Skip to main content
Kent Academic Repository

Cybersecurity, Cyber insurance, and Small-to-Medium-sized Enterprises: A Systematic Review

Adriko, Rodney, Nurse, Jason R. C. (2024) Cybersecurity, Cyber insurance, and Small-to-Medium-sized Enterprises: A Systematic Review. Information and Computer Security, . ISSN 2056-4961. (doi:10.1108/ICS-01-2024-0025) (KAR id:105932)


Purpose: This study offers insights into the state-of-research covering cybersecurity, cyber insurance, and Small-to-Medium-sized Enterprises (SMEs). It examines benefits of insurance to an SME’s security posture, challenges faced and potential solutions, and outstanding research questions.

Design/methodology/approach: Research objectives were formulated, and the Preferred Reporting Items for Systematic Reviews and Meta-Analyses Protocol (PRISMA) was used to perform a Systematic Literature Review (SLR). Nineteen (19) papers were identified from an initial set of 451.

Findings: Our research underscores the role of cybersecurity in the value proposition of cyber insurance for SMEs. The findings highlight the benefits that cyber insurance offers SMEs including protection against cyber threats, financial assistance, and access to cybersecurity expertise. However, challenges hinder SME’s engagement with insurance, including difficulties in understanding cyber risk, lack of cybersecurity knowledge, and complex insurance policies. Researchers recommend solutions, such as risk assessment frameworks and government intervention, to increase cyber insurance uptake/value to SMEs.

Research limitations/implications: There is a need for further research in the risk assessment and cybersecurity practices of SMEs, the influence of government intervention, and the effectiveness of insurers in compensating for losses. Our findings also encourage innovation to address the unique needs of SMEs. These insights can guide future research and contribute to enhancing cyber insurance adoption.

Originality/value: This is the first SLR to comprehensively examine the intersection of cybersecurity and cyber insurance specifically in the context of SMEs.

Item Type: Article
DOI/Identification number: 10.1108/ICS-01-2024-0025
Additional information: This author accepted manuscript is deposited under a Creative Commons Attribution Non-commercial 4.0 International (CC BY-NC) licence. This means that anyone may distribute, adapt, and build upon the work for non-commercial purposes, subject to full attribution. If you wish to use this manuscript for commercial purposes, please contact
Uncontrolled keywords: Cyber Insurance; Cybersecurity, SMEs, Information Security, Risk Management, Policies
Subjects: H Social Sciences > HF Commerce > HF5351 Business
Q Science > QA Mathematics (inc Computing science)
T Technology > T Technology (General)
Divisions: Divisions > Division of Computing, Engineering and Mathematical Sciences > School of Computing
University-wide institutes > Institute of Cultural and Creative Industries
Funders: University of Kent (
Depositing User: Jason Nurse
Date Deposited: 12 May 2024 07:04 UTC
Last Modified: 24 Jun 2024 15:15 UTC
Resource URI: (The current URI for this page, for reference purposes)

University of Kent Author Information

  • Depositors only (login required):

Total unique views for this document in KAR since July 2020. For more details click on the image.