A recent survey conducted by Pen Underwriting has uncovered a significant disconnect between how businesses in the UK and Ireland perceive their protection against cyber-attacks and their actual cyber resilience. The study, which polled 300 business insurance decision-makers across various firm sizes, found that 90% of respondents believed they were protected against potential cyber-attacks, while 81% were confident in their ability to recover quickly in the event of an attack.
Key Findings
However, the survey revealed that less than half (47%) of the businesses had dedicated cyber cover in place, which provides crucial risk management services and expert-led breach response. This figure dropped to just 18% for the smallest firms with a turnover of less than £1 million.
The research also showed that UK and Irish businesses are more likely to be targeted by cyber criminals than to suffer damage from other perils they typically insure against. Over the past five years, 39% of surveyed businesses had been targeted by cyber-attacks at least once, with 81% of those attacks posing a serious threat to the business.
Cyber-Attack Frequency
The frequency of cyber-attacks far exceeds other business risks. In the past five years:
- 39% of businesses were targeted by cyber criminals at least once
- 81% of those targeted reported serious threats to their business
- 74% suffered both commercial disruption and financial loss
- 80% were targeted more than once
In contrast, only 10% experienced fire or fire damage, and 7% suffered flood damage over the same period. Even theft had a lower frequency (35%) than cyber-attacks.
Business Impact and Preparedness
The top five commercial consequences of cyber-attacks reported by affected businesses were:
- Financial loss
- Data breach/loss of sensitive information
- Loss of employee time/productivity
- Operational disruption/increased cost of working
- Reputational damage
More than a quarter (26%) of businesses that experienced cyber-attacks reported that the impact lasted more than a week. However, 80% of all surveyed firms stated they couldn’t afford to be offline for more than a week, with 41% saying they would struggle commercially if offline for just a day.
Small Businesses Most at Risk
The survey highlighted that smaller businesses (those with a turnover of less than £1 million) are particularly vulnerable:
- 50% have no cyber insurance
- 38% don’t monitor their cyber security
- Only 31% perform regular data back-ups
- Only 32% train employees on cyber security
Despite this, 84% of small firms believed they were protected or very protected against cyber-attacks, and 72% were confident they could recover quickly if hit.
Expert Insights
Ian Summerfield, Head of Cyber at Pen Underwriting, commented: “Our research underscores the concern that businesses are underestimating their vulnerability to cyber-attacks while overestimating their cyber security and resilience. Cyber risk should be a fundamental part of every business’s insurance conversation, just like property and liability.”
He added: “Cyber insurance provides more than just financial compensation. It offers vital risk management services to improve cyber security and immediate access to experts in case of a breach, minimizing downtime and expediting recovery.”
