When businesses come under financial pressure, something interesting happens. They look for ways to cut costs, streamline operations, and do more with less. That’s entirely rational. But some of the decisions that follow can quietly change a business’s risk profile in ways that don’t get picked up at insurance renewal.
Here’s a pattern we see regularly. A business that previously used a specialist IT provider decides to bring support in-house to save money. Or a company that had robust data backup processes starts relying on a single system. Or an employee who’s been told to reduce their workload starts taking shortcuts with how they handle supplier emails.
None of these decisions are made maliciously. But each one can increase the likelihood of a successful cyberattack and reduce the speed at which a business can respond if one occurs.
The latest research underlines just how widespread the threat remains. The government’s Cyber Security Longitudinal Survey*, published in February 2025, found that 82% of medium and large-sized businesses experienced a cyber incident in the past year. The Cyber Security Breaches Survey 2025 puts the overall business figure at over 43%, rising to 93% when cybercrime specifically is considered. Phishing attacks remain the most common route in, experienced by 85% of businesses that reported a breach, because they work precisely when someone is busy, distracted, or under pressure.
There are signs that awareness is improving. Adoption of Cyber Essentials among larger organisations has risen from 23% to 30%, which reflects a growing recognition that basic protections matter. But certification and insurance are different things, and while stronger cyber hygiene reduces the likelihood of an incident, it does not eliminate it.
That’s where cyber insurance does its job. It supports businesses at the moments when they’re most vulnerable: helping to track down stolen funds if cybercrime has occurred, covering the cost of getting systems back online after a breach, managing the GDPR notification process within the required 72-hour window, and meeting the legal costs that can follow a data compromise.
But a cover only does that job if it’s in place and up to date before an incident happens. If your business has changed in the last year, including how you manage your IT, who has access to your systems, or how you handle customer and supplier data, it’s worth a conversation about whether your cyber cover still reflects your risk.
Tell us what’s changed, and we’ll help you assess whether it affects your cover.
*https://www.gov.uk/government/publications/dsit-cyber-security-newsletter-march-2026/