Small businesses (SMEs) consider themselves too small to be targeted for data theft, severely exposing themselves to cyber attacks.
According to a new Association of Business Insurers (ABI) report, SMEs generally consider themselves too small to be targeted by cyber criminals and, as a result, are not using cyber insurance to help mitigate these risks.
The firm identified a severe cyber protection gap in the SME sector, which makes these businesses far easier and far more attractive a target for cyber breaches.
Laura Hughes, head of general insurance policy at ABI, said: “SMEs represent the backbone of the UK economy.”
“Without adequate protection they are at particular risk from cyber attacks and breaches, which is likely to only increase as more SMEs use increasingly complex technology”.
This points to a broader theme in cyber security, with many SMEs underestimating their vulnerability to cyber threats.
As a result, companies rely on weaker security measures, exposing them to significant risks like data breaches, financial losses, and reputation damage.
Companies at risk of cyber attacks
Currently, there are an estimated 5.6m SMEs in the UK, which cumulatively generate more than £2.6 trillion in turnover and account for 99 per cent of all businesses.
A 2024 global threat report found that 50 per cent of UK businesses suffered from some form of cyber breach.
ABI’s recent report explored how cyber insurance can help prevent and alleviate cyber attacks’ impact, ultimately boosting the UK’s resilience.
Conducted in partnership with Grant Thornton, the report made several recommendations to encourage a greater uptake of cyber protection products among SMEs.
It concluded that improved awareness and increased investment could enhance security, stabilising the UK economy.
This news comes as cyber security concerns rise across various business sectors amid the implementation of the Digital Operations Resilience Act (DORA) earlier this month.
Just yesterday, global engineering firm Smiths Group Group reported a cyber security incident involving unauthorised access to its systems.
This comes at a time of heightened global cyber risk, with a recent wave of data breaches targeting US government sectors intensifying tensions between the US and China.
The chaos triggered by the launch of Chinese-owned DeepSeek’s new AI model has also raised security questions due to its affiliations with the Chinese Communist Party (CCP).
The CCP is widely seen as a security threat, with the US briefly even banning Tiktok, citing concerns over Beijing’s government interference and access to users’ data.
The app itself was hit with a cyber attack on Monday, forcing it to limit registrations temporarily.