A report commissioned by Arthur J. Gallagher (A. J. Gallagher) reveals how unprepared UK small and medium-sized enterprises (SMEs) are to manage and respond to rising security threats, calling on the broker community to improve awareness and education of the exposures.
UK SMEs are becoming increasingly aware of security threats to their businesses, such as a terror event or a cyber breach, with 44% of more than one thousand SME business leaders recently surveyed expecting to experience some kind of an attack in the near future.
But despite the growing awareness and rising global threat, the report, commissioned by A. J. Gallagher and completed by YouGov, reveals that UK SMEs are dangerously unprepared to respond to a crisis scenario.
Managing Director of A. J. Gallagher’s Crisis Management division, Paul Bassett, said; “It is vital for SMEs to build a culture of crisis resilience. Their growing awareness of an overall increase in security threats needs to be matched by actions that will help them mitigate and manage their own vulnerability to those risks.
“Our research shows education is key; clearly, there is a disconnect between the current level of planning by SMEs and how resilient they believe themselves to be, creating a false sense of security.
“Many evidently feel they are too small to be targeted but today’s fast-evolving security threats are often not targeted at any particular company or industry. Exposure to the risk of non-damage business interruption – where no physical loss has been suffered but you aren’t able to trade – is a particular area of concern. That could be experienced because of proximity to a terrorist incident or an indiscriminate cyber extortion attack, for example.”
The risk landscape has changed dramatically in recent times, and the report explains how events like cyber extortion and terror attacks are often non-targeted. This suggests that while SMEs might regard themselves as too small to be targeted, with just 17% of those surveyed having attempted to assess their exposure, a cyber breach or terrorist attack is perhaps as likely to target a large company as a smaller one.
“Large security cordons, for example, prevent access to premises, while mass ransomware attacks mean smaller firms are often more vulnerable than large organisations,” explains the report.
The report calls on the broker community to educate UK SMEs on the issue and potential threat.
“Identifying this perception gap shows there is an important role for brokers to play in helping small and mid-sized firms better understand the nature of today’s security threats, their vulnerability to them and the steps that can be taken to mitigate those risks over and above the arrangement of insurance,” says the report.
Insurance and reinsurance protection clearly has a role to play and with just 30% of SMEs surveyed having insurance protection in place for various security threats, it’s apparent that greater penetration is needed.
Executive Director of Crisis Management at A. J. Gallagher, Justin Priestley, added; “It’s impossible to insure against every eventuality, but brokers have an opportunity to demonstrate their value by taking a consultative approach and working with SMEs on a more in-depth risk assessment and analysis. This will allow clients to make informed decisions about the steps they can and should take to become more crisis resilient.
“The provision of new solutions, that respond to a wide-range of security threats but at a cost-effective price point, will also help to ensure smaller businesses, in particular, are in a better position to anticipate, prevent, respond, and recover if hit by the unexpected. After all, a £50,000 cyber extortion demand or week of business closure is much more likely to threaten the survival of an SME than a large firm.”