Cyber Gap With SMEs | News | Brit

The year ahead will see SMEs looking at the economic environment, reviewing costs and identifying potential savings. Issues around high interest rates mean that many SME stakeholders are looking at where they can tighten the purse strings to protect themselves from economic threats, ensuring they can achieve growth in the coming 12 months. One area you should highlight to your clients as a non-negotiable for cost-cutting in the coming year is cyber security.

SMEs that have not been on top of the risk presented by cyber security might have a gap in their insurance coverage, as many traditional small business insurance policies don’t offer coverage for instances of cyber incidents such as breaches or attacks. Being prepared with the information to demonstrate the ‘cyber gap’ will help you have that conversation more easily. With 5.6 million SMEs across the UK, brokers have huge potential to support them with cyber protection for their businesses.

The cyber risk is just like any other business risk

When discussing the importance of cyber insurance with your clients, you can talk about the threat being as important as any other type of risk that they would need to have insurance for, such as fire or burglary. Both cost and security requirements are considered the two most significant factors causing clients to hesitate in securing a cyber policy. A lot of their digital processes will need to be reviewed from a cyber security perspective before they can be considered for insurance.

Some of the main areas include:

    • Data backups
    • Use of antivirus software and patching
    • Cloud-based IT infrastructure
    • Multi-factor authentication

Meeting these requirements is seen as no different to a property insurer expecting a business premises to be properly secured.


Will cyber insurance be a luxury or essential for SMEs in 2024?

The threat of cyber attacks on SMEs cannot be underestimated. Some recently published stats highlight the condition of the landscape for SMEs:


The amount of SMEs that have experienced some form of cyber security incident in the last 12 months.


The proportion of medium, small, and micro-sized businesses that had a cyber insurance policy in 2022.


The amount of SMEs that are prepared of a cyber attack.


The amount of SMEs that are victims of cyber crime that go out of business within six months.

SMEs understand the importance and need for products like small business insurance, professional indemnity insurance, and employers or public liability insurance. Some traditional insurance products are now required to either affirmatively cover or exclude cyber related risks and threats, to prevent the risk of silent cyber. Silent cyber refers to gaps in insurance coverage where traditional insurance policies do not include nor exclude cyber related risks – in these cases coverage may not be clear leaving potential gaps in protection. This can lead to ambiguity and uncertainty about whether insurance products provide any cover for cyber perils. Having a cyber insurance policy ensures affirmative cover is provided. It’s clear that despite this, the uptake of cyber insurance is still not a priority for many small businesses.

Digital disruption and the difference in incident response

Business property insurance aims to protect your client’s business in the event of a fire in their property. A business interruption policy can provide coverage for lost income, payroll expenses, and other costs associated with getting a business running again following an accidental fire.

Similarly, cyber insurance minimises digital disruption if a cyber incident occurs, such as a breach or cyberattack. A cyber incident can be hugely damaging for an SME, especially for business continuity and revenue loss.


As an SME here’s why protection can help

With our cyber insurance, we can respond much quicker to a breach than if your client didn’t have insurance. Our helpful comparison below illustrates the process and support provided for each scenario. You can also find out more about the breach and claims process here.


Our view on addressing the Cyber Gap

At Brit, we see the level of underinsurance as a significant risk for business in the UK (99.9% of which are SMEs). We believe companies are best served by the insurance market with the flexibility to chose the cover most appropriate to them. A lack of training amongst SMEs in their approach to IT risk management is also an area that has driven a shortcoming, as research suggests more than half of UK SMEs fail to cover the full risk landscape in IT training.

All Brit clients receive access to Datasafe, a cyber training and risk management platform - as well as access to virtual CISO support, phishing simulations and a security scan.


Speak to our Brit cyber team about protection

Once you’ve opened conversations with your clients and they are ready to get their SMEs protected, contact our cyber team for policy options.