According to research by BT, 42% of small businesses and 67% of medium-sized businesses suffered a cyberattack or data breach in 2025.
Yet despite this, it’s reported that 63% of UK businesses still don’t have adequate cyber cover in place.
It’s a scary reality – and one that could have devastating consequences. So why do so many businesses continue to put themselves at risk?
From concerns about costs to a false sense of security, here the Rigby Financial team take a look at some of the biggest – and most dangerous – misconceptions surrounding cyber insurance.
Myth #1- “Cyber insurance is only for big businesses”
The simple fact is that many SMEs believe they’re too small to be targeted.
Reality: SMEs are frequent targets because attackers know they often have fewer security controls and less recovery capacity.
Myth #2 – “We don’t handle sensitive data, so we don’t need it”
Some businesses assume cyber risk only applies to companies holding financial or medical data.
Reality: Any business with emails, customer details, invoices, payroll, or online systems faces cyber risk.
Myth #3 – “Our IT provider already covers cyber risks”
SMEs often rely heavily on outsourced IT support and mistakenly believe this has them covered.
Reality: IT providers focus on prevention and recovery, NOT financial losses, legal costs, or regulatory fines – those are what cyber insurance covers.
Myth #4 – “Cyber insurance only covers data breaches”
This is one of the most common misunderstandings.
Reality: Policies often cover ransomware, business interruption, system outages, phishing losses, cyber extortion, and incident response costs.
Myth #5 – “It’s too expensive for a small business”
Cost concerns cause many SMEs to delay purchasing coverage…but cover could be as little as £150 per year.
Reality: Cyber insurance is often affordable, and the cost of a single cyber incident can far exceed annual premiums.
Myth #6 – “If we have good cybersecurity, insurance isn’t necessary”
Some SMEs believe security tools eliminate risk.
Reality: Good cybersecurity definitely helps but even strong security can’t prevent all attacks. Insurance complements cybersecurity by covering residual risk and recovery costs.
Myth #7 – “Claims are hard to make and rarely paid”
There’s a perception that cyber insurers avoid paying claims.
Reality: Claims are paid when basic security requirements are met and policies are properly matched to the business risk.
Myth #8 – “We’ll know immediately if we’re attacked”
This false belief leads to delayed reporting and response.
Reality: Many breaches go undetected for weeks or months, increasing damage and costs – timely reporting is critical.
Myth #9 – “Regulatory fines and legal costs aren’t our problem”
Some businesses underestimate their legal exposure.
Reality: Privacy laws and contractual obligations mean SMEs can face fines, lawsuits, and client claims after a cyber incident.
Why take the risk?
One innocent click on a malicious link can be all it takes to bring your entire business to its knees.
Don’t take unnecessary risks.
Whatever the size of your business, it pays to have proper protection in place. Visit our cyber insurance page now to find out more or contact the team today and let’s talk.