• Three-quarters of UK SMEs have experienced some form of cyber attack
• Only 9% of UK SMEs currently have cyber cover in place
• Despite most being aware of cyber-crime, only 16% of businesses have considered taking out appropriate cover

Only 9% of UK SMEs have cyber insurance in place despite the fact that more than one quarter (28%) said they would go bust if faced with an unexpected £50,000 bill, according to leading commercial insurer RSA. Yet the average cost of a cyber-attack is higher than this at between £65,000 and £115,000.

This risky attitude towards the threat of cyber-crime comes despite the danger it poses to small businesses, with a significant majority having been subject to an attack, as well as a series of high-profile cyber-attacks on large companies in 2016.

SMEs are increasingly becoming a target for cyber criminals because they are less likely to have adequate cyber security measures in place. Yet three quarters (74%) of SMEs questioned do not believe that their business needs this cover, or do not understand how it would protect their business. Common attacks on SMEs include data breaches where confidential files are put at risk; the use of ransomware by fraudsters who try to extort cash from businesses by blocking access to their systems; and hack attacks in which hackers gain access to a company network in order to get hold of sensitive information including customer bank details.

Despite an onset of high-profile cyber-attacks recently, including Yahoo, Tesco Bank, Talk Talk and Camelot, businesses are not protecting themselves sufficiently. RSA research indicates that many businesses are more likely to take out cover when the threat becomes real to them. When questioned, over half (53%) of those with some form of cyber cover have experienced an attack or know of someone who has had an attack.

Age is a determining factor when considering the need for cyber cover. The figures reveal that while 37% of 18 to 34-year-old business owners surveyed have considered cyber cover, only 9% of those over 55 have done the same. The type of business also has an influence on whether SMEs would take out cyber insurance. Just 17% of professional or legal services SMEs have considered taking out this insurance, and ironically just 30% of those in IT or computing.

Top five cyber-attacks of 2016

1. Tesco Bank: £2.5 million siphoned out of 9,000 accounts.
2. Three Mobile: Six million customers’ private information put at risk.
3. NHS: IT system attack shut three hospitals.
4. Camelot: 26,500 player accounts accessed.
5. Yahoo: Admitted to one billion user accounts being comprised in 2013 making it the largest breach in history

Five top tips to protect your business from a cyber attack

1. Install robust anti-malware software: Many cyber-attacks can go unnoticed. The longer this goes on for the more expensive the attack can be. A good software program will block or warn you of any suspicious behaviour. Remember to keep it up to date when installed. The FCA recently fell victim to this crime with its email system being spoofed.
2. Raise awareness: Ensure your employees understand the risks posed by cyber criminals. Inform them about phishing emails, changing passwords often and being vigilant when out of the office with work material and devices.
3. Proper disposal: It seems simple, but disposing of paper material properly is crucial to protection. Make sure documents are shredded when thrown away.
4. Phone calls: Avoid disclosing sensitive information over the phone. Employees should put down the phone to any caller if they have doubts.
5. Insurance: Consider cyber insurance to ensure your business is protected if hackers do hit. Cyber-attacks can be costly and cause wide disruption to a business, not to mention potential long-term reputational damage. Insurance measures can cover losses and repairs.

Russell White, Schemes and Deals Director, Regions and SME, Commercial Risk Solutions at RSA, said: “Cyber-crime is constantly in the headlines and SME owners would be forgiven for thinking it only happens to big business. Just 26% of the SMEs we questioned said they were concerned about a cyber-attack on their IT systems, infrastructure or devices. However, SMEs are perceived by criminals as a soft target, since they are less likely to have stringent security measures in place.

“Cyber-crime can cause a significant financial loss, reputational damage and has legal consequences. For an SME this could mean the difference between staying afloat and going under. This is why it is crucial for SMEs to protect themselves with adequate cover should the worst happen. We urge SME owners and decision-makers to talk to their brokers, for free, about the protection they need.”