large, major companies grab the headlines, SMEs are the most common victims of cyber attacks as they are deemed an easy target for cyber criminals. The rewards may be smaller financially, but they are viewed as ‘low-hanging fruit’ due to lack of resources to protect themselves.

A common pitfall for businesses is to purchase the cheapest cyber insurance policy or meet the minimum cyber security requirements specified by an insurer, however it is essential that SMEs ensure they have adequate cover to protect in all scenarios.

Businesses which adopt good cybersecurity practices can significantly reduce insurance premiums, and it is recommended companies construct a cyber incident response plan to alleviate such risks.

Advice from trained insurance brokers is advised to ensure SMEs fully understand which cybersecurity insurance policies would best suit their business, and ensure they’re fully protected if they become a victim to cyber criminals.

For further guidance on cybersecurity insurance, Luke Conn-Goodman can be contacted on (01228) 406290 or by email:

The latest stories