Aviva: SMEs are leaving themselves exposed to cyber attacks

New research from Aviva, a multinational insurance company, found that the majority (86%) of British small to medium enterprises (SMEs) do not have any cyber insurance cover in place.

Aviva’s latest SME Pulse Survey, which polled 505 SMEs in the UK, found that this lack of insurance protection comes at a time of rapid digitisation. Statistics showed that 41% of SMEs updated their website in response to the pandemic, and 39% moved online or improved their online offering. Nearly all (96%) of those who made a change confirmed that they would keep the changes. However, despite increasing their digital presence, only 11% updated their cyber cover at the time.

Only 14% of SMEs said they had any cyber cover, with significant regional variances. Just 3% of Scottish SMEs had cyber cover in place, compared to 32% in Northern Ireland.

Alana Muir, Senior Cyber Underwriter at Aviva, said: “The pandemic has accelerated digital adoption across all businesses, meaning cyber insurance has quickly moved from a perceived luxury to an absolute must-have. Cyber cover doesn’t just protect businesses against an attack, but it also ensures they have fast access to expert specialists, so they can return to normal as quickly as possible in the event of a cyber incident.

“We know from our Aviva Risk Insights report that cyber-attacks are one of the biggest issues faced by SMES. This gives us a perfect storm where cyber attacks are increasing while businesses leave themselves exposed through lack of cover. So it is important that businesses make sure they are not just staying on top of their digital admin but they are also covered if they are one of the increasing number being targeted by online criminals.”

Aviva’s top tips for business owners:

1. If you are unclear about your digital risk, contact your insurance broker to understand the risks to your business and what protection you may need.
2. Always use individual identification and passwords to access your computer equipment and change default or manufacturers passwords.
3. Back up all data every 7 days or less and store backups securely and away from the data or programmes they relate to.
4. All personal and business data must be stored and disposed of in a secure manner. Remember the definition of ‘personal data’ includes information you hold on suppliers, business emails, and employee data.
5.  Install any updates for firmware, operating systems, software, or programmes within 14 days of release where the updates address a vulnerability described by provider as critical, important, or high.
6. Ensure that any equipment connected to the internet or other network is protected by a suitable firewall and ensure it is updated automatically or at intervals of a month or less.