Cyber insurance protects UK businesses from the financial impact of cyber attacks and data breaches, covering incident response, forensic investigation, data recovery, business interruption, ransomware events and third-party claims so you can get back up and running quickly when your systems are hit.
0
min read
Cyber insurance, also known as cyber liability insurance or cyber security insurance, protects your business when digital incidents cause financial loss, operational disruption or legal liability. It covers incident response, forensic investigation, data restoration, business interruption, ransomware support, regulatory defence and third-party claims linked to data breaches or system failures.
Cyber risks continue to rise across the UK. Insurers paid £197 million in cyber insurance claims in 2024, a 230% increase on the previous year’s £59 million in payouts. Malware and ransomware accounted for 51% of all 2024 claims.
The UK Home Office’s Cyber Security Breaches Survey 2024 reported that 22% of all UK businesses experienced a cyber security breach or attack over the previous 12-month period. This includes 19% of micro businesses, 29% of small, 45% of medium-sized and 58% of large. In the report, the Home Office also estimates that British businesses were victims of 7.78 million cyber crimes, with an average estimated cost of £1,120 – although this figure may rise substantially for medium-sized and large businesses.
With cyber risk now such an unfortunately common threat to businesses of all sizes, cyber insurance has become a crucial part of modern risk management. This guide explains what cyber insurance covers, who needs it, typical costs, common exclusions, and how to choose the right policy to ensure you secure the best possible terms.
Here is a snapshot of what cyber insurance provides and the key conditions to understand.
Cyber insurance can cover incident response, forensic investigation, data restoration and business interruption, as well as third-party claims arising from cyber incidents. Exact cover depends on the policy wording.
Many insurers provide access to round-the-clock incident response support through approved forensic, legal, PR and notification specialists, although the level of support varies by provider.
Cyber insurance is not required by UK law. However, some clients and suppliers request evidence of cover before sharing data or awarding contracts.
Premiums for small and medium businesses can range from £350 to £5,000 per year, while micro businesses with minimal data risk sometimes start from around £175. Although, 59% of SMEs report an average cost of £11,500 per year, with a focus on business interruption and crisis management.
Prices vary depending on turnover, sector risk, data volumes, security controls and any previous incidents.
Most cyber policies include ransomware-related cover, such as negotiation support, data recovery and business interruption. Any ransom payment is subject to strict legal checks, financial crime controls and insurer approval.
Many policies include cover for lost income and extra costs when your systems, or in some cases your suppliers’ systems, are disrupted by a cyber incident.
Policies often include legal representation during ICO investigations. Some insurers may also cover GDPR fines where UK law permits insurance for them, which is assessed case by case.
Insurers usually require certain controls, such as multi-factor authentication, regular patching, endpoint protection and secure backups. Requirements vary across the market.
Cyber policies almost always require prompt reporting of suspected incidents, and late notification may impact claims.
With appropriate cyber insurance in place, your business gains financial protection and access to specialist support when cyber incidents occur.
Cyber insurance helps protect your business from the financial impact of cyber incidents such as data breaches, ransomware, business email compromise, system failures and accidental data loss. Policies generally include first-party cover for your own costs and third-party cover for claims made against you.
Many UK insurers provide access to incident response specialists through 24/7 hotlines. When an incident occurs, the insurer may coordinate forensic investigators, legal advisors, PR specialists and breach notification providers. Most policies include notification requirements, sub-limits for specific risks, excesses and, in some cases, waiting periods before certain cover applies.
A typical claim process often includes the following steps.
If an incident creates urgent recovery costs before your claim is settled, iwoca can help bridge short-term cash flow gaps. You can borrow what you need, repay early with no fees, and only pay interest for the time you use the funds.
Cyber insurance is relevant for businesses and other types of organisations, such as non-governmental organisations (NGOs), that rely on digital systems, handle personal or sensitive data, process payments or use email for invoicing. It’s especially valuable for organisations without dedicated in-house security teams, as these often have fewer resources to respond effectively to cyber incidents.
Businesses that store or process personal data also face legal obligations under UK data protection law. Cyber insurance can provide support with breach response, regulatory engagement and third-party claims arising from data exposures.
Common types of UK businesses that benefit from cyber insurance include the following.
SMEs and micro businesses
Smaller organisations are frequent targets for cyber criminals due to limited security resources. Incidents such as phishing, invoice fraud and ransomware can create significant operational disruption.
Online retailers and businesses processing payments
Any organisation handling customer transactions, payment data or order information faces increased exposure to cyber risks and potential third-party claims.
Professional services and firms storing client data
Legal, financial, accountancy, consultancy and other service-based businesses often hold confidential client information that must be protected.
Businesses reliant on cloud software or digital operations
Companies whose day-to-day operations depend on software-as-a-service tools, remote access, cloud storage and/or digital workflows can be significantly affected by system outages or data loss.
Organisations with contractual or supply chain obligations
Some clients, suppliers and partners require cyber insurance as part of their onboarding or procurement processes, particularly when data sharing or system access is involved.
Cyber insurance, as a result, plays an important role in supporting business resilience, especially for organisations that depend on digital systems or handle sensitive information.
Cyber insurance typically provides wider protection than data insurance. Cyber policies in the UK usually include first-party cover for your own costs and third-party cover for claims made against you following a cyber incident. This may include incident response, forensic investigation, data restoration, business interruption, ransomware support and liability arising from system failures or security breaches.
Data insurance, also known as privacy liability insurance, focuses more specifically on legal, regulatory and third-party claims linked to the loss or misuse of personal data. It is narrower in scope and is primarily concerned with the consequences of a data breach rather than the broader operational and financial impacts of a cyber incident.
Many modern cyber insurance policies incorporate comprehensive data breach cover within their standard wording. As a result, separate data insurance is less common, although some businesses with specific regulatory or contractual requirements may still choose to purchase it.
Cyber insurance offers a wide range of protections, but cover varies between insurers. Understanding what is commonly included, and the conditions attached, helps ensure there are no surprises when making a claim.
Common cyber insurance inclusions
Cyber policies typically provide cover for the following nine areas.
1. Incident response and forensic investigation
Support to contain the incident, analyse what happened and prevent further damage.
2. Data restoration
Assistance with recovering or reconstructing data that has been corrupted, encrypted, deleted or lost following a cyber event.
3. Business interruption
Cover for lost income and additional costs when your operations are disrupted by a cyber incident. Some policies may also include cover for outages affecting key suppliers, depending on the wording.
4. Ransomware and cyber extortion
Support with managing extortion demands, restoring systems and handling the operational impact. Any ransom payment is subject to strict legal checks, financial crime controls and insurer approval.
5. Fraud and social engineering
Some policies include cover for losses arising from business email compromise or fraudulent instructions, although this is often subject to lower sub-limits and specific conditions.
6. Notification and credit monitoring costs
Cover for the costs of notifying affected individuals when personal data is compromised, along with credit or identity monitoring where required.
7. PR and crisis management
Access to specialist communications support to help manage reputational impact.
8. Regulatory defence and insurable fines
Legal representation during investigations by regulators such as the Information Commissioner’s Office. Some policies may also cover certain fines where UK law permits insurance for those penalties.
9. Third-party liability
Cover for claims made by customers, suppliers or partners if they suffer loss arising from a cyber incident affecting your business.
Together, these areas of cover help businesses manage the financial and operational impact of a wide range of cyber incidents.
Cyber insurance doesn’t cover every scenario. Typical exclusions or limitations include the following six areas.
1. Pre-existing issues
Incidents or vulnerabilities known before the policy began aren’t usually covered.
2. Failure to maintain basic security controls
Many policies require minimum controls such as multi-factor authentication, regular patching, secure backups and privilege management. Claims may be affected if these controls are not in place.
3. Unlawful or deliberate acts
Losses arising from criminal, dishonest, intentional acts or wilful violations of laws or regulations are excluded.
4. Contractual penalties
Contractual liabilities that go beyond negligence are often not covered.
5. War, terrorism and critical infrastructure events
Many policies contain exclusions or specific conditions for incidents linked to war, large-scale infrastructure failures or state-sponsored activity, unless explicitly included.
6. Waiting periods and sub-limits
Some sections of cover only apply after a defined waiting period or are subject to lower limits.
Because wordings differ across insurers, it’s important to check your policy carefully and ensure that required security measures are in place before cover begins.
Understanding these exclusions and requirements ensures you know exactly when your policy will respond and where additional safeguards may be needed.
Most cyber insurance policies include some level of cover for ransomware incidents. This may include support with managing the incident, restoring systems and addressing business interruption losses. Any decision to reimburse ransom-related costs is subject to strict legal checks, financial crime controls and insurer approval, and is usually limited by specific sub-limits.
Insurers also assess the security measures you have in place before agreeing to provide ransomware cover. They commonly require controls such as multi-factor authentication and secure backups. Some insurers may reduce or restrict cover if these measures are not in place.
As approaches to ransomware vary across the UK market, the availability and extent of cover depend on the insurer and the wording of the policy. Businesses should check their policy terms carefully to understand what is and isn’t covered in a ransomware scenario. Two high-profile examples of ransomware attacks in 2025 are Marks and Spencer and the Co-op supermarket, with ransomware attacks costing, respectively, £300 million and £120 million.
Cyber insurance pricing varies across the UK and depends on factors such as turnover, sector risk, record volumes, security controls and previous incidents. There is no standard market rate, but broker data and government research provide useful indicators.
A UK government-commissioned study, Insuring Resilience: Adoption of Cyber Insurance by UK small and medium sized enterprises, found that 59% of SMEs reported an average annual premium of around £11,500, with many seeking broader cover that included business interruption and crisis management support.
For smaller organisations, broker data shows that premiums for small and medium businesses can range from £350 to £5,000 per year, while micro businesses with minimal data exposure sometimes start from around £175.
Several factors commonly influence UK cyber insurance premiums, including the following six areas.
1. Revenue and employee count
Higher turnover and larger workforces generally increase exposure and premium levels.
2. Sector risk
Industries such as healthcare, financial services and retail tend to face higher costs due to the type and sensitivity of the data they manage.
3. Record count
Premiums often rise at certain data-volume thresholds, particularly where businesses store significant personal or sensitive records.
4. Past incidents
A history of cyber incidents or claims can increase premiums for several years.
5. Security controls
Measures such as multi-factor authentication, endpoint detection and response, secure backups and email filtering can reduce premiums and improve policy terms.
6. Coverage limits and sub-limits
Higher limits, broader cover extensions and reduced deductibles directly increase the cost of a policy.
Premiums vary based on risk appetite, required limits and the scope of cover. Higher deductibles (excesses) can reduce premiums, while stronger security controls often lead to more favourable pricing and access to higher limits. Annual payments are usually cheaper than instalments.
If paying annually creates cash flow pressure, iwoca can help cover the lump sum while preserving your working capital. You can apply in minutes and receive a decision within 24 hours, borrow for one to five years, and repay early without any extra fees.
Selecting the right cyber insurance policy involves matching the cover to your organisation’s specific risks and contractual requirements. Policies vary widely across the UK market, so it’s important to review the wording carefully.
Consider how your business operates and the types of incidents that would cause the greatest disruption.
Key questions include if you:
When reviewing cyber insurance policies, it’s important to check the following areas.
Business interruption cover
Look at how losses are calculated, if supplier outages are included or require an extension and whether any waiting periods apply.
Social engineering and funds transfer fraud
These often carry lower sub-limits, so check the level of protection and any conditions attached.
Regulatory defence and data breach costs
Confirm whether the policy includes legal representation, breach notification costs, support for regulatory engagement and cover for insurable regulatory penalties, assessed case by case under UK law.
Incident response and panel providers
Review the quality of forensic, legal and communications specialists available through the insurer’s panel.
Territorial and jurisdictional limits
Ensure your policy covers the countries where you operate or store data, as many policies apply territorial restrictions.
Retroactive dates
Some policies only cover incidents that occur after a specific date, which may not align with when a vulnerability was introduced.
Many clients and suppliers require evidence of cyber insurance before sharing data or granting system access. Check any onboarding or procurement requirements to ensure your policy meets the necessary limits and conditions.
If your business provides software or technology services, you may also need technology errors and omissions or professional indemnity insurance. Ensure that policy wordings align and do not include conflicting exclusions.
Together, these checks help you understand how a policy will respond in practice and ensure the cover aligns with your operational and contractual needs.
Strengthening your cyber security protects your business and also improves the availability and cost of cyber insurance. Insurers look closely at the controls you have in place and may offer better terms when risks are well managed.
Many UK insurers assess the following controls before offering cover or finalising terms.
Clear and up-to-date documentation helps demonstrate strong governance to insurers.
Useful documents include:
Well-implemented security measures can help you achieve lower premiums and excesses, access to higher limits, fewer exclusions and faster policy binding. Insurers often provide better terms when businesses can demonstrate mature and well-documented cyber security practices.
Security upgrades such as multi-factor authentication rollout, backup appliances or endpoint detection and response licensing can require upfront investment. iwoca can help finance these improvements by providing funding that you can repay early with no fees as cash flow improves.
If you'd like to check your eligibility and get a decision within 24 hours, you can apply here.
