What is cyber insurance?
Cyber insurance is a form of specialist insurance which covers the financial impact of a cyber incident. Typical cyber attacks include data breaches, ransomware, and phishing campaigns. A well-structured policy protects businesses against the loss of revenue, costs of recovery and crisis response.
Why UK businesses need cyber insurance
- 27% of UK businesses were hit by a cyber attack in the past year, up from 16% the year before (RICS, reported by The Guardian).
- 50% of organisations in the UK and Ireland still have no cyber insurance in place (Arctic Wolf), leaving them exposed to the full cost of recovery.
- The ICO fined 23andMe £2.31m for failings in breach reporting and supplier oversight.
- The UK government is moving to ban ransomware payments for public sector and critical infrastructure organisations, with private firms likely to face tighter notification rules. This move would force businesses to face the full consequences of a ransomware attack without the option to pay to restore.
For UK businesses, one breach can be monumental. Cyber insurance provides the financial safety net and specialist support needed to survive an attack.
Types of cyber insurance providers:
Brokers:
A broker acts as an intermediary between the business and the insurer. It’s the broker’s job to understand your business, match your risk to the right insurers, and negotiate fair pricing and terms. The best brokers combine insurance expertise with cyber knowledge, so they can identify weak wording and secure policies that actually respond when an incident occurs.
Insurers:
The insurer (underwriter) is the entity which carries the risk. They set the policy wording, exclusions, limits, and pay the claims in the event of a cyber incident.
FAQs
Is cyber insurance mandatory?
No. Cyber insurance isn’t a legal requirement in the UK, but many industries face contractual obligations. Law firms, accounting firms, consultancies, SaaS providers, and IT-managed service companies often require coverage to handle client data. Large critical infrastructure organisations also pass down requirements to suppliers, meaning vendors must show proof of insurance.
How much does it cost?
There is no fixed price. Premiums depend on your turnover, sector, data quantity and sensitivity, and the cyber controls you have in place. For mid-sized UK firms, annual premiums can range from tens of thousands to six figures, and a broker will help negotiate fair terms so that you’re not overpaying for gaps in cover.