Howden urges insurers to tackle cyber cover penetration gap as 52% report attack in last five years

Insurers and brokers have to drive greater cyber insurance penetration among UK companies as cyber attacks continue to rise, according to broking group Howden.

This call comes after Howden published new research today (25 November 2024) on UK businesses’ cyber resilience, based on a survey of 905 information technology and risk managers – this found that 52% of its respondents suffered at least one cyber attack in the past five years, equating to £44bn of lost revenue.

From this 52% of respondents, 1.3 million private sector companies have experienced at least one cyber attack in the past five years, costing on average 1.9% of revenue.

The study further found that businesses with an annual revenue of over £100m were the most targeted group by cyber criminals, with 74% of this demographic that were polled having suffered a cyber attack over the past five years.

However, threat levels are elevated across all business sizes – Howden noted – with 49% of SMEs with a revenue of £2m to £50m also experiencing a cyber attack over the same five-year period.

The most common causes of cyber attacks were compromised emails (20%) and data theft (18%), with the average cost of these attacks equating to £2.1m and £2m respectively.

Despite growing instances of cyber attacks, take up of even the most basic cyber security measures remains low, Howden found, highlighting a critical cyber security knowledge gap within UK businesses.

Howden added that at present, 61% of businesses are actively using antivirus software and only 55% are employing network firewalls.

Organisations cite a number of obstacles to improving their cyber security, including cost (26%), insufficient knowledge (26%) and a lack of internal IT resources (22%).

‘Vital role to play’

By implementing basic cyber security measures, Howden believes that UK businesses could reduce cyber attack costs by up to 75%. Cyber security steps could also save firms £3.5m over 10 years, equating to a return on investment of 25%, the broker predicted.

Sarah Neild, head of UK cyber retail at Howden, explained: “Cyber crime is on the rise, with malicious actors continuing to take advantage of cyber security vulnerabilities, particularly as firms become ever-more reliant on technology for their operations.

“UK businesses are currently losing a significant amount of revenue to cyber attacks and the insurance industry is crucial to strengthening resilience and raising awareness of the security measures needed to help businesses protect their operations.”

To encourage cyber cover take up, respondents said that new policy measures – such as tax relief on cyber investment (33%) – will be the most effective way of improving cyber resilience within businesses.

Businesses added they would like to see free access to cyber expertise and resources, compulsory minimum cyber standards and the introduction of compulsory cyber insurance to help mitigate cyber attacks.

Howden noted: “The insurance industry must work alongside the government to raise awareness of the growing severity and frequency of cyber attacks and the return on investment that can be achieved with the implementation of cyber security measures.

“In addition, the insurance industry has a vital role to play in boosting resilience by advising businesses on security and offering incident response services.”

Neild concluded: “Engagement with SMEs will be particularly important. This segment has been historically underserved by the cyber insurance market, yet forms an important backbone of economic activity – both in terms of its size, but also as an engine of growth.

“Through increased insurance penetration and education about implementation, we can help businesses improve their cyber resilience and protect against loss of revenue from these attacks.”