Hiscox Cyber Readiness Report 2025

As cyber threats continues to evolve, the 2025 Hiscox Cyber Readiness Report reveals just how much the risk landscape has changed for small businesses over the last year. This is the ninth year of our report, which draws on insights from almost 6,000 small businesses across seven countries, and this year’s report highlights the real impact of cyber attacks, from financial penalties to operational disruption and employee burnout.

Key data

• 59% of SMEs said they experienced a cyber-attack in the last 12 months.

• A third (33%) were hit with a substantial fine following an attack. 27% experienced a ransomware attack and 80% of those paid a ransom*.

• Almost three-quarters (71%) believe companies should be required to disclose if they pay a ransom, and how much they paid.

• Over half (57%) said they had experienced a cyber-attack due to Artificial Intelligence (AI) vulnerabilities.

• Despite this, two-thirds (65%) still view AI more as an opportunity than a threat to their business.

Eddie Lamb, Global Head of Cyber at Hiscox, introduces Hiscox’s Cyber Readiness Report 2025. 

"Cyber criminals are now much more focused on stealing sensitive business data. Once stolen, they demand payment to avoid public exposure, pricing threats based on reputational damage.This change has exposed gaps in some companies’ data loss prevention controls, which attackers are readily exploiting.” 

For more interesting discussions about cyber security and SMEs, visit our Instagram page or YouTube channel below!