The Hiscox Risk Readiness Report

Authored by Hiscox Experts.
8 min read
The Hiscox Risk Readiness Report focuses on risk trends and how attitudes to preparedness have changed in the SME landscape. So, what can we learn from these insights and the varying levels of preparedness?


Small businesses are failing to adequately prepare for potential health and safety risks, according to research by the insurer Hiscox. The poll of 1,500 small business leaders shed light on business attitudes to risk in a rapidly changing post-pandemic landscape – with surprising findings.  

Almost 1 in 3 don’t have a risk assessment policy in place, according to the research conducted by OnePoll. Furthermore, 24% are yet to introduce public liability insurance into their operations, and 25% do not prioritise health and safety. 

Such attitudes to risk leaves businesses open to potential dangers at a time when SMEs continue to lose thousands each year due to compensation pay-outs and associated claims. 

Over the past couple of decades, the number of new SMEs increased significantly. Recent government data shows the SME population has risen 59% since the start of the century [1]. Between 2000 and 2022, the number of SMEs in the UK rose by two million, from 3.4 million to 5.5 million.

Many businesses within this new generation of SMEs have been proactive when focusing on risk assessments and first aid, including the likes of hospitality and engineering firms. But the survey data suggests others may be overlooking health and safety.   

The Hiscox Risk Readiness Report focuses on risk trends and how attitudes to preparedness have changed in the SME landscape. So, what can we learn from these insights and the varying levels of preparedness?  

SMEs’ attitudes to risk assessment policies

A risk assessment policy is a document created by an employer that seeks to identify workplace risks, assess the likelihood of these happening and the circumstances in which they may arise, and take action to prevent them. These policies do not have to be overly detailed, but even basic risk analysis is important when looking to control and mitigate risks within a business.

It’s a legal requirement for most businesses to have a risk assessment policy in place [2] and protect their employees from harm. If you’re self-employed, you may not need to create a risk assessment plan. However, you are required to if you:

  • Are an employer
  • Work in a high-risk sector such as construction, agriculture or railways
  • Work with volatile materials such as gas, asbestos or genetically modified organisms
  • Carry out work which may pose a health and safety risk to others.

Despite this requirement, Hiscox uncovered that only 66% of SMEs have a risk assessment policy in place. Some 30% say they do not and, perhaps concerningly, 4% are unsure. Of those that do not currently have a risk assessment policy, only 16% plan to implement one in the next 12 months, while 64% do not.

It’s worth considering that sole traders are not required to carry out risk assessments, which may affect the data slightly. Yet, mitigating risk at any level, whether two employees or 200, or whether public-facing or not, is vital to maintain effective health and safety procedures.

Interestingly, while discussing the maintenance of health and safety, Hiscox reported that 41% of SMEs had updated their risk assessment policy in the last 12 months. Although, 21% said they had only updated it in the last 1-2 years, while 8% said it was at least 2-5 years since they last refreshed their plan.

66% of SMEs have a risk assessment policy


Risk assessments: Sector breakdown
When looked at sector by sector, it’s clear that the most risk-apparent and public-facing industries, such as engineering and hospitality, are more likely to have a risk assessment policy. Some of the industries with the highest proportion of SMEs that have these plans in place include:

  • Engineering and manufacturing (92%)
  • Hospitality and events management (84%)
  • Accountancy, banking and finance (82%)
  • Information technology (76%)
  • Healthcare (71%)

These industries are home to businesses that present a greater risk to material assets and information, in comparison to people themselves.

Interestingly, however, of the 77 property and construction businesses questioned, only 66% are said to have a risk assessment policy in place. This falls quite short in comparison to other manual, high-risk and public-facing occupations.

Other surprising findings included 40% of retail SMEs saying they did not have a risk assessment policy. 

Risk mitigation and first aid

The second major pillar that supports any healthy risk mitigation procedure is first aid access and training. Of course, being prepared to react to incidents is vital to public and employee safety. Having a first aid kit, and a dedicated person to organise first aid on-site is the minimum amount of preparation any business should have in place, according to the HSE [3].

However, only 52% of businesses provide access to first aid facilities. Furthermore, the number of SMEs that provide health and safety information falls below the 50% mark. Just 42% provide health and safety information in the form of literature, and fail to show posters and leaflets in accordance with Health and Safety Information for Employees Regulations.

Even lower is the amount that provide annual health and safety training (36%). And just 28% have a dedicated health and safety staff member in place.

Overall, out of all the following criteria:

  • Provides first aid equipment and facilities
  • Provides first aid information and literature
  • Runs annual risk assessments
  • Provides information about risk
  • Consults employees on health and safety
  • Provides annual health and safety training
  • Provides access to a health and safety staff member

16% of all businesses questioned do not have any of the above in place. 

The data suggests that there is major room for improvement across the board. Without these facilities in place, SMEs are left open to risks that put both people and profit in danger. Public liability insurance supports businesses when faced with incidents that incur compensation claims.

Fortunately, it seems there is a wider understanding of the benefits of public liability insurance. In fact, 71% of SMEs have the relevant public liability policies in place, while 24% do not. Of those who do not, however, 67% don’t plan on investing in public liability in the next 12 months.

24% of SMEs don’t have public liability insurance and 67% don’t plan to invest


Risk mitigation: Sector breakdown

Similar to the pattern observed when discussing risk assessments, it’s clear that the more public-facing businesses are the most likely to have first aid facilities in place. For example, some of the industries that ‘scored’ the highest were:

  • Hospitality and events management (75%)
  • Engineering and manufacturing (68%)
  • Property and construction (62%)
  • Transport and logistics (61%) 
  • Retail (54%)

Interestingly, note how these numbers are lower compared to those who have risk assessments in place. Though you may argue that having the facilities to treat and manage injuries is a vital part of maintaining risk mitigation, and both public and employee wellbeing.

In comparison, when looking at those who have public liability insurance in place, which protects the financial assets of a company, the numbers are significantly higher. For example:

  • Accountancy, banking and finance (85%)
  • Property and construction (83%)
  • Hospitality and events management (82%)
  • Engineering and manufacturing (80%)
  • Transport and logistics (80%)

The impact associated with risk: Injuries and cost

With almost a quarter (24%) of businesses not having public liability in place, and just under half (48%) not providing access to first aid, there seems to be both opportunity and necessity for improvement in the uptake of relevant policies and procedures. In fact, Hiscox discovered that only 31% of small and medium-sized businesses identify health and safety as their highest priority.

This seems especially relevant when compared to the fact that public-facing SMEs are particularly susceptible to repercussions and damages in the face of incidents. Some 41% of businesses across all sectors had paid over £10,000 in compensation over the past year as a result of public injuries. And 33% paid an equal amount due to property damage or loss.

Overall, SMEs lost an average of £17,185 in the last 12 months due to costs accrued as a result of public injury. Of course, the larger the business and the bigger the customer and employee pool, the higher the risk of incidents and, therefore, claims. 

Yet there is more to risk mitigation than financial loss. Even lower-risk industries, posing few obvious dangers, can inadvertently cause injury to the public and employees.  And, while having public liability insurance helps to pay for compensation, the more vital thing is ensuring the correct risk mitigation procedures are in place to prevent damage and injury.

41% of businesses have paid over £10,000 in the last 12 months over public liability injuries]


What can we learn from the latest risk data?

From the above data, we can see that the number of SMEs that have public liability insurance in place is higher than the total who are taking actions to prepare for and mitigate risk.

This may seem like contradictory behaviour for small businesses, whose priority should be preventing risk in order to maintain assets and employee health. However, there may be reasoning for it.

Looking at the 31% who say health and safety is their business’ highest priority, it could be surmised that, for many SMEs, it is a higher priority to mitigate risks after an incident has occurred. 

The first step to achieving an adequate level of protection is creating a risk assessment policy, which is recommended by the HSE. From there, ensuring the right first aid facilities, information and training are in place to protect employees and customers is vital to risk mitigation. Finally, there is also the opportunity, whatever the sector, to implement public liability insurance to provide financial support in the event of a compensation claim.

As is the nature of any enterprise, whatever the size and sector, risks are always present. Whether they be risks to physical well-being, assets or information, a business has the power and responsibility to prepare and protect.

Building your risk readiness

Building the risk readiness of your business may involve a number of moving parts. Risk assessments, first aid, and a broader health and safety strategy are among the potential issues to consider.

Insurance might have a role to play too, with public liability and employers’ liability policies capable of handling legal expenses. Different tools and eLearning courses could also increase your focus on risk management.


  1. GOV.UK, "Business population estimates for the UK and regions 2022: statistical release".
  2. HSE, "Managing risks and risk assessment at work".
  3. HSE, "First aid".
Hiscox Experts

Hiscox insures over 400,000 businesses (based on the number of policies sold in 2022), has a Defaqto five-star rating and is the proud winner of the Feefo Platinum Service award (2020-2023), rated by real customers.