In the space of a year, cyber incidents have gone from background concern to boardroom fixture for Britain’s small and medium-sized enterprises. Highprofile breaches at names such as Marks & Spencer, Jaguar Land Rover and Coop have underscored the threat landscape for larger corporates, but it is the midmarket and SME segment where the impact – and the insurance opportunity – is now most acute.
For brokers, 2026 is shaping up as a pivotal year: a fiercely competitive cyber market, softening rates and rising loss activity are converging with intensifying client demand for both protection and guidance. Those that prosper are likely to be the firms that can marry traditional risk transfer with credible defensive services and clear, targeted education.
Research from GlobalData suggests that just over 40% of UK SMEs currently hold cyber insurance, compared with 63% of mediumsized firms and around 70% of FTSE 100 companies. That gap represents significant room for growth among smaller businesses, particularly as awareness rises and incidents mount.
Eddie Lamb, global head of cyber at Hiscox, said his organisation is “certainly seeing increases in the uptake of cyber insurance” among midmarket and SME clients, and expects this segment to be a key driver of the market in 2026. He argues that insurers will “partner more closely with insureds”, with brokers needing to “bridge that risk management solution and help clients mitigate the threats they might actually be faced with, for example by closely coupling insurance with mitigation like security software and delivering that as a package to the consumer.”
Read next: Travelers launches free toolkit for brokers
This push towards combined cover-and-service propositions reflects a blunt reality: many SMEs lack the inhouse resources to deploy robust cyber defences, even as their exposure grows. CFC, the specialist cyber insurer, has seen a marked rise in incident frequency across its UK book. “We’ve seen a 30% increase in cyber incidents over our UK policyholders over the last year,” said Lindsay Maher, head of global cyber development at CFC. “In fact, 90% of the claims that we’ve seen from a cyber perspective in the UK over the last 12 months have been for businesses with less than £50 million in turnover.”
Against this backdrop, the National Cyber Security Centre estimates that half of small businesses suffer a cyber incident every year, while the Association of British Insurers puts cyber claims payouts at £197 million in 2024, up from £59 million a year earlier. For many SMEs, the question is no longer whether they will be targeted, but how well prepared they are when it happens – and whether they can justify the cost of specialist cover.
Insurers and brokers are increasingly positioning defensive capabilities not simply as valueadds, but as core features of a modern cyber proposition for smaller clients. Lamb is explicit: “I 100% think we’ll increasingly see insurers move in the direction of protective, defensive tools that complement financial protections. That is a differentiation for any insurer.”
He sees relatively straightforward services, such as threatscanning, as a starting point, but believes the real competitive edge will come from more proactive support. Challenges, he notes, “come when we start to be more proactive in our approach to help clients manage their exposure to threats. That comes from security software packages or mail scanning – tools that are a lot more complicated to deliver. In the future, and next year in particular, that will become increasingly attractive to SMEs.”
Many larger corporates will already have mature security stacks. For smaller firms, however, an insuranceled package of basic cyber hygiene tools – email filtering, endpoint protection, vulnerability scanning and rapid incident response – can represent a step change in resilience. Insurers that can embed such tools efficiently, and brokers that can articulate their relevance in commercial terms, will be well placed to stand out.
Lamb is clear that these added features are increasingly nonnegotiable for those seeking to lead in the SME cyber space. Asked whether they are now musthaves, he replies: “Exactly that. Help SMEs understand the problem and then package up solutions that work holistically for them. I think that’s how to be a good supplier, an intelligent supplier in the market.”
The shift towards defensive offerings is happening at a time when cyber pricing, particularly for smaller risks, has eased considerably. After a period of sustained hardening driven by ransomware losses and tightening capacity, rates are now under pressure.
Lamb does not expect the addition of protective services to fuel premium inflation in 2026. “If you’re offering some value-added service within your proposition, that’s a unique selling point today as not every insurer is offering it,” he said. He argues that enhanced propositions should drive volume rather than price: “As insurers add to their proposition, it becomes a more attractive buy and they’ll end up with a higher sales volume out of that, which is potentially how insurers can help sustainably manage the cost. I don’t really see rates going up or down next year, whether we add new services or otherwise.”
Thomas Clayton, head of cyber at Zurich UK, also expects a pause in the downwards trend. “After three consecutive years of downward pressure, we generally anticipate rates to head towards flat next year,” he said.
Others go further. CFC’s Maher describes the current rating environment as unusually benign. “We’re operating in one of the softest market conditions we’ve ever seen in cyber’s 25-year history as a market,” she said, noting that the sector is in its tenth consecutive quarter of rate reductions.
She attributes the dynamic in part to overseas competition: “I believe the first half of the year, we’ll still see a continued reduction of rates throughout the market purely because it is an incredibly competitive environment, particularly because of significant ransomware losses in the US lots of competitors and local markets in the US are now viewing the UK and Europe as a sport where they want to grow their portfolios now, which again drives competition.”
Coalition’s UK managing director, Tom Draper, strikes a similar note on pricing. “The premiums at the moment are probably the most competitive and comprehensive that we’ve seen for a number of years,” he said. “For SMEs and mid-markets, now is really the time to look at it. The insurance market is actually in a very strong position to help companies demonstrate return on investment.”
For brokers, this backdrop offers both opportunity and risk. Competitive premiums and broad coverage are powerful tools in persuading sceptical SMEs to purchase cover for the first time. But with margin thin and losses rising, the emphasis on disciplined underwriting, effective risk selection and genuine riskmitigating services will be paramount if soft conditions are not to give way abruptly to renewed hardening.
If pricing is favourable, understanding is not. Multiple studies highlight a persistent education gap among SMEs around cyber risk and the role of insurance. Munich Re has found that 23% of companies cite confusion over coverage terms as a barrier to purchase, while research from Grant Thornton suggests that 36% of SMEs view cyber insurance as prohibitively expensive, 31% have been deterred by unclear advice from brokers, and 28% assume it is unnecessary.
Draper believes many businesses simply do not think of their insurer or broker as a natural partner on cyber. “The simple answer is UK SMEs are not currently viewing insurance as a vehicle to help them with their cyber exposure,” he said. When SME leaders consider cyber risk, he suggests, they often reduce it to specific incidents - “‘Oh, if one of our accounts team has forwarded money to the wrong people and we’ve fallen for that scam again.’ I don’t believe that many UK SMEs are thinking of it as, ‘Oh, and my insurance route - whether that’s my broker or my insurer - [are] the people that I will look to help with this.’”
For Draper, this mindset represents a substantial untapped opportunity. It is, he argues, “a real opportunity for the insurance market to say, ‘Guys, not only do we help you mitigate your risk, we tell you how to improve yourself, we’ll also be there for the bad day, and we’ll help you recover.’ They’re not thinking of… insurance, as a vehicle to solve the problem.”
He locates the challenge squarely at the front line. “It’s about getting those contact points comfortable with talking about cyber risk, with getting those teams comfortable with working out how to explain to a client they do have a cyber exposure and actually insurance can help them with that. I think it very much is a frontline education issue.”
Nate Brink, head of broker partnerships at CyberCube, similarly stresses the importance of translating technical risk into tangible financial impact. He said “brokers need to help translate cyber risk into financial impact for the business. For SMEs, brokers must educate insurance buyers using real-life examples and claims scenarios that impact businesses like theirs. Since margins on cyber are already very thin, brokers need to be efficient with the time spent administering submissions and focus more time on advising.”
Clayton concurs that there is more to do to close the protection gap. “Plenty of smaller businesses are appreciating the importance of cyber cover [but] there’s still lots to be done to close the risk protection gap… Press coverage of high-profile breaches has undoubtedly helped raise the profile, but we find that sharing everyday examples of how we help mid-market customers to recover from devastating attacks can be just as powerful.”
Maher frames the issue in similarly stark terms. Despite sharply higher incident volumes and greater visibility, “we’re also still seeing a healthy degree of scepticism about what cyber insurance actually is and what it’s intended to do, which again I think is an education gap in the market that insurers need to solve,” she said.
Too often, she argues, the discussion is missequenced. “So often we see brokers going in to explain cyber insurance to clients before the risk has even been explained to them upfront. The client is sitting there wondering why they need cyber insurance in the first place and what their actual risk and exposure is. I think the actual education around exposure - explaining the risk first and the coverage afterwards - is going to be a huge focus for brokers [in 2026],” she added.
If brokers are to convert soft rates and growing concern into durable penetration among SMEs, they will need to match education with empathy: understanding the operational realities of smaller firms and tailoring the conversation accordingly.
Maher is sceptical of proliferating niche products, arguing instead for adaptable, wellconstructed core cover. “What is missing is tailoring the actual coverage to the client based on what coverage is available to them,” she said. “Going into a healthcare provider, you’re going to focus on one particular part of the policy, and that might be the privacy exposures that the policy is intended to cover. Whereas going to a manufacturer, you want to be able to pull from the business interruption or dependent business interruption section to be able to speak to their exposure.
“It’s really about making sure that brokers are tailoring the right parts of the policy rather than creating specific niche policies or industry-specific products. I think cyber insurance should be a catch-all where we’re trying to cover as many exposures and foresee the ones that haven’t yet happened, so that they have that full layer of protection.”
At the same time, she cautions that the process of purchasing cyber cover must be realistic for resourceconstrained clients. “Cyber risk is fluid,” she said. “What is true today might not be true tomorrow in terms of what the risk is. We do have to ask ourselves as an industry, is it realistic to ask questions of clients? Clients won’t and shouldn’t have to fill out 20-page proposal forms, or do we actually make it accessible, only ask for the information that matters?”
For many SMEs, lengthy questionnaires and complex terminology can be as much of a deterrent as cost. Simplifying submissions – aided by preunderwritten products, datadriven assessments and embedded security tools – may be as important as price in unlocking new business.
The direction of travel is clear. Hiscox’s latest Cyber Readiness Report indicates that 94% of surveyed SMEs intend to increase spending on cyber defences over the coming year. At the same time, Coalition’s research suggests that 35% of firms that previously purchased standalone cyber cover have since allowed that cover to lapse, with a similar proportion believing that broader commercial policies provide sufficient protection.
In other words, appetite and risk are both rising, but conviction about the specific value of cyber insurance remains fragile. For brokers, that combination demands a deliberate strategy.
First, there is the imperative to educate: to “explain the risk first and the coverage afterwards”, as Maher puts it, using realworld, sectorspecific scenarios to bridge the gap between abstract threat and concrete financial exposure. This extends from frontline conversations by account handlers through to thought leadership, client briefings and postloss case studies.
Second, there is the need to embed defensive capability into the proposition in a way that is both credible and commercially sustainable. Lamb’s call to couple insurance with “security software and delivering that as a package”, alongside Draper’s emphasis on insurers helping clients “mitigate your risk” as well as “be there for the bad day”, points towards a model in which risk transfer, risk management and recovery support are presented as a single, coherent offering.
In an environment of soft rates, thin margins and rising claim counts, such an approach is not without its challenges. Yet for brokers serving SMEs and the midmarket, it may be the surest route to differentiation. Those that can demystify the risk, simplify the process and deliver tangible defensive value – without “20-page proposal forms” or unaffordable premiums – are likely to find that the longpredicted growth of the SME cyber segment finally materialises in earnest.
