Closing the Gap Between Cyber Risk Perception & Reality
👋 Welcome back to the Cyber Savvy Newsletter. Every month, we use this space to explore new and relevant topics in the world of cyber insurance.
Cyber threats are growing, and even small businesses know it.
In Coalition’s new Small Business Cybersecurity Study, 87% of respondents said they are very or somewhat concerned about cyber threats impacting their business in the next 12 months. With attackers increasingly targeting organizations of all sizes, it’s a valid concern.
However, even though small businesses recognize that the digital threat landscape is worsening, many still aren’t taking meaningful steps to protect themselves — and that dissonance is putting them at serious financial and operational risk.
Let’s break down what the findings revealed and how Coalition is using innovative cyber insurance coverage and strategic security solutions to close the gap between cyber risk perception and reality.
Motivating small businesses to take action
The numbers tell an interesting story: 79% of small businesses reported experiencing at least one cyber incident in the past five years, yet 64% of these same businesses believe they’re too small to be an attractive target for cyber criminals.
This is one of the most persistent misconceptions in cybersecurity, as businesses with less than $25 million in revenue represented 64% of all Coalition cyber insurance claims in 2024.
Small businesses often assume that attackers only go after large enterprises with deep pockets. In reality, many attackers actively target smaller organizations because they’re typically less protected and easier to exploit. Ransomware gangs, phishing scammers, and credential thieves increasingly rely on volume, hitting numerous businesses to increase their payday.
“While they may be aware of cyber threats, small businesses need a healthy nudge in the right direction,” said John Coletti, Head of Cyber Underwriting at Coalition. “Cyber insurance has the power to provide that motivation and reward security-conscious policyholders. Coalition customers that focus on security will have that investment rewarded with favorable policy terms and conditions."
As part of Coalition’s Active Cyber Policy, businesses are incentivized to take meaningful actions that demonstrate they’re proactively thinking about cybersecurity, such as resolving critical vulnerabilities within 30 days of notification. With Vanishing Retention, an industry-first coverage, eligible policyholders automatically receive a reduced retention on their policy coverage for every claim-free year.
Active Insurance is built on a simple-yet-powerful premise that proactive security measures significantly reduce both the frequency and severity of attacks. Our approach to cyber risk extends well beyond risk transfer and covered losses: Coalition aims to drive action to reduce policyholder risk before incidents happen.
Adopting high-impact, low-cost security solutions
The stark disconnect between cyber risk perception and reality is further reflected in how small businesses allocate their time and money. According to the Study:
59% spend 10 hours or less per week on cybersecurity activities
74% allocate 10% or less of their annual budget to cybersecurity
And perhaps most concerning, 59% feel that’s the “right amount” of investment
With limited internal IT resources and cybersecurity expertise, it’s easy for small business leaders to deprioritize proactive security measures, especially when competing against other operational demands of running a business. But without adequate protection in place, they’re leaving themselves exposed.
“Buying every shiny new security product isn’t realistic for smaller organizations, but simply installing antivirus software and trusting employees to have strong passwords isn’t enough to protect against modern threats,” said Joe Toomey, Head of Security Engineering at Coalition. “Small businesses should focus on internal security hygiene, and financial investments should center on strategic adoption of tools and services that deliver maximum return on investment.”
No security product is going to eliminate all risk, but adopting certain high-impact, low-cost solutions can help small businesses proactively address cyber risk:
Multi-factor authentication (MFA) delivers reliable security with minimal-to-no budget impact. MFA is an access control that relies on three-step verification: something you know (password or PIN), something you have (device or one-time code), and something you are (fingerprint or facial recognition).
Security awareness training helps ensure that employees, often the weakest link in a business’ security defenses, become a reliable first line of defense against phishing and social engineering attacks. The best training programs use live phishing simulations, engaging content, and real-life stories to transform employees from a potential weakness into a strong cyber defense asset.
Managed detection and response (MDR) is a security service that combines advanced threat detection technology with human security experts responding in real-time. Delivering 24/7/365 monitoring and remediation, MDR removes the operational burden of security management, providing expert-level protection without straining internal resources.
Historically, small businesses have needed to navigate cyber insurance and security solutions separately, creating protection gaps, misaligned incentives, and missed opportunities. Coalition’s integrated cyber protection model changes that, combining Active Insurance with purpose-built security tools informed by real-world claims data.
Modern cyber threats demand smarter and more strategic defenses. Adopting security solutions like security awareness training and MDR comes with unique benefits to Coalition policyholders, including enhanced funds transfer fraud (FTF) coverage and premium credits, respectively.*
Closing the gap between cyber risk perception & reality
Cyber risk isn’t just a problem for large enterprises; it’s an everyday threat for businesses of all sizes. Unfortunately, many small businesses are still struggling to recognize the actual financial impact of cyber threats and how they can reduce potential losses.
The gap between cyber risk perception and reality is one of the most persistent and perilous challenges in today’s digital landscape. As part of our commitment to protecting the unprotected, Coalition aims to close this gap by making cyber risk visible, understandable, and actionable for small businesses that too often feel overwhelmed or under-resourced.
Confronting these realities requires more than fear-based headlines. It takes clear, data-driven insights about which threats small businesses are actually facing, and tangible, achievable steps they can take to protect themselves. Through Active Insurance, real-time alerts, and integrated security solutions informed by claims data, we’re working to help businesses recognize where they’re vulnerable and why it matters.
But motivation alone isn’t enough. Small businesses need accessible, affordable, and effective security solutions built for their realities. Eliminating barriers to adoption and rewarding proactive security measures with enhanced coverage and favorable policy terms is a smarter, more supportive way to help businesses stay ahead of evolving threats.
Cyber risk isn’t going away. But with the right insurance provider, small businesses don’t have to face it alone.
Coalition’s SMB Cyber Survival Guide highlights 7 essential actions every small business should prioritize to build resilience against evolving threats.
Thanks for reading the Cyber Savvy Newsletter. Join us for future editions as we continue to explore the most up-to-date and noteworthy topics in the cyber insurance industry. Click the Subscribe button to receive the Cyber Savvy Newsletter directly in your inbox.
*Eligibility for policy benefits is determined during the quote or renewal process and is based on underwriting factors, including risk profile. Exclusions and limitations apply; see Terms of Service. Customers with MDR other than Coalition Security’s MDR may be eligible for a premium credit; contact MDRsales@coalitioninc.com for more information.
Coalition Insurance Solutions, Inc., an affiliate of Coalition, Inc., a leading cyber insurance insurance provider in the U.S, is a licensed insurance producer and surplus lines broker (Cal. license # 0L76155), acting on behalf of a number of unaffiliated insurance companies, and on an admitted basis through Coalition Insurance Company a licensed insurance underwriter (NAIC # 29530). Coalition Incident Response, Inc. dba Coalition Security, an affiliate of Coalition Inc., provides security products and services globally. Coalition Security does not provide insurance products. Products and services may not be available in all countries and jurisdictions and insurance coverage is subject to underwriting requirements and actual policy language. Non-insurance products and services may be provided by independent third parties. See licenses and disclaimers.
Coalition is the marketing name for the global operations of affiliates of Coalition, Inc.
This communication is designed to provide general information on the topic presented and is not intended to construe or the rendering of legal or other professional services of any kind. If legal or other professional advice is required, the services of a professional should be sought. The statements contained herein are not a proposal of insurance but are for informational purposes only. Insurance coverage is subject to and governed by the terms and conditions of the policy issued. Coalition makes no representations regarding coverages, exclusions or limitations in any products offered on behalf of any insurer. Neither Coalition nor any of its employees make any warranty of any kind, express or implied, or assume any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, product or process disclosed. This communication may include links to other third-party websites. These links are provided as a convenience only. Coalition does not endorse, have control over nor assumes responsibility or liability for the content, privacy policy or practices of any such third-party websites.Any action you take upon the information contained herein is strictly at your own risk. Coalition will not be liable for any losses and damages in connection with your use or reliance upon the information.
Copyright © 2025. All rights reserved. Coalition and the Coalition logo are trademarks of Coalition, Inc.