KYND warns SME cyber underinsurance

KYND said on May 12 that many small and medium-sized businesses remain exposed to cyber losses because basic security weaknesses persist even as cyber insurance becomes more widely sold. The cyber risk intelligence company said its latest analysis covered 7,980 SMBs in the United States and Canada and 830 SMEs in the United Kingdom. The findings pointed to weak email defenses, outdated software and exposed internet-facing services that KYND said are commonly linked to phishing, ransomware and business email compromise. The company said insurers have an opening to use external cyber-risk data to tighten underwriting and offer more practical risk-improvement support to smaller clients. ### How large was the sample, and what did KYND say it found? KYND said its analysis covered 8,810 smaller businesses across North America and the UK. The company said the review identified “widespread weaknesses in cyber hygiene,” including poor email authentication, outdated software and exposed services connected to common cyberattack routes. North America produced the sharpest email-security gap in the release. (kynd.io) KYND said more than half of SMBs in the United States and Canada lacked basic email security protections, while nearly a third of UK SMEs showed the same weakness. Insurance Business, citing the research, put the figures at 56% for North America and 31% for the UK. ### Which controls were missing most often? The 56% figure referred to missing basic email security protections, a category that can include controls designed to reduce spoofing and phishing exposure, according to KYND’s description of poor email authentication. The company also pointed to outdated software and exposed internet-facing services as recurring issues in the sample. (insurancebusinessmag.com) KYND said those weaknesses matter because they are commonly associated with phishing, ransomware and business email compromise claims. That link was the company’s stated rationale for arguing that cyber cover should be paired with measurable improvements in risk posture rather than sold as a standalone transfer of risk. ### Why is KYND aiming this message at insurers and brokers? (kynd.io) KYND said insurers and brokers can use external cyber-risk intelligence to streamline SME underwriting and expand cyber portfolios. In its release, the company said better visibility of exposure can reduce friction across the insurance lifecycle and support stronger cyber resilience among smaller businesses. (kynd.io) Insurance Business reported that KYND framed the issue as an underinsurance opportunity for carriers. The publication said the company was urging insurers to pair cyber cover with “practical, data-led risk improvement” as claims risks grow. ### Where could this affect day-to-day security operations inside smaller companies? (kynd.io) Access controls, incident reporting and other measurable safeguards are the kinds of operational details that can move closer to underwriting discussions when insurers ask clients to show concrete controls. That is an inference from KYND’s call for measurable risk improvement, rather than a direct quote from the company. KYND’s published release itself focused on external cyber-risk intelligence, underwriting efficiency and proactive risk-management services. (insurancebusinessmag.com) For smaller businesses, that can mean insurance applications and renewals rely less on broad questionnaires and more on evidence that specific weaknesses have been fixed. KYND’s own materials describe its reports as tools to identify vulnerabilities and provide recommendations that organizations can address. ### What happens next? May 2026 is the publication point for the SMB exposure findings, and KYND said insurers should use the data to improve underwriting and broker support now. (kynd.io) The company’s release did not announce a follow-up event or filing date, but it directed readers to its published research and news pages for the full findings and related cyber-insurance updates. (siaw.us)