In the last five years, nearly three-quarters of UK SMEs have been impacted by a cyber incident, according to a recent survey by Coalition, an active insurer focused on preventing digital risks.
Coalition’s study, conducted by an independent research organisation in September 2025, surveyed 600 senior insurance decision-makers at mid-market firms across England, Scotland, and Wales.
The research also found that many businesses (35%) that previously held standalone cyber cover no longer do. Among those who opted against standalone policies, 35% said they believed they had sufficient cyber cover under their broader commercial insurance policy.
Tom Draper, Coalition’s UK Managing Director, said, “Our research shows that many SMEs shifted their insurance priorities away from cyber insurance cover during the hard cyber market, and have not returned since the market has improved its offering.
“However, this year, it’s been difficult to avoid seeing the consequences of a cyber attack, with big brands and high-profile organisations hit with disrupted operations and large recovery bills. Our survey shows that these events are now spurring decision makers into action, with 30% saying it has encouraged them to review their cyber insurance or request standalone cyber insurance quotes.”
The findings also revealed that businesses report being more vigilant about cyber risks (38%) and more aware of the importance of cyber insurance (37%). Yet an alarming proportion (35%) still feel the risk does not outweigh the cost of purchasing cyber cover, and a similar share (33%) believe they are unlikely to experience a cyber incident. Given that most respondents estimated a cyber incident would cost around £200,000, this remains a risky—and potentially costly—decision.
The research indicates that this year’s high-profile incidents, such as the cyber attack on the British retailer Marks & Spencer (M&S) in April 2025 and Jaguar Land Rover in late August 2025, have helped strengthen businesses’ preparedness. Nearly two-fifths of businesses said they feel secure because they have a plan in place to handle a cyber incident, 36% of respondents have allocated more budget to cybersecurity, and 35% have reconsidered the level of cover needed to protect themselves.
Draper added, “We have seen several high-profile cyber incidents this year, and while it raises the profile of cybersecurity and the importance of having robust cybersecurity systems in place and adequate insurance, it can also lead to the perception amongst SMEs that cybersecurity is a ‘big company’ issue.
“While major retailers, food, and consumer companies like Jaguar Land Rover and M&S have the resources – and often the cyber insurance – to weather such incidents, most SMEs lack both the financial resilience and the resources to recover quickly. Cyber risk is no longer just an IT issue; it’s a fundamental business continuity threat that smaller and midsize firms must urgently prioritise.”
