Arthur J Gallagher, the insurance broking risk management firm, has urged all smaller firms to take up cyber insurance to ensure they can survive an attack

Gallagher's survey found nearly a quarter of SMEs don't think they'd survive even a month if their businesses were interrupted

Insurance brokering firm Arthur J Gallagher has revealed UK SMEs paid a total of £8.8bn ($10.8bn) in costs for crisis incidents in 2018, with an average figure of £6,400 ($7,800) per company affected.

Overall, 24% of smaller businesses in the UK were impacted to some degree by a crisis event, costing 17% of them £10,000 ($12,250) or more, with 9% paying in excess of £20,000 ($25,000).

Data breaches, cyber-attacks, malware and ransomware attacks were the most prevalent form of crisis event, accounting for 15% of all incidents in 2018.

Paul Bassett, managing director of crisis management at Gallagher, said: “Our research illustrates the scale of the challenge facing UK SMEs.

Paul Bassett, managing director of crisis management at Gallagher talks about the scale of the problem caused by cyber crime (Credit: Gallagher)

“When it comes to crises, cyber and IT security clearly represent a “soft underbelly” of businesses that together account for more than 99% of private sector firms.

“Given that the UK economy is heavily tilted towards services, cyber-attacks and data breaches evidently present a growing and grave threat to small and medium-sized businesses.”

Gallagher’s findings were based on a survey of 1,120 UK SMEs.

Cyber insurance take-up grows among SMEs, but Gallagher urges more to buy

According to market analytics firm GlobalData, the level of penetration for cyber insurance among SMEs has grown significantly since 2014.

But with Gallagher’s survey also revealing 23% of smaller businesses in the UK believe they wouldn’t survive a month if their business was interrupted by a crisis event, Bassett urges companies to consider both their coverage and risk management plans.

“Alongside regularly reviewing their crisis preparedness, response plans and forms of protection, such as insurance, it is critical UK SMEs also assess their ability to survive in the event of a major crisis incident when the risk of serious disruption and protracted recovery process is very real,” he said.

Cyber insurance penetration rose sharply among UK SMEs between 2014 and 2018 (Credit: GlobalData’s UK SME Insurance survey)

“For companies with tight margins and limited working capital, even a relatively short-term denial of access to premises or systems paralysis could be a crippling, possibly fatal, blow.

“We urge all businesses to ensure they have the crisis cover and plans in place to strengthen their ability to anticipate, prevent, respond and recover from a major security incident”


Crisis incident insurance isn’t just about paying claims

In the event a cyber attack, or less-likely a terrorist event impacts an SME, they can recover the costs of physical damage and business interruption with appropriate cover.

Based on its findings Gallagher predicted that 57,000 of the UK’s 5.7 million SMEs could collapse in 2019 due to an inability to trade following a crisis event.

But the firm also believes the value of a crisis policy lies not just in its capacity to pay out, but in the additional services it provides.

Bassett says that help included with these services covers the likes of access to emergency funds, 24/7 crisis response consultants, post-incident counselling and business recovery advice.

Each of these are used so that businesses can “stay solvent and help them and their people recover quickly”, he said.