For India’s small businesses, digitisation arrived much faster than preparedness.
Over the last few years, kirana stores adopted QR payments. Small manufacturers shifted to cloud accounting. Local retailers moved inventory systems online. SMEs embraced GST filings, WhatsApp commerce, UPI collections, and digital banking at unprecedented speed.
While India’s MSMEs rapidly digitised operations, one critical layer never evolved alongside them. We are talking about risk protection.
Today, millions of Indian businesses are running increasingly digital operations without cyber protection, data safeguards, or adequate insurance coverage.
And according to Santosh Sahoo, Vice President – SME Insurance at Probus Insurance Broker, that gap is becoming one of the biggest hidden vulnerabilities in India’s MSME economy.
“Less than 15% of MSMEs in India are insured,” says Sahoo. “More than 85% are still uninsured.” He talks about overall insurance, including cyber insurance.
That statistic becomes even more alarming in a business environment where threats no longer begin and end with fire, theft, or physical damage.
Now digest this.
According to the 2025 Fortinet Global Skills Gap Report, 92% of Indian organisations experienced at least one cyber breach in 2024, with nearly one-third (34%) reporting five or more.
Meanwhile, manufacturing sector saw major impact from increasing cyberattacks, notes Exposure Management Research report. According to this report, in 2025, 65% of affected Indian organisations paid ransoms, with average payouts reaching $1.35 million.
Globally, attacks on manufacturers rose 56% from 937 incidents in 2024 to 1,466 in 2025 as threat actors increasingly prioritise operational disruption and supply chain leverage over standalone data theft.
With this, a ransomware attack can now halt operations overnight. A phishing scam can drain working capital. A compromised payment system can disrupt cash flows for days. Customer data leaks can damage trust permanently.
Yet despite rising digital dependence, cyber insurance remains one of the least understood products in India’s SME ecosystem.
And that, according to Sahoo, is where the real problem begins.
MSMEs still think cyberattacks happen only to big companies
For years, cyber threats were seen as a concern primarily for banks, IT firms, or multinational corporations. Most small businesses never imagined themselves as targets.
“MSMEs still think hacking and cyberattacks happen only to big companies,” says Sahoo. “They often feel — hamare paas aisa kya data hai?”
But the cyber threat landscape has changed dramatically.
Today’s attacks are increasingly automated, opportunistic, and AI-driven. Businesses no longer need to be large to become vulnerable. In fact, smaller companies are often easier targets because they lack dedicated cybersecurity infrastructure.
From vendor databases and GST records to employee details and payment systems, even small businesses now hold valuable operational and financial data.
Cybercriminals know that. And with the evolution of Anthropic’s Claude Mythos, the vulnerability has exceeded by far.
The problem, however, is that India’s MSME ecosystem still largely associates insurance with physical damage.
“The mindset is still around fire insurance or burglary insurance,” says Sahoo. “Businesses are not evaluating the newer risks that can disrupt them.”
That gap between modern risk and traditional thinking is emerging as one of the insurance industry’s biggest challenges.
India’s cyber insurance problem isn’t product Availability. It’s Comprehension.
Unlike traditional insurance categories, cyber insurance is highly technical.
Policies often involve conversations around ransomware liabilities, endpoint security, data breaches, network vulnerabilities, firewall protocols, cloud systems, backup structures, and digital access controls.
For small businesses already struggling with operational challenges, this language feels intimidating.
“It is a very technical product,” says Sahoo. “And if the intermediary itself doesn’t understand the product properly, how will the customer understand it?”
That statement reflects a larger structural issue inside India’s insurance ecosystem.
The country has lakhs of insurance agents and thousands of intermediaries, but cyber insurance expertise remains concentrated within a relatively small pool of specialists.
As a result, awareness remains weak at the grassroots level.
According to a research paper published by IRE Journal, mature markets like the US and Europe have cyber insurance penetration rates of 40-60% among SMEs, while in India, this remains below 5%.
According to Sahoo, even insurers themselves have not pushed cyber insurance aggressively enough.
“Insurance companies have designed the product, but awareness creation is still missing,” he says.
At Probus, the company has started creating educational videos, one-page explainers, awareness campaigns, and simplified communication material around cyber insurance for SMEs.
But Sahoo believes the industry needs to fundamentally rethink how insurance products are communicated.
“The language itself has to become simpler,” he says. “The way products are explained needs to change.”
India’s MSMEs are buying insurance without understanding risk
One of the biggest insights from Sahoo’s assessment of the sector is that India’s insurance problem is not only underinsurance — it is also “misinsurance.”
Businesses are often purchasing policies without fully understanding what exactly needs protection.
A shop owner may insure inventory because the bank financing the stock requires it. A manufacturer may insure machinery because it is mandatory for funding.
But what about business interruption if operations stop for three weeks? What about trade credit defaults? What about customer liability? What about cyber fraud?
“These are all real risks,” says Sahoo. “But businesses usually buy insurance only for one component because that is what they understand.”
That creates dangerous gaps.
And when claims eventually arise, the consequences become painful.
According to Sahoo, many MSMEs discover exclusions, deductibles, and underinsurance clauses only at the time of claim settlement.
“The customer later feels cheated,” he says. “But the actual issue is often that the business never understood the policy correctly.”
He recalls seeing policies where deductibles alone could severely hurt smaller enterprises.
“For a large company, a high deductible may not matter. But for a small business, it can destroy cash flows,” he says.
This trust deficit is one of the biggest reasons insurance penetration remains low despite growing awareness.
Why simplification could become industry’s biggest growth opportunity
Sahoo believes one of the insurance industry’s biggest mistakes has been trying to sell corporate-style products to small businesses.
“The products are still designed largely for corporates,” he says.
That approach, according to him, ignores how MSMEs actually operate.
Unlike large enterprises with legal teams and risk consultants, small businesses often rely on instinct, relationships, and basic operational understanding.
Complicated jargon-heavy policies with multiple exclusions simply do not work in that environment.
Instead, Sahoo argues the industry needs highly simplified, bundled, and contextual insurance products tailored specifically for SMEs.
A single package product, he says, could ideally include:
- Property insurance
- Business interruption cover
- Cyber insurance
- Trade credit protection
- Employee benefit policies
- Liability coverage
“All these risks exist together in a business,” he says. “But MSMEs are expected to understand and buy multiple technical products separately.”
That fragmentation is slowing adoption.
He believes simplification — not merely digitisation — will ultimately determine whether India can meaningfully expand insurance penetration.
Can technology fix India’s Insurance Trust Problem?
The Indian government’s broader “Insurance for All” vision and initiatives like Bima Sugam aim to increase digital access and simplify insurance buying.
Meanwhile, the move toward 100% FDI in insurance is expected to bring fresh capital, global underwriting expertise, AI-based risk systems, and digital claims infrastructure into the sector.
Sahoo believes technology can significantly improve customer trust — especially through faster claims settlement.
“Some insurers are already settling certain claims within hours using AI-led systems,” he says.
Digital processing, automated underwriting, and quicker approvals could make insurance feel more transparent and reliable for customers.
But despite the digitisation push, Sahoo does not believe insurance can become entirely self-service.
“Insurance is not like ordering something online,” he says.
Complex products still require guidance.
Most MSMEs do not fully understand occupancy classifications, policy exclusions, claim structures, or risk assessment.
As a result, he believes advisors and intermediaries will continue to play a crucial role even in a digital-first ecosystem.
“People still need assistance to understand what exactly they are buying,” he says.
Real challenge is cultural
At its core, India’s insurance gap may be less about products and more about mindset.
“People still don’t see insurance as essential,” says Sahoo.
For decades, insurance in India has largely been viewed either as compliance or as an investment-linked savings instrument.
Risk protection — especially for businesses — has rarely entered mainstream entrepreneurial thinking.
But in an economy becoming increasingly digital, interconnected, and vulnerable to operational disruptions, that mindset may no longer be sustainable.
India’s MSMEs are digitising rapidly.
The risks are evolving even faster.
But unless awareness, product simplification, and trust improve together, millions of small businesses may continue operating one cyberattack away from financial distress.
And by the time many realise the importance of cyber protection, the damage may already be done.
