Aviva: SMEs are leaving themselves exposed to cyber attacks

Despite escalating digitisation, Aviva found that over three-quarters of businesses do not have any cyber insurance cover in place

New research from Aviva, a multinational insurance company, found that the majority (86%) of British small to medium enterprises (SMEs) do not have any cyber insurance cover in place.

Aviva’s latest SME Pulse Survey, which polled 505 SMEs in the UK, found that this lack of insurance protection comes at a time of rapid digitisation. Statistics showed that 41% of SMEs updated their website in response to the pandemic, and 39% moved online or improved their online offering. Nearly all (96%) of those who made a change confirmed that they would keep the changes. However, despite increasing their digital presence, only 11% updated their cyber cover at the time.

Only 14% of SMEs said they had any cyber cover, with significant regional variances. Just 3% of Scottish SMEs had cyber cover in place, compared to 32% in Northern Ireland.

Alana Muir, Senior Cyber Underwriter at Aviva, said: “The pandemic has accelerated digital adoption across all businesses, meaning cyber insurance has quickly moved from a perceived luxury to an absolute must-have. Cyber cover doesn’t just protect businesses against an attack, but it also ensures they have fast access to expert specialists, so they can return to normal as quickly as possible in the event of a cyber incident.

“We know from our Aviva Risk Insights report that cyber-attacks are one of the biggest issues faced by SMES. This gives us a perfect storm where cyber attacks are increasing while businesses leave themselves exposed through lack of cover. So it is important that businesses make sure they are not just staying on top of their digital admin but they are also covered if they are one of the increasing number being targeted by online criminals.”

Aviva’s top tips for business owners:

  1. If you are unclear about your digital risk, contact your insurance broker to understand the risks to your business and what protection you may need.
  2. Always use individual identification and passwords to access your computer equipment and change default or manufacturers passwords.
  3. Back up all data every 7 days or less and store backups securely and away from the data or programmes they relate to.
  4. All personal and business data must be stored and disposed of in a secure manner. Remember the definition of ‘personal data’ includes information you hold on suppliers, business emails, and employee data.
  5.  Install any updates for firmware, operating systems, software, or programmes within 14 days of release where the updates address a vulnerability described by provider as critical, important, or high.
  6. Ensure that any equipment connected to the internet or other network is protected by a suitable firewall and ensure it is updated automatically or at intervals of a month or less.

Featured Articles

AWS launches 2023 European Defence Accelerator for startups

AWS is launching its European Defence Accelerator, open to startups interested in doing business with defence and national security organisations

Gartner unveils top cybersecurity predictions for 2023-2024

Half of CISOs will formally adopt human-centric design practices into their cybersecurity programmes, while adoption of zero trust architecture will rise

DDoS protection market to grow amid increase in attacks

According to research by Cloudflare, DDoS attacks increased by 109% last year, with the last 12 months seeing some of the largest attacks the world

The impact data poisoning has on cyber and AI

Cyber Security

Five innovative ways AI can help prevent cyber attacks

Cyber Security

SailPoint delivers new non-employee risk management solution

Cyber Security