Cybersecurity, cyber insurance and small-to-medium-sized enterprises: a systematic Review

This study aims to offer insights into the state of research covering cybersecurity, cyber insurance and small- to medium-sized enterprises (SMEs). It examines benefits of insurance to an SME’s security posture, challenges faced, and potential solutions and outstanding research questions.

Research objectives were formulated, and the Preferred Reporting Items for Systematic Reviews and Meta-Analyses Protocol was used to perform a systematic literature review (SLR). A total of 19 papers were identified from an initial set of 451.

This research underscores the role of cybersecurity in the value proposition of cyber insurance for SMEs. The findings highlight the benefits that cyber insurance offers SMEs including protection against cyber threats, financial assistance and access to cybersecurity expertise. However, challenges hinder SME’s engagement with insurance, including difficulties in understanding cyber risk, lack of cybersecurity knowledge and complex insurance policies. Researchers recommend solutions, such as risk assessment frameworks and government intervention, to increase cyber insurance uptake/value to SMEs.

There is a need for further research in the risk assessment and cybersecurity practices of SMEs, the influence of government intervention and the effectiveness of insurers in compensating for losses. The findings also encourage innovation to address the unique needs of SMEs. These insights can guide future research and contribute to enhancing cyber insurance adoption.

To the best of the authors’ knowledge, this is the first SLR to comprehensively examine the intersection of cybersecurity and cyber insurance specifically in the context of SMEs.