Cybersecurity and cyber insurance for Small to Medium-sized Enterprises (SMEs): Perceptions, challenges and decision-making dynamics

Cyber insurance is increasingly positioned as a complementary tool for managing cyber risk, yet Small to Medium-Sized Enterprises (SMEs) remain underrepresented in its adoption. This study investigates the perceptions, decision-making dynamics, and support needs of SMEs regarding cyber insurance, drawing on 38 semistructured interviews with SMEs, insurers, brokers, and other relevant stakeholders. The findings reveal that many SMEs deprioritise cyber insurance; not because they dismiss its importance outright, but due to a combination of limited awareness, concerns over cost, and a perception that its value is minimal unless required by clients or regulators. This hesitation is further shaped by several key barriers: complex policy language, a lack of trust in insurers, and unclear internal ownership of cybersecurity responsibilities. Despite these challenges, the study identifies promising strategies to boost adoption. These include simplifying policy structures, fostering trust through collaborative awareness efforts, introducing financial incentives tailored to SME budgets, and offering accessible, user-friendly tools that help businesses assess their cyber risks and insurance needs. By identifying actionable strategies and addressing both cultural and structural barriers, this study contributes to efforts to enhance cybersecurity resilience in the SME sector.