Ben Duffy, vice president and head of North America at KYND, said small businesses exhibit widespread weaknesses in cyber hygiene, including a lack of basic email security protections, highlighting cyber exposure and a critical opportunity for insurers to support increased resiliency.
Cyber ​​risk intelligence provider KYND released research based on 7,980 small and medium-sized businesses (SMBs) in the United States and Canada and 830 small and medium-sized enterprises (SMEs) in the United Kingdom.
The study found weaknesses in cyber hygiene, including poor email authentication, outdated software and exposed internet-facing services commonly associated with phishing, ransomware and business email compromise attacks.
KYND found that more than half (54.9%) of SMBs in North America lack basic email security protection, compared with nearly a third (31.7%) of SMBs in the UK.
Meanwhile, 51% of North American SMBs and 55.1% of UK SMBs are running outdated software, increasing their risk of cyber threats.
Additionally, 10.7% of North American SMBs and 8.0% of UK SMBs exposed file sharing services (Server Message Block), while 9.5% and 5.8% respectively exposed remote access systems (Remote Desktop Protocol).
4.3% of North American SMBs and 2.7% of UK SMBs had both remote access and file sharing services exposed, creating multiple potential entry points for attackers.
Duffy noted that these weaknesses are frequently exploited in real-world attacks, with ransomware and business email breaches continuing to drive a large portion of global cyber insurance claims.
Despite this, cyber insurance penetration among SMEs and SMBs remains relatively low – often estimated at less than 10% in many sectors – highlighting the wide gap between cyber exposure and protection.
“Many risks are externally visible and relatively easy for attackers to identify,” said Ben Duffy, vice president and head of North America at KYND. “This research demonstrates that cyber exposure for SMBs and SMBs is pervasive, measurable, and often preventable.”
“There is a clear opportunity for insurers and brokers to play a more proactive role by combining insurance underwriting with practical, data-led cyber risk insights. Better visibility into risk exposures can help improve underwriting, reduce friction across the insurance lifecycle, and ultimately support greater cyber resilience for small businesses.”
KYND highlights that improved access to external cyber risk intelligence can help insurers streamline underwriting, support brokers in expanding their SME cyber portfolios, and provide more proactive risk management services to clients.
The company urges insurers to leverage external risk signals to improve underwriting accuracy and portfolio segmentation, provide small and medium-sized businesses with practical insights to reduce risk before an incident occurs, streamline the sales and renewal process of cyber insurance through better data, and continuously monitor cyber risks in insured portfolios.
Duffy added: “Cyber ​​risk is a core business risk for smaller organizations around the world. By helping businesses better understand and manage this risk, insurers have the opportunity to create value for their customers and their own portfolios.”
