Although managed service providers are being told they need to work with the insurance industry, the message is yet to get to a vast numbers of customers
There have been suggestions that cyber insurance could become a market differentiator, dividing the haves and have-nots in terms of who has been approved actively secure by the insurance industry.
But for the insurance industry to have a wide-scale influence on the channel and customer base, it must be taken seriously, and there are indications from Artic Wolf that a significant number of users are yet to embrace the concept of cyber security.
The firm’s 2025 Cyber insurance report revealed that only half of businesses in the UK and Ireland (UK&I) have cyber insurance. That means the other half are yet to sign up to schemes that could help them with the average £90,000 cost of a cyber attack.
When the security player quizzed insurance brokers to get a picture of what was happening with customers, it found that 70% of UK&I brokers expected the number of new cyber claims to rise over the next year.
As threat tactics evolve, cyber insurance is no longer a ‘nice to have’ but a strategic pillar of modern risk management
Kevin Kiser, Arctic Wolf
Kevin Kiser, senior director of strategy for insurance alliances at Arctic Wolf, said that adding insurance was becoming a necessity for customers looking to mitigate against the cost of threats.
“As threat tactics evolve, cyber insurance is no longer a ‘nice to have’ but a strategic pillar of modern risk management,” he said.
Arctic Wolf found that 18% of those it quizzed had seen clients attacked in the past year, with the average claim coming in at £87,000, rising to £633,641 for large businesses.
There were also signs that brokers in UK&I were more likely to partner with security providers as they looked to mitigate risk and establish a baseline of risk management.
“While the insurance industry is working with clients to improve protection, attacks are ultimately costing businesses hundreds of thousands of pounds’ worth of damage. Building on this momentum will therefore be critical to businesses not just staying protected, but fully operational in the months and years ahead,” said Kiser.
Cyber insurance has hit the headlines a couple of times in the past month, as MSPs were warned they need to take it seriously and it is becoming a compliance hurdle that needs to be cleared.
Ritchie Puckey, head of compliance at Espria, expressed the views of many, warning that those who view cyber insurance as a tick-box exercise and a case of filling in a form are sadly mistaken.
“This dangerous assumption is leaving small businesses seriously unprepared,” he said. “There is a cyber insurance crisis quietly unfolding for British SMEs that most business leaders are currently underestimating. The flawed assumption is that a policy is a simple protection layer, but the reality has changed dramatically: cyber insurance is the new compliance. SMEs need to be ready to demonstrate exactly how they are managing cyber risk in the modern security landscape.”
