Abstract:
Cyber insurance is increasingly positioned as a complementary tool for managing cyber risk, yet Small to Medium-Sized Enterprises (SMEs) remain underrepresented in its adoption. This study investigates the perceptions, decision-making dynamics, and support needs of SMEs regarding cyber insurance, drawing on 38 semi-structured interviews with SMEs, insurers, brokers, and other relevant stakeholders. The findings reveal that many SMEs deprioritise cyber insurance; not because they dismiss its importance outright, but due to a combination of limited awareness, concerns over cost, and a perception that its value is minimal unless required by clients or regulators. This hesitation is further shaped by several key barriers: complex policy language, a lack of trust in insurers, and unclear internal ownership of cybersecurity responsibilities. Despite these challenges, the study identifies promising strategies to boost adoption. These include simplifying policy structures, fostering trust through collaborative awareness efforts, introducing financial incentives tailored to SME budgets, and offering accessible, user-friendly tools that help businesses assess their cyber risks and insurance needs. By identifying actionable strategies and addressing both cultural and structural barriers, this study contributes to efforts to enhance cybersecurity resilience in the SME sector.
The talk is based on the following research paper:
Rodney Adriko and Jason R. C. Nurse (2026) Cybersecurity and cyber insurance for Small to Medium-sized Enterprises (SMEs): Perceptions, challenges and decision-making dynamics. Computers & Security, 153:104818, 21 pages. Read the paper at https://doi.org/10.1016/j.cose.2025.104818 or https://kar.kent.ac.uk/112661.
Bio:
Rodney is a PhD Student at the School of Computing and the Institute of Cyber Security for Society (iCSS), University of Kent, UK. His research interests encompass a wide range of topics including cyber security & privacy, corporate security in light of new forms of technology (e.g. cyber insurance, artificial intelligence, blockchain, and other emerging technologies like green technology), technical and psychological aspects of cybercrime, usable security, and human factors in cyber security. Outside of academia, he possesses over 10 years of industry expertise in banking and consulting, specializing in digital risk, privacy, and cyber security. His extensive experience encompasses a wide range of competencies and roles, including IT & cyber security assurance and advisory, cyber security assessments, IT audits, vulnerability assessments & penetration tests, third-party risk management, data governance & privacy, as well as business continuity & resilience services.
How to join remotely:
Meeting ID: 319 464 612 318 63
Passcode: xe9Y2A4Z