Insurance Day is part of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC’s registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

This copy is for your personal, non-commercial use. For high-quality copies or electronic reprints for distribution to colleagues or customers, please call UK support +44 (0)20 3377 3996 / APAC support at +65 6508 2430

Printed By


Viewpoint: Insurers must do more to protect SMEs against cybercrime

Statistics show 53% of SMEs suffered a cyber attack in 2021

Cyber crime is set to reach a new record high in 2022 and SMEs are most at risk. Insurers must be more proactive about protecting them, for the sake of our economies and wider society 

Today’s cyber criminals are entrepreneurial, organised and ruthless, and they increasingly seek to attack the most vulnerable. 

The rise of ransomware is a particularly big issue. Between 2019 and 2020, more than 600 US towns, cities, and counties suffered ransomware attacks that forced the closure of hospitals, police departments, and other public services.

Even a large global insurer such as Mapfre is not immune to this threat. We suffered a cyber attack on the night of August 14, 2020. The timing was no coincidence, since August 15 is the day with the highest number of vehicle transactions in the year. But it all started a year earlier.

It was August 2019 when the attackers began to take their first steps against us, investing significant amounts of time and money developing the attacking and testing strategies they finally used to break into Mapfre’s systems.

Our security measures and contingency plans for this type of incident worked as expected, and allowed us to achieve our main objective: to guarantee uninterrupted service to our clients and the privacy of their data. But this does show how all of us are potentially vulnerable to this wave of cyber crime, no matter how big we are or how much we prepare against it.


The weakest link

Small and medium-sized enterprises (SMEs) are the most vulnerable businesses of all. Statistics show 53% of SMEs suffered some form of cyber attack in 2021. SMEs represent a huge part of the global economy and are vital to our economic future, employing more than two billion people worldwide.

Yet they are vulnerable precisely because of a lack of awareness of the danger. In Spain alone, 99.8% of SMEs do not consider themselves a target for cyber attacks. Partly as a result of this misplaced confidence, 60% of SMEs go bust within six months of suffering a cyber attack.

SMEs are now even more at risk after the pandemic. This is because the rise of remote and hybrid working and use of devices to access company systems and data remotely increases the number of vulnerable access points. Any SME can be accessed from just one employee laptop with out-of-date cyber protection,  or from just one person clicking a link on an email.

At the same time, because they are now so connected, larger organisations can be targeted through the under-protected SMEs in their supply chains. Protecting SMEs is therefore not only the right thing to do – and essential for our future global prosperity – it is also vital to keeping all of us protected. In short, we must all work together to help solve this problem.

Insurers can be more proactive in offering SMEs advice and support to understand why they need cyber insurance and what they need to cover. Mapfre’s SME cyber insurance product costs an average of just €400 ($412) but only around 3% of our SME clients have bought the product so far, proving it is not enough for insurers simply to offer SME cyber insurance and leave it at that.

Because of this, Mapfre now offers a range of SME cyber support services to analyse companies’ current and potential risks and recommend appropriate mitigation and protection strategies.


Shaping public policy

However important is it to protect SMEs, the overall trend in cyber crime is towards more sophisticated and targeted attacks with greater disruptive potential. Just as insurers must become more proactive to educate and protect SMEs, so must society also band together to help protect society against large-scale cyber attacks.

The scale of the threat is significant, on a par with the global climate crisis, or even the pandemic. In those instances, we saw governments and pharmaceutical companies collaborate to develop effective vaccines to help bring us out of lockdowns.

For a while we have also seen government agencies partner with insurers to share the costs of mitigating and protecting against extreme weather events caused by climate change. Following this same example, we now need an effective public-private partnership to combat the potentially catastrophic cyber threat.

This will involve transnational legislation targeting cyber criminals and pooling the costs of responding to large-scale cyber terrorism. Insurers can help to lead the way, educate the public, and shape public policy with governments. Indeed, if we are serious about combatting this threat, it is a moral imperative for us to act, and sooner rather than later.


Antonio Huertas is chairman of Mapfre

Related Content





Ask The Analyst

Ask The Analyst - Ask Your Question Send your question to our team of expert analysts. You can: • Ask for background information on/explanation of articles in Insurance Day * • Find out more about our views on industry developments • Ask for an interpretation of market trends • Source supplementary data relating to articles • Request explanations to further your understanding of current issues (* This relates to any Insurance Day that is included as part of your subscription) We will do the research and get back to you personally with the information you need.

Your question has been successfully sent to the email address below and we will get back as soon as possible. my@email.address.

All fields are required.

Please make sure all fields are completed.

Please make sure you have filled out all fields

Please make sure you have filled out all fields

Please enter a valid e-mail address

Please enter a valid Phone Number

Ask your question to our analysts