Small businesses across the UK are counting the cost of not having insurance policies protecting them against the increasing risks of cyber-attacks or data breaches, according to broker H&H Insurance.

As small or medium sized enterprises (SMEs) are being increasingly targeted by cyber criminals because more employees are working from home, companies across the country are thousands of pounds out of pocket by not having cybersecurity insurance cover, it suggested.

Figures from the UK Government Cyber Security Breaches Survey 2022 show that 39% of SMEs reported cyber breaches or attacks in the space of 12 months, with the average cost of the breaches estimated at £4,200.

The figures also revealed a large percentage of SMEs do not have insurance policies covering them from such breaches and the most common objection to purchasing insurance is that the companies have ‘good IT security’ in place so don’t think they are at risk of cyber-attacks.

Luke Conn-Goodman, an account executive at H&H Insurance Brokers which works across the north of England, south of Scotland and Wales, however, said that IT security does not fully protect a business and there is no financial reimbursement if cyber criminals successfully breach the business’ digital security.

He said: “Not purchasing a cyber insurance policy because you have good IT security is similar to suggesting that an organisation doesn’t need theft cover on a property policy because you have high quality locks on your doors, or you don’t need fire cover because you have a new sprinkler system in place.

“There is a big difference between vulnerability and risk. No matter how much a company invests in IT security, they will never be 100% secure.”

“The purpose of a cyber insurance policy is to respond in the event that the worst happens, with experts on hand to manage the situation and financial remuneration for the costs involved.

“For example, if a business is attacked and the criminals demand £10,000 for return of data, the insurance policy would cover the cost of the attack but the IT security providers wouldn’t and that would mean the business would be heavily out of pocket. This can be fatal for small businesses and it is reported that more than half of SMEs shut down within six months of being a victim of a serious cyber-attack.”

H&H added that it is believed that, since the outbreak of Covid-19 in March 2020, cyber-attacks and data breaches have increased worldwide by 300%.

While security breaches at large, major companies grab the headlines, SMEs are the most common victims of cyber-attacks as they are deemed an easy target for cyber criminals, the broker added, noting that the rewards may be smaller financially, but they are viewed as ‘low-hanging fruit’ due to lack of resources to protect themselves.

A common pitfall for businesses is to purchase the cheapest cyber insurance policy or meet the minimum cyber security requirements specified by an insurer, however it is essential that SMEs ensure they have adequate cover to protect in all scenarios, the broker noted.

Follow us on twitter: @risksEmerging