Briefing: Brokers must bolster commercial cyber cover takeup

Recent online attacks against major retailers, such as Marks and Spencer being targeted by hackers in April 2025, have got a lot of headlines and current column inches.

However, retail is far from the only sector in cyber criminals’ sights. A few years back, for example, a haulage firm was forced to enter administration. Why? Because this proud, 158-year-old firm suffered a catastrophic cyber attack that led to hundreds of staff being made redundant.

Barely a day goes by without cyber attacks featuring in the news.

According to the government’s Cyber security breaches survey 2025, published on 10 April 2025, 43% of UK businesses experienced a cyber security breach or attack in the last 12 months.

For medium and large businesses specifically, this figure rockets to 67% and 74% respectively.

In total, we’re talking well over half a million UK businesses being affected by some form of cyber attack.

Worse still, some 60% of SMEs without cyber cover face bankruptcy within six months of an online attack, according to a 2019 article by US software company Cimcor. These are normal businesses on our high streets or industrial estates that people see day in, day out.

Barely a quarter of SMEs have any cyber cover. Although this is understandable due to macroeconomic headwinds, it is just not sustainable in today’s corporate world.

So why such a low takeup? The reasons are multifaceted, but – broadly speaking – I believe they revolve around three main problems.

1) Affordability

Many businesses are already wrestling cost increases – the most recent rise in national insurance from April 2025, for example, is just the latest one for firms to cope with.

Cyber represents a coverage many businesses have not had before, so it is an additional, unbudgeted expense. However, it is our role as brokers to advise why this cover is vital.

2) Lack of awareness

The threat of cyber attacks is real. But headlines about major high street retailers that have suffered cyber attacks feel unrelatable to the average SME, which sees cyber only as a risk to large corporations.

We need to change this perception and explain the specific risks to SME businesses, replacing hypothetical scenarios with client specific examples about how a cyber attack could impact their bottom line or viability and removing some of that incomprehensible jargon.

3) Too much complexity

Even the word ‘cyber’ makes it seem like this insurance is for tech savvy businesses and not something a florist, for example, might need.

We must be clear that this product does not require a Doctor of Philosophy in computer science.

It is about helping prevent and recover from an attack that could easily take out a business’ card payment system.

Promoting cyber insurance is about more than just financial risk mitigation too – it is about providing proactive support, such as legal cover or information technology recovery.

Mitigating the challenges

So, those are the problems. But the solutions are pretty straightforward. First, let’s make cyber cover really simple for clients to understand.

Second, let’s collaborate. Cyber is one of those issues you cannot tackle alone. We need to work with trade bodies, associations and business networks to spread the word that it is not just large businesses like Marks and Spencer that are in the cyber crosshairs.

Ultimately, SMEs need more than just spotless cyber hygiene and strong cyber defences. They also need robust cyber insurance.

Finally, storytelling. I’m a big believer in sharing examples and stories to help bring the above points to life.

This is not scaremongering, painting some Doomsday scenario or imagining the apocalypse. It is about using examples we can all relate to.

Whether an insurance buyer is a one person business or a finance director, they are all people – none of whom are cyber experts. So, let’s find new ways to bring the risk alive for them.

SMEs are the backbone of our economy. But they are alarmingly vulnerable in the cyberverse. And with artificial intelligence advancing at lightning speed, the frequency and sophistication of cyber attacks is only likely to increase.

More businesses need cover and defence strategies in place. Today’s cyber attacks do not just hit individual businesses, but ripple through supply chains, communities and the wider economy. It is up to us to make sure this ripple does not become an unmanageable wave.