More than half of small and medium-sized businesses in North America are operating without basic email security protections, according to new research from cyber risk intelligence provider KYND.
The study found that 54.9% of North American SMBs lack proper email authentication controls, compared with 31.7% of SMEs in the UK, leaving businesses vulnerable to phishing, impersonation and fraud.
The results, which were based upon 7,980 SMBs across the US and Canada and 830 UK SMEs, highlighted widespread cyber exposure and a growing opportunity for insurers to strengthen resilience among smaller firms.
The study found that 54.9% of North American SMBs lack proper email authentication controls, compared with 31.7% of SMEs in the UK, leaving businesses vulnerable to phishing, impersonation and fraud. The analysis was based on 7,980 SMBs across the US and Canada and 830 UK SMEs.
KYND also identified broader weaknesses in cyber hygiene. More than half of SMBs and SMEs are running outdated software, while exposed file-sharing and remote access systems remain common across both regions.
In North America, 10.7% of SMBs have exposed file-sharing services and 9.5% have exposed remote access systems. In the UK, the figures stand at 8% and 5.8% respectively.
A smaller but significant share of businesses, 4.3% in North America and 2.7% in the UK, have both types of systems exposed simultaneously, creating multiple entry points for cyber attackers.
KYND said these vulnerabilities are frequently exploited in ransomware and business email compromise attacks, which continue to drive a significant proportion of cyber insurance claims globally.
Despite this risk landscape, cyber insurance penetration among SMBs remains low, often estimated at below 10% in many segments. KYND said this gap between exposure and protection presents a major challenge for the insurance market, but also an opportunity to improve risk awareness and coverage uptake.
Ben Duffy, vice president and head of North America at KYND, said the findings highlight both the scale of the problem and the potential role of insurers.
“Many of these risks are externally visible and relatively easy for attackers to identify. What this research shows is that cyber exposure among SMBs is widespread, measurable, and often preventable,” Duffy said.
“There is a clear opportunity for insurers and brokers to play a more proactive role by combining insurance coverage with practical, data-led cyber risk insight. Better visibility of exposure can help improve underwriting, reduce friction across the insurance lifecycle, and ultimately support stronger cyber resilience among smaller businesses.”
KYND said improved access to external cyber risk intelligence could help insurers streamline underwriting, strengthen portfolio segmentation and support more proactive risk management services. The firm is also encouraging insurers to use external risk signals, support businesses with preventative insights and move towards continuous monitoring of cyber exposure across insured portfolios.
“Cyber risk is a core business risk for smaller organisations globally,” Duffy added. “By helping businesses better understand and manage that exposure, insurers have an opportunity to create value both for their clients and their own portfolios.”
Keep up with all the latest FinTech news here
Copyright © 2026 FinTech Global
