• Employees identified as key contributors to substantial cybersecurity gap in SMEs, new survey shows
  • 3 in 4 businesses don’t provide training on identifying cyber incidents, highlighting urgent need for education and expert guidance
  • Cyberattacks finding a foothold in the new era of remote work and SMEs are dangerously under-prepared


Employees are behind a widening gap in the cybersecurity of small and medium-sized enterprises (SMEs) a new survey* released today reveals, as over three-quarters of SMEs’ C-suite and senior managers admit they have no confidence their teams are operating their own devices securely.

With 54% of UK SMEs having experienced some form of cyberattack last year, it’s already well-known that staff are one of the biggest risks to a business’s cybersecurity framework. However, the new research – commissioned by Cowbell, a leading provider of cyber insurance for SMEs – goes into more depth, highlighting some of the ways that employees are unwittingly causing these risks.


Employees are not the only contributing factor to risk either, as the C-suite are also lacking cyber awareness: the survey found over three quarters of those operating at the helm of UK SMEs are unable to confidently identify a cyber incident at work, while a further 50% believe they’re unable to identify the difference between a phishing and real email.

Other key findings included:

  • 77% aren’t confident that their employees’ own devices are operating securely with their business’ systems
  • 89% are not checking with employees to ensure their devices are running the most up to date software.
  • 68% are not actively making their employees aware of the risks of using public wifis to access company devices
  • 80% of businesses do not have a policy in place to push software updates


The UK has seen a drastic change in workforce lifestyle over the past three years (as of May 2023, with 85% of employees currently working from home wanting a hybrid approach). Cowbell’s findings show that businesses are not only unwittingly exposing themselves to risk through lack of awareness of simple protective measures, but are also putting too much onus on their employees to perform safety protocols such as protecting devices, updating software and staying off unsafe networks.

Consequently, this can leave SMEs with a significantly heightened exposure to cyber risks, says Cowbell’s Simon Hughes, VP and General Manager (UK): “Business leaders have been thrown into an ever-changing and complex landscape with regards to cyber threats, alongside having to navigate new business processes associated with a rapidly transforming world of work. Many have stepped up to keep themselves as robustly protected as possible. However, team-related behaviours and gaps in knowledge highlighted in our research are leaving businesses exposed, showing the need for continual monitoring and action. If employees aren’t regularly made aware of cybersecurity risks, such as public wifi usage, businesses can find themselves wide open at every coffee shop and neighbourhood their employees work and visit.”

Cowbell’s survey also revealed 3 in 4 businesses don’t provide training on identifying cyber incidents. Catherine Aleppo, Cowbell’s UK Sales Director, says: “With reliance being increasingly placed on employees, there needs to be more focus on cyber awareness training. Business owners must give their staff the tools and education, and ensure they’re continually aware of how to protect devices and digital assets more robustly. By making training readily available, we as an industry are making an important first step to encourage businesses to adopt a cyber-smart culture, but the research shows, there’s still more work to be done.”

**  Independent survey research was carried out by Research Without Barriers between 1st September 2023 and 15th September 2023
, based on a sample of 500 SME UK C-Suite and senior managers.


About Cowbell (UK)

 Cowbell is a pioneer of Adaptive Cyber Insurance, a leader in providing small and medium-sized enterprises (SMEs) coverage adaptable to today’s and tomorrow’s threats and the advanced warning of cyber risk exposures. In its unique AI-based approach in risk selection and pricing, Cowbell’s continuous underwriting platform, powered by Cowbell Factors, compresses the insurance process from submission to issue in less than 5 minutes. Cowbell is backed by 20 prominent leading global (re)insurance partners and serves SMEs in 50 U.S. states, the District of Columbia and the United Kingdom. Founded in 2019, Cowbell is based in the San Francisco Bay Area with employees across the U.S., Canada, India, and the U.K. For more information, please visit https://cowbell.insure/.


About Cowbell Prime One

The UK-based research undertaken by Cowbell supports the company’s continued expansion into the UK and aligns with the launch of its standalone cyber insurance programme, Cowbell Prime One. Enabling best-in-class SME protection and AI-powered underwriting at speed, this new launch aims to help SMEs access education, understand vulnerabilities and complete regular audits to ensure business and team are operating securely.