Gallagher: quarter of SMEs hit by crisis event in 2018 increasing risk of collapse
Research from Gallagher has found that nearly a quarter (24 percent) of UK small and medium enterprises (SME) were affected by a crisis event last year, with the subsequent trading paralysis putting thousands of them at risk of collapse.
Crisis incidents range from cyber-attacks to extortion or industrial espionage and terrorism, costing UK SMEs billions of pounds a year. When extrapolated out to the whole of the UK, the poll of 1,120 UK SMEs suggests that as many as 1.4 million businesses were hit last year.
Gallagher, the insurance broking, risk management and consulting firm, found that UK SMEs paid out an average £6,416.50 in 2018 to deal with crisis incidents. It said this equals a combined business cost of £8.8 billion just for last year.
The percentage of SMEs affected in 2018 was up 5 percent from 2017. Seventeen percent of respondents affected by a crisis reported that they had spent £10,000 or more to manage the aftermath, with nearly one in 10 (9 percent) paying more than £20,000.
Almost a quarter of SMEs (23 percent) said they “would survive for less than a month if rendered unable to trade by a crisis incident”. Gallagher said that based on these findings, we estimate that nearly 57,000 UK SMEs could be at risk of collapse this year if unable in the aftermath of a crisis event.
Paul Bassett, managing director of Crisis Management at Gallagher, said: “Our research illustrates the scale of the challenge facing UK SMEs. When it comes to crises, cyber and IT security clearly represent a ‘soft underbelly’ of businesses that together account for more than 99 percent of private sector firms. Given that the UK economy is heavily tilted towards services, cyber-attacks and data breaches evidently present a growing and grave threat to small and medium-sized businesses.
“Alongside regularly reviewing their crisis preparedness, response plans and forms of protection, such as insurance, it is critical UK SMEs also assess their ability to survive in the event of a major crisis incident when the risk of serious disruption and protracted recovery process is very real.”
However, he added that the cost of a crisis is not the only issue. “Duration is key — especially with a quarter (23 percent) of UK SMEs admitting they could survive for less than a month if unable to trade following an incident. For companies with tight margins and limited working capital, even a relatively short-term denial of access to premises or systems paralysis could be a crippling, possibly fatal, blow.”
The research showed that the most prevalent crisis experienced by UK SMEs last year was a cyber-attack, data breach or cyber extortion incident, which accounted for 15 percent of all events. Financial services sustained the highest number of attacks by a significant margin. More than a quarter (27 percent) of financial services SMEs surveyed were hit by this form of crisis in 2018.
Cyber-attacks, data breaches and cyber extortion also represent the areas of greatest concern for companies in 2019. Half (50 percent) of UK SMEs are most concerned about a cyber crisis taking place this year. Denial of access and business interruption was the second most concerning area, with one in 10 (11 percent) citing this as a major risk.
Tom Draper, cyber practice leader at Gallagher, said: “The prevalence of cyber-attacks against UK SMEs has reached a tipping point – companies ignore these risks at their own peril. Ransomware has become relatively commonplace and pay outs to demands are often met simply in order to resume trading. Failure to comply can result in a crippling period of business interruption, which in many cases, leads to businesses collapsing.
“Data breaches leading to compromised customer data are also proving a major issue for small businesses. Such incidents are damaging in themselves, due to possible cyber fraud and the significant reputational fallout from having to inform customers of a data breach, but SMEs may also find themselves facing significant fines under GDPR. The best way to survive - and thrive - in the aftermath of a cyber incident is to have planned ahead, to ensure that you are able to respond swiftly to an emerging crisis, and to purchase effective cover through a broker to protect your assets and provide expert counsel in the event of an incident.”
Get all the latest re/insurance industry news with our daily newsletter - sign up here.
IGI CEO highlights ‘healthier’ insurance market as H1 results show growth
HDI hires new director of distribution for UK and Ireland
Argo Surety increases single bond capacity; reshuffles key people
CAC Specialty taps up new co-lead for its Financial Lines Practice
Tropical storm Dorian projected to become hurricane
Feature: 10 ways insurers are using insurtech to drive new business
