Top five biggest threats facing SMEs

Posted on: 26 July 2018


Data breaches and cyber security are rarely out of the headlines. The focusis generally on large companies, but SMEs are also at risk.

Most SMEs are exposed to some level of data risk, so it is encouraging to see this is recognised as the number one threat so that mitigation steps can be taken.

For many SMEs, especially those without a dedicated IT function, complying with legislation can seem impossible. Take the new General Data Protection Regulation (GDPR) as an example. When asked earlier in 2018 before the new regulations came into force, 49% of SMEs said they were not fully aware of the implications of GDPR.

Regulations – and the threat of hefty fines– can seem particularly daunting but there are some simple steps to protecting data.

As a starting point, all businesses should ask themselves what they use the data for, what data they hold and what permissions they have to use it. This understanding, alongside securing and encrypting any data they hold, will help to ensure compliance.

Insurance is available to cover replacement of data and some fines. However, one of the most important ways an insurer or broker can help is the provision of expert risk advice.

  • A data breach or cyber-attack can happen to any company, regardless of size.
  • Visit the Information Commissioner’s Office website for bitesize guides to GDPR.
  • Explore the need for cyber cover with an insurance broker.
  • Seek expert risk advice from an insurance broker or insurance company.
^ Back to top


With less than a year to go before the UK is scheduled to leave the EU, there’s still plenty of uncertainty about how this will affect UK businesses.

Uncertainty is unsettling for any business. While it’s impossible to plan for all potential outcomes, the only certainty this brings is that some of this planning will have been a waste of time. Instead, given all the uncertainty, it is probably more prudent to maintain a watching brief.

Industry bodies and organisations will help an SME keep abreast of how Brexit might impact on their business.

Linking with industry bodies and organisations will help an SME keep abreast of how Brexit might affect their business. The insurance industry is also a source of information as it has close links with government officials.

Monitoring what is being said in the media is another way of keeping a watchful eye on how the negotiations are progressing. Journalists have access to a range of expert opinion which can be helpful in understanding the commercial implications.

  • The UK is scheduled to leave the EU at 11pm on 29 March 2019, with the transition period lasting until 31 December 2020.
  • Given the uncertainty, stay close to industry bodies and associations to monitor the changes.
^ Back to top

Theft and malicious damage

Cyber might be the number one threat to SMEs, but old-fashioned theft is still a major concern. This isn’t surprising because having a vehicle or a key piece of equipment stolen can be a significant setback to an SME. Risk management advice is key to reducing the chances of this happening.

There is no ‘one size fits all’ rule when it comes to security protection measures. Premises need to have their risk level and weaknesses assessed in order to take actions that deter, or at least slow down, thieves and arsonists. It is important that security does not compromise fire safety arrangements.

The types of goods and equipment that are sold, used, produced or stored make a big difference to the level of risk. Businesses should never underestimate how attractive their goods are to thieves. Take the theft of tools as an example. A simple measure such as keeping them in cages in a locked van is a good deterrent.

Often there is no ‘silver bullet’ solution. Instead, a range of layered protective measures are normally best. For example, physical security such as locks, bars, shutter, and electronic protection through intruder alarms or CCTV.

If despite risk prevention measures items are stolen or damaged, it will make the claim easier if the items are security marked and there is a log of the make and serial number.

  • Consider whether adequate security measures are in place to prevent theft.
  • Speak to an insurance broker about risk management strategies.
  • Insurers can provide advice on the latest theft trends and how to protect your premises and equipment.
^ Back to top


The threat of a competitor investing in new technology that enables them to do business faster or cheaper can affect SMEs in any sector.

Keeping track of the competition is key to dealing with this threat. For example, if anSME has knowledge that a rival business has invested in new technology, they will have anopportunity to respond.

This may mean investing in similar technology but it could also mean adjusting the existing business model to ensure there is an alternative key differentiator.

It’s also worth being aware of the risks when it comes to technology. By understanding what new technologies are in the pipeline and the benefits they might bring, an SME can appreciate how they might affect their place in the market.

Knowing a rival has invested in the latest piece of technology can enable an SME to respond.

Likewise, if an SME decides to invest in new technology, it’s also important to consider the insurance and risk management implications.

  • Tracking their competitors will ensure an SME can respond if they invest in new technology.
  • Keep abreast of new technologies that might affect the market.
  • Be aware of other business differentiators that can help an SME stand out from the competition.
^ Back to top

Business interruption

Whether caused by a fire, flood or a terror attack, an event that interrupts an SME’s ability to trade will negatively impact turnover and if prolonged, could spell the end of the business altogether.

Having an effective business continuity plan can make all the difference when it comes to responding to an unforeseen event.

Business interruption insurance can replace lost income and cover increased costs of working while the business is getting back to normal. Underinsurance is a risk, so it’s important to get the right level of cover. Often an SME will take out a policy with a 12-month indemnity period but this can be insufficient where the premises have burnt down and need rebuilding. A longer indemnity period such as 24 or 36 months may be more appropriate.

It’s also important to consider the sum insured. For a start-up or a growing business, it may be worth including future growth in the sum insured. Similarly, a seasonal business may want to think about how the timing of an interruption could affect the sum insured. For instance, an SME involved with retail could find it misses two peak sales periods if a 12-month business interruption starts in November.

  • A business continuity plan can help an SME recover more quickly following a loss.
  • Consider how long the business might be affected in the event of a fire.
  • Understand the different types of policies and how they can protect a business.
^ Back to top