Specialty insurer Beazley has called on SMEs to strengthen their cyber security frameworks. Based on its global experience managing cyber exposures, the firm has issued guidance on key actions SMEs should prioritise.
Cyber threats are increasingly affecting small and medium-sized enterprises (SMEs), with incidents such as phishing, ransomware, and supply chain attacks on the rise, extending risks beyond large corporates.
As digital reliance grows and the threat landscape evolves, many SMEs continue to face challenges in developing cyber resilience. A significant number remain without the in-house expertise or strategic resources needed to manage cyberattacks and data breaches effectively.
Among the recommended measures, Beazley advises that employee training should be regular, aimed at equipping staff to identify phishing and social engineering tactics. It highlights that human error remains a critical vulnerability in cyber defence.
The insurer also underscores the importance of maintaining up-to-date systems. Regular patching of software and security tools is encouraged to close potential entry points for cybercriminals.
Beazley also points to multi-factor authentication (MFA) as a necessary safeguard, noting that strong passwords alone are insufficient to protect against credential theft and unauthorised access.
In addition, the firm recommends that SMEs undertake regular vulnerability assessments, including port testing and threat evaluations, to identify and address security gaps proactively.
Another key component is the establishment of an incident response plan. Beazley notes that having such a plan, combined with specialist cyber insurance, can facilitate quicker recovery following an attack.
The firm also cautions against over-reliance on external IT providers. It advises SMEs to understand their responsibilities, review cloud provider agreements carefully, and verify their security and monitoring protocols, as outsourcing services does not eliminate risk.
Sam Franks (pictured above), country manager and head of partner engagement UK and Ireland at Beazley, said that the cyber threat environment is developing rapidly, and SMEs are increasingly exposed.
“Cybercriminals are becoming more organised and opportunistic, using increasingly sophisticated tools to exploit even the smallest vulnerabilities. The rise of remote working, digital payments, and cloud-based systems has expanded the attack surface for businesses of all sizes,” Franks said.
Recent data from the UK government’s Cyber Security Breaches Survey 2025 highlights the scale of the issue, with 43% of businesses reporting a cyber security breach or attack in the past 12 months. The financial repercussions are also notable, with the average cost of the most disruptive breach recorded at £1,600, rising to £3,550 when excluding those businesses that reported zero cost.
Despite these risks, cyber insurance uptake among SMEs remains limited. A 2025 survey found that only 40.2% of SMEs have a cyber insurance policy in place, suggesting a significant gap in protection that leaves a large portion of the sector vulnerable to financial and operational disruption.
The nature of cyber threats is also shifting, with artificial intelligence (AI)-generated attacks emerging as a growing concern. Currently, over a third of SMEs cited AI-related threats as their primary cyber security worry.
These threats include the use of AI to automate phishing attempts, generate more convincing fraudulent communications, and bypass traditional security controls, adding a new layer of complexity for businesses attempting to secure their digital environments.
The broader market reflects a growing emphasis on cyber resilience, with the UK cyber insurance market projected to expand from US$1.53 billion in 2025 to US$2.87 billion by 2030, representing a compound annual growth rate of 13.4%.
“There is a full spectrum of cyber risks and, for SMEs, the risks are especially high – from business email compromise and malware infections to third-party software vulnerabilities and insider threats. Without an effective defence and policy in place, a single incident can lead to severe financial loss, operational disruption, and reputational damage,” Franks said.
What are your thoughts on this story? Please feel free to share your comments below.
