2025 has seen unprecedented, high profile attacks in the UK, instigating ripple effects across the supplier chain, impacting consumers and gaining significant media attention. For too long leaders and professionals in the industry have been talking in jargon - leaving small businesses in the dark facing a massive cyber protection gap.
According to data from the UK Department for Science, Innovation & Technology, in 2025 35% of micro businesses faced a cyber breach or attack, with the number rising to 42% among small businesses.
And yet, despite these threats, research from Grant Thornton found that 35% of SMEs have no cyber insurance at all - citing cost, unclear advice from brokers and the assumption that they ‘don’t need any’ as the main reasons for not opting to cover themselves. What’s more, the National Cyber Security Centre estimates that half of small businesses suffer from a cyber incident every year, while the Association of British Insurers puts cyber claims payouts at a staggering £197 million in 2024 - up from £59 million a year earlier.
That disconnect, between SMEs that still believe they’re not viable targets and the reality of cyberattacks, has led to a dangerous coverage gap. In a recent editorial, Andrew Holmes, Group Capacity Director at CFC, revealed that it’s this gap that his team are working hard to bridge.
“In this market, continuing to talk about cyber insurance as a specialist product risks missing a massive opportunity, and moreover leaving customers without crucial cover because they and their broker didn’t understand the value proposition of the product,” he wrote. “If a business risk can shut your doors and stop you trading, it belongs in the core commercial package, right alongside property and liability.”
What’s more, as Holmes readily admits, most brokers simply aren’t cyber specialists and they’re not currently in the best place to offer clients sound advice – making the role of specialists such as CFC even more paramount today.
“That’s not because they’re not interested in cyber, but because the value proposition is not clearly communicated,” added Holmes. “Most classes of insurance remain specialist for a reason. But cyber isn’t like professional liability or product recall which are only relevant to some businesses. Cyber is relevant to every business and every broker.”
At CFC, they’re on a mission to dispel harmful misconceptions around SMEs being unlikely to be a target of cybercrime - with James Burns (pictured), CFC’s global head of cyber, leading the charge. In a recent interview with Insurance Business, Burns explained that this all begins with helping businesses understand the risks out there without confusing them.
“Insurers have to explain risks in plain language,” he told IB. “It’s about showing them the bigger picture, avoiding jargon and making concepts easy to grasp. From there, insurers should really look at equipping brokers with tools and education – something CFC does through our Cyber Masterclass. This is a CII accredited, on-demand learning platform for brokers to become trusted cyber advisors and tools such as CFC’s Cyber Threat Reviews -bite-sized, client specific insights that focus on the specific threats each business faces.”
Despite that inherent mistrust of the industry, insurers are paying out when claims are made. As Burns explained, CFC have a 99.4% cyber claims acceptance rate.
“More than that, we’re helping businesses get back on their feet quickly after an attack with our 24/7 incident response team,” added Burns. “And with our proactive cyber security team, we’re helping clients reduce their vulnerabilities and prevent an incident from happening in the first place.”
The market opportunity here is clear. For brokers, this is about turning risk into opportunity - helping clients stay secure while growing their business. It’s with this in mind that CFC recently launched a groundbreaking new coverage - customer business interruption (BI) coverage.
Alongside tools such as their Cyber Threat Review reports which provide targeted threat analysis to individual businesses rather than generic industry-wide information, customer business interruption cover is designed to help companies of all sizes continue operations should a customer of theirs experience downtime as a result of a malicious cyber event. Essentially, CFC’s customer business interruption cover responds when the insured’s customer suffers a cyber incident and decides to no longer purchase goods or services from the insured due to the impact on their business - resulting in a financial loss for the insured. Something that can’t go amiss in today’s landscape - especially as supply chains are more connected than ever.
Despite these threats, research suggests that many SMEs have no cyber insurance at all - citing cost, unclear advice from brokers and the assumption that they ‘don’t need any’ as the main reasons for not opting to cover themselves.
CFC have the tools and solutions to help brokers now with Cyber Masterclass, we can educate brokers on why cyber insurance is so important and how to sell it to their clients, CFC is on hand to support brokers throughout their client conversations. You can sign up to their webinar on 19 February where they will share guidance on how brokers can grow their cyber book.
“This is a win–win moment for brokers,” added Burns. “With market conditions softening and a new wave of technology and cyber risks, there’s no better time to offer customers cyber protection. If we act now as an industry and close the protection gap, we can make the future more secure for everyone.”
This article was created in partnership with CFC.
