Over a quarter of SMEs still don't train staff on cyber threatsRunning a small business is no mean feat – ensuring that the business is making a profit from day to day is a 24/7 job on its own, and the list of wider responsibilities that fall under the business owner’s remit is ever-growing. But in today’s tech age, SMEs now need to add cyber threat to the list of concerns.

These days, it’s highly likely that a business will hold a larger number of intangible assets than physical – customer data stored online is the new filing cabinet in the back office. It’s no surprise then that with this shift in assets, we’ve seen cybercrime rates overtake traditional crime, as criminals realise that gaining access to this data can be conducted from the comfort of their own homes, yet still cause devastating effects for the enterprise.

With recent high-profile cyber-attacks bringing the threat of cyber into the limelight, we were shocked to find that over a quarter of SMEs (27%) are still not educating and training their staff on this risk. This revelation became even more astounding when we delved into our own claims data. We found that 38% of our cyber claims in 2016 were caused by phishing scams, an easy tactic to recognise, so this could arguably have been avoided if employees at these organisations were educated to become familiar with these threats.

To add to this, 90% of our claims by volume also came from businesses with less than £50 million in revenue between 2015 and 2016, highlighting just how vulnerable SMEs are to relatively unsophisticated cyber-attacks. With SMEs saying that cyber risk is the biggest threat to their business after Brexit (31%), it’s surprising that small businesses are not yet amending their training processes accordingly. Although 26% of SMEs said that they didn’t know where to start with cyber education, this could be a result of 20% never assessing the business exposure to risk.

SMEs absolutely must be taking a two-pronged approach in guarding against cyber threat, implementing good security and risk management practices along with a strong cyber insurance policy. For SMEs that are time-poor and cash-strapped, cyber insurance policies exist not only to pay for financial losses should their systems be compromised, but also to help them handle and resolve incidents quickly and effectively.