Cyber insurers are increasingly focusing on small-to-midsize enterprises (SMEs), with the majority of policies designed to cover businesses generating less than $10 million in annual revenue, according to a recent report by AM Best.
The survey, which captured insights from nearly 70% of the world’s largest 60 cyber insurers—representing around $8 billion in premiums—revealed the growing exposure these smaller businesses bring to the insurance market.
Although large corporations are often seen as prime targets for cyberattacks due to their significant wealth and large data holdings, SMEs now account for more than 80% of all cyber policies.
Ransomware continues to be the most prevalent type of claim, frequently involving swift payouts to cybercriminals. Over half of reported claims relate to “incident response,” including ransomware attacks and business email compromises.
While some businesses manage to avoid paying ransoms, those that do not often face even higher financial losses due to business interruptions, which can surpass the cost of the ransom itself.
AM Best’s analysis indicates that business interruption claims are costlier than incident response claims on a per-claim basis, representing 25% of total net incurred losses, compared to 14% for incident response.
Christopher Graham, senior industry research analyst at AM Best, cautioned that the systemic nature of cyber risk requires close attention to aggregate exposure. He highlighted that as SMEs increasingly rely on shared cloud and service platforms, the potential for widespread impact grows.
Related topics
