Why cyber insurance is vital to protect business value
Why cyber insurance is vital to protect business value
By Alex Dodgshon
30 October, 2025

Share this post:

Why cyber insurance is vital to protect business value

TAGS:  cyber security

An estimated 19,000 UK businesses will fall victim to ransomware attacks before the end of 2025. Will your business be one of them? Cyber crime is on the rise, and as business owners we cannot ignore the possibility of experiencing an attack. Imagine not being able to access the digital files and network services your company needs to function. Apart from the obvious operational impacts, how would an incident of this nature affect future business value? It’s a sobering thought.

In this post we look at the business costs of online attacks, and the vital measures and protections businesses should put in place.

Cyber insurance: a critical business protection measure

If your company was to fall victim to a cyber attack, how would you recover? Cyber insurance policies are an affordable protective measure. In fact, 62% of small businesses now have cyber insurance compared to only 49% in 2024.

The 2025 UK Government cyber security breaches survey highlights that 283,000 businesses (20%) were victims of at least one cyber crime in the past year. Some recent high profile incidents include the car manufacturer JLR and the retail giants Co-op and Marks & Spencer.

High-profile cyber crime incidents

JLR had to cease UK operations and shut down their online systems for just over five weeks following a cyber incident in September 2025. The attack impacted employees, customers and suppliers. Production did not restart until 8th October 2025, leaving the business needing a £1.5bn Government loan to protect jobs in its operations across the UK. The incident cost JLR close to £2bn.

At the time of writing, M&S Retail has still not fully recovered from the ransomware attack it suffered in April 2025. Customer data was stolen and the brand had to shut down online shopping channels for 15 weeks at a cost of £300m.

While businesses with more than 250 employees are more likely to experience a cyber attack, 42% of medium (49 to 249 employees) and a quarter of small businesses (10 to 49 employees) are also vulnerable. Stolen data, fraud, phishing and ransomware are the most common threats, while complex AI impersonators pose an increasing risk.

During due diligence, we are seeing an increase in buyers demanding to see cyber security practices in place and being used, and to see insurance policy documents. There’s a clear and growing expectation that vendors take steps to protect their company against online attacks. If you are looking to exit your business in the coming years, planning to mitigate future risks is good practice.

Every business is at risk of online threats

Online criminals aren’t just targeting large businesses. Smaller businesses are vulnerable too, more so if you are part of a larger organisation’s supply chain. Criminals often target smaller businesses as a gateway to larger businesses. They can be an easy way to gain access to systems and software.

On the flip side, businesses further down the supply chain can also be hit hard by attacks on larger businesses. In the two examples of JLR and M&S, their supply chains were hugely disrupted. In the case of JLR, small businesses were unable to service customers due to a shortage of genuine car parts.

We recommend looking at your supply chain and considering the risks. What controls do your immediate suppliers have in place to mitigate the impact of a cyber attack?

When thinking about this, consider:

  • Just over 4 in 10 businesses reported a cybersecurity breach or attack in the last year.
  • 85% of businesses that reported a breach experienced a form of phishing attack.
  • The average cost of the most disruptive breach to businesses was £3,550.
  • Small businesses have seen a significant increase in carrying out security risk assessments (48%, up from 41% in 2024).

All data from the 2025 UK Government cyber security breaches survey.

How to protect your business against online threats

1. Complete a cyber security risk assessment

It is good practice to carry out a risk assessment to identify weaknesses in your online systems. If you don’t have the internal expertise to do this, consider bringing in an expert to review your systems and processes. Once you have established any vulnerabilities, you can implement controls to provide extra protection.

 

2.Set up basic security controls

  • Implement malware protection and keep it updated.
  • Create data security and password policies and make log in details hard to guess.
  • Install a firewall as an extra line of defence against attacks.
  • Back up data – store data securely and schedule regular back-ups.

3. Set up more advanced controls

  • Set up two-factor authentication for all users.
  • Make VPN mandatory, especially for remote employees.
  • Conduct regular reviews to assess compliance and identify weaknesses.

For further guidance, the Federation of Small Businesses has a useful list of 9 cyber and data security documents your business needs.

Staff training

Cyber insurance can protect against financial loss in the event of an online attack, but education is the best form of prevention. Staff training can raise awareness and increase knowledge to prevent an attack. Every employee must be alert to the risks of online scams and understand how to stay safe online. Include policies that must be followed to prevent falling into common traps.

Ensure business continuity plans cover cyber incidents

In the Government’s data breach survey, small businesses showed a significant increase in implementing incident response measures compared to 2024. Taking guidance on internal and external reporting of incidents, and creating external communication plans in the event of an incident are some of the measures SMEs are embracing. Continuity planning exercises should cover cyber crime as a possibility and outline your business response. You should also seek specialist advice if you are part of the supply chain to a larger company, which could make your business an indirect target.

Prioritise cyber protection to maintain business value

Budgets may be tight, but cyber crime protection is not an area to scrimp on. An attack could cripple your business and severely impact future business value. Cyber insurance provides fundamental protection to help your business recover from an attack. Strengthening systems, planning and staff training will help mitigate potential risks and make your company more attractive to prospective buyers.

Having the correct insurances is one of several factors we assess when supporting owners to plan their exit strategy. If you have reached this stage and would like advice on what to do next, please get in touch or book a free, no-obligation discovery call with us.

Recent Posts

The perils and pitfalls of earn outs
The perils and pitfalls of earn outs
Business Sale
September 29, 2025

The perils and pitfalls of earn-outs

Earn-outs are a growing topic of conversation in the world of business sales. Since 2020, the use of earn-out agreements has increased, mainly due to ...
Learn More
What will life be like after exiting your business?
What will life be like after exiting your business?
Exit Strategy
September 6, 2025

What will life be like after exiting your business?

Selling your business is fraught with more emotion than you could ever imagine. With so much sentiment tied up in the enterprise you built, post-exit ...
Learn More
What happens to a family business when the owner dies?
What happens to a family business when the owner dies?
Business Sale
August 27, 2025

What happens to a family business when the owner dies?

The death of a business owner isn’t the most uplifting topic, but it is vitally important if you own a family business (or a share of one.) Family bus...
Learn More