UK SMEs are at much more risk now than ever as new research reveals that nearly three-quarters of these businesses have experienced a cyber incident within the past five years.
The survey from cyber specialist Coalition also found that despite these major risks, 35% of firms that previously purchased standalone cyber insurance no longer maintain that cover, with the same proportion saying they believed their wider commercial policy provided sufficient protection.
Tom Draper (pictured above), Coalition’s UK managing director, said the findings reflect how SMEs shifted away from cyber cover during the hard market and have not fully returned despite improved conditions. He noted that the impact of recent attacks on well-known organisations “has encouraged decision makers to review their cyber insurance or request standalone cyber insurance quotes.”
These shifts in buying behaviour come as cyber insurance is playing a more active role in supporting SME resilience. A previous industry report found that ransomware, exposed remote-access tools and cloud vulnerabilities continue to drive claims, prompting insurers to pair cover with continuous threat monitoring and security alerts.
The Coalition survey also reported changes in attitudes toward cyber exposure. Around 38% of respondents said they are more vigilant about cyber risks and 37% said they have a clearer understanding of the role of cyber insurance.
Even so, 35% still believe the risk does not justify the cost of cover, and 33% think a cyber incident is unlikely. This stands in contrast to respondents’ expectation that an incident could cost about £200,000.
Another market research published this year suggests that uptake remains inconsistent despite rising concerns. More than 60% of UK SMEs still do not hold cyber insurance, even as brokers identify the product as one of the biggest growth opportunities.
Further results from the survey showed that recent incidents have prompted firms to take practical steps. Nearly two-fifths said they feel more secure because they have a response plan, while 36% allocated more budget to cybersecurity. Another 35% said they reassessed their insurance needs in light of this year’s disruptions.
“While major retailers, food, and consumer companies like Jaguar Land Rover and M&S have the resources – and often the cyber insurance – to weather such incidents, most SMEs lack both the financial resilience and the resources to recover quickly,” Draper said. “Cyber risk is no longer just an IT issue; it's a fundamental business continuity threat that smaller and midsize firms must urgently prioritise."
The survey was conducted by an independent research organisation in September and included 600 senior insurance decision-makers at mid-market businesses across England, Scotland, and Wales.
