Nearly half of small finance and insurance firms in the UK have experienced a cyber breach in the past year, according to money.co.uk’s analysis of government cyber breach data.
The sector ranks as the third-most targeted for cyberattacks, with 48% of small businesses in finance and insurance reporting incidents over the last 12 months.
The findings estimate that cyberattacks are costing small and micro UK businesses up to £921.2 million annually. The National Cyber Security Centre has issued warnings about the rising number of cases, urging companies to strengthen their cyber defences and describing the issue as “a matter of business survival.”
Government survey data shows that 43% of all surveyed UK businesses reported a cyber breach in the last year, though the rate varies by sector. Finance and insurance firms, which often handle sensitive client and financial data, are seen as attractive targets for cybercriminals. These businesses are particularly exposed to scams such as phishing and invoice fraud due to the nature of the information they process.
Despite the high frequency of breaches, the estimated annual cost of cyberattacks for small finance and insurance businesses stands at £16.5 million. This figure is lower than in many other sectors, which may reflect the industry’s use of risk transfer through insurance and regulatory safeguards.
Joe Phelan, a business bank accounts expert at money.co.uk, said: “Cyberattacks continue to pose a serious risk, particularly for smaller businesses, as the data shows average costs to micro and small firms have risen by more than 90% in the last 12 months. No business is too small or too large to be a target – all need to take steps to protect themselves against cyberattacks and plan for any incidents.”
The evolving workplace environment is also influencing cyber risk. The increasing adoption of shared and flexible workspaces has introduced additional vulnerabilities for UK businesses, including those in finance and insurance. Communal networks and shared devices in these environments can create more entry points for cybercriminals.
Another factor affecting cyber risk is the end of Microsoft’s security updates for Windows 10. Millions of UK business users now face heightened exposure to cyber threats as outdated systems become more vulnerable to attack. This development has raised concerns about the need for firms to update their IT infrastructure and ensure that older systems do not become a weak link in their cyber defences.
Phelan said that building cyber awareness into daily operations is essential, recommending staff training, regular software updates, and early detection systems. He also noted the importance of preparing for the financial impact of an attack, suggesting that businesses maintain a financial buffer in a high-interest, instant-access savings account to help cover unexpected costs or losses.
He further explained that using a dedicated business bank account can provide additional protection, as many banks offer accounts with fraud prevention tools such as Positive Pay controls. These features can help identify and block fraudulent transfers, reducing the risk of account takeover and limiting losses from cyber incidents.
“Proactive planning, both technically and financially, gives businesses the best chance of recovering quickly and minimising the long-term impact of cyber breaches,” Phelan said.
