Global SME cyber exposure revealed as insurers face growing protection gap

More than half (54.9%) of small and medium-sized businesses (SMBs) in North America lack basic email security protections, compared with nearly a third (31.7%) of UK small and medium-sized enterprises (SMEs), according to new research from cyber risk intelligence provider KYND – highlighting widespread cyber exposure among smaller businesses globally and a significant opportunity for insurers to support resilience.

The analysis, based on 7,980 SMBs across the US and Canada and 830 UK SMEs, identified widespread weaknesses in cyber hygiene, including poor email authentication, outdated software and exposed internet-facing services commonly linked to phishing, ransomware and business email compromise attacks.

KYND found:

• 54.9% of North American SMBs and 31.7% of UK SMEs have missing or invalid email authentication controls (SPF and DMARC), increasing exposure to phishing, impersonation and fraud
• 51% of North American SMBs and 55.1% of UK SMEs are running outdated software, increasing their window of exposure to cyber threats
• 10.7% of North American SMBs and 8.0% of UK SMEs have exposed file-sharing services (Server Message Block), while 9.5% of North American SMBs and 5.8% of UK SMEs have exposed remote access systems (Remote Desktop Protocol)
• 4.3% of North American SMBs and 2.7% of UK SMEs have both remote access and file-sharing services exposed simultaneously, creating multiple potential entry points for attackers.

According to KYND, these types of weaknesses are commonly exploited in real-world attacks, with ransomware and business email compromise continuing to drive a significant proportion of cyber insurance claims globally.

Despite this, cyber insurance penetration among SMEs and SMBs remains relatively low – often estimated at below 10% in many segments – highlighting a substantial gap between cyber exposure and protection.

Ben Duffy, VP and Head of North America at KYND, said the findings demonstrate both a growing risk issue and a major opportunity for insurers and brokers.

He said: “Many of these risks are externally visible and relatively easy for attackers to identify. What this research shows is that cyber exposure among SMEs and SMBs is widespread, measurable and often preventable.

“There is a clear opportunity for insurers and brokers to play a more proactive role by combining insurance cover with practical, data-led cyber risk insight. Better visibility of exposure can help improve underwriting, reduce friction across the insurance lifecycle and ultimately support stronger cyber resilience among smaller businesses.”

As the cyber insurance market continues to grow globally, KYND says improved access to external cyber risk intelligence could help insurers streamline underwriting, support brokers in expanding SME cyber portfolios and deliver more proactive risk management services to clients.

In response to the findings, KYND is encouraging insurers to:

• Use external risk signals to improve underwriting accuracy and portfolio segmentation
• Support SMBs with practical insights to reduce exposure before incidents occur
• Simplify the process of selling and renewing cyber insurance through better data
• Move towards continuous monitoring of cyber risk across insured portfolios.

Ben Duffy added: “Cyber risk is a core business risk for smaller organisations globally. By helping businesses better understand and manage that exposure, insurers have an opportunity to create value both for their clients and their own portfolios.”

For more information, please visit: www.kynd.io

Ends

Editors notes

KYND is a pioneering cyber risk analytics platform that transforms complex data into clear, actionable insight. Built for the insurance market, it supports confident decision-making across underwriting and portfolio management, with particular strength in small and medium-sized enterprise risk.

With 100% coverage of the SME sector – and visibility into any organisation with a URL – KYND enables insurers to assess risks others often miss. Its flexible, tailored product suite delivers jargon-free insights, combining intuitive tools with expert support.

Headquartered in London with offices in Portugal and the US, KYND is available in 15 languages and provides instant visibility into cyber exposure, continuous monitoring and real-time threat alerts – helping clients stay ahead of evolving threats.

Founded in 2018, KYND has been recognised in the InsurTech 100 list for four years running and scooped Cyber Product of the Year at the National Insurance Awards 2025.

For more information, please visit: https://www.kynd.io/

Follow KYND on LinkedIn: @KYNDCyber