SMEs being priced out of cyber insurance, GlobalData warns

Rising insurance premiums risk pricing SMEs out of cyber insurance coverage and leaving many businesses exposed to risk, according to market research company GlobalData.

The company surveyed more than 2,000 UK-based companies with fewer than 250 employees. It found that 17.3% of SMEs did not have cyber insurance in 2021 because it was too expensive, while 29% cancelled their policy to cut costs. GlobalData is warning that SMEs could de-prioritise cyber cover in 2022 as inflation adds further pressure to corporate budgets.

This is in spite of a growing likelihood of cyber attacks. Hybrid working and the war in Ukraine has increased the level of cyber risk to businesses in the UK, meaning insurers are unable to respond to the cost-of-living crisis by lowering their premiums.

Almost half of mid-sized businesses lack cyber cover

GlobalData says smaller businesses are more exposed to rising costs, as almost 80% of so-called ‘micro-businesses’ and 60% of small businesses did not have cyber insurance. Barely half of mid-sized businesses were covered in the event of a cyber attack.

Ben Carey-Evans, Senior Insurance Analyst at GlobalData, says: “With SME budgets being squeezed and insurers not being able to lower the costs of premiums, the rising costs will be a big issue for cyber insurers going forward. Businesses and consumers have been hit hard by the cost-of-living crisis, with sky-high fuel and energy prices leaving consumers with a smaller disposable income to spend. GlobalData expects the number of businesses cancelling their cyber insurance policy to only increase this year.”

According to GlobalData, innovation will be needed amid a landscape of evolving cyber threats, including the fallout from the war in Ukraine. Despite the pressures, the cyber security industry is still predicted to grow from US$125bn to US$198bn between 2020 and 2025.

The situation is ‘unlikely to get better anytime soon’

David Bicknell, Thematic Analyst at GlobalData, adds: “No one – not even security providers themselves – is safe from attack. Today’s always-connected world offers a myriad of opportunities for cyber attackers to disrupt countries, organisations and individuals. A challenging worldwide geopolitical environment exacerbated by the Covid-19 pandemic – and, since February 2022, the Ukraine-Russia conflict – has gifted cyber attackers an uneven playing field, which they are actively exploiting.

“The Biden administration’s top cyber officials recently warned that more frequent cyber attacks are the ‘new normal’ for US companies and individuals. Or to put it more starkly, things are bad out there and they’re unlikely to get better anytime soon.”