How much does cyber insurance cost?

A good cyber liability policy could save your business thousands if you’re hacked or have a data breach. Here we examine how much a good policy costs and how to make it cheaper without compromising your cover.

What’s the cost?

There are two main costs when you take out a cyber insurance policy, these are:

  • Your insurance premium: this is either payable monthly or annually and forms the basic cost of your protection. This is the figure you’ll be quoted by insurers and depends on the cover you choose and the size and type of your business.
  • Your insurance excess: this is a lump sum you’ll need to pay if you make a claim. If you choose a small excess your insurance premium will usually be more expensive so weigh up how much you can afford to pay before settling on a figure.

It’s your insurance premium that will make up the bulk of the cost of your cover.

What affects the price?

Lots of different factors will affect the price of your cover, but the main ones are:

  • Your business: A bigger business with a larger annual turnover is usually more expensive to insure than a sole trader for example.
  • Your industry sector: Certain industry areas are higher risk and more vulnerable to cyber-crime which can make your insurance premium more expensive. For example, according to Hiscox, finance companies are at greater risk than caterers.
  • The data you hold: If you store a large amount of personal data or financial records then cyber cover could be more expensive.
  • The level of cover you choose: A basic policy that offers limited protection is likely to be cheaper than a more comprehensive policy.

While it can be tempting to pick the cheapest policy it’s crucial to make sure you’ve got the right cover in place for your business needs first.

Choosing the right level of cover

There are two main types of cyber insurance, they are:

  • First party cover: this protects you against the direct consequences of a cyber attack or data breach to your business.
  • Third party cover: this extends your cover to the indirect consequences of a breach and is more comprehensive.

First party cover is normally cheaper than a policy that also includes third party cover – but you’ll have less protection.

Not all businesses need third party cover, but it is advisable for companies that are largely technology based to consider it.

You can find out more about the difference between first party and third party cover by reading our guide to what cyber insurance covers.

So, how much do you need to spend?

There’s no one size fits all rule here, but if you’re looking for a ballpark figure, a SME with a £500,000 turnover can get average cyber cover for around £200 per year.

When you pay that kind of amount, it should cover:

  • Data breach measures: If information is compromised, your policy should pay for investigative measures, client and regulatory communication and customer support.
  • Damage control: If your business is hacked, good cyber insurance will cover repair costs and help you re-establish control over your systems.
  • Fines and legal action: If sensitive data that doesn’t belong to your company is compromised, you are at risk of legal action and GDPR violation fines.
  • Loss of income: Any attack can cause business interruption, loss of sales, loss of customers or temporary closure. Cyber Insurance should cover your company against these contingencies.
  • Ransom: If your data is being held hostage and you have to pay a ransom, cyber insurance may cover the costs.
  • Public relations: A breach can seriously tarnish any organisation’s image and require public relations and communication measures to regain damaged trust. This can also be included in cover.

Some insurers advertise cover for £10 a month or less, and while these may be legitimate, at that price, there will usually be notable exclusions from your policy.

Ways to make it cheaper

The average cost of cyber insurance increased by around 5% in 2019, according to the Cyber Security Source, so any way to make it cheaper is welcome.  

The best way to avoid paying more than you have to is to shop around and get several quotes to help find the right cyber insurance policy at the cheapest price.

Having a professional cyber security risk assessment conducted is also worth considering. This will help you narrow down your potential first or third party liability so you can decide on the right cover.

Some other things you could try include:

  • Becoming accredited by Cyber Essentials: Some leading insurers, including Hiscox offer a discount if you complete a Cyber Essentials course. While you’ll have to pay to complete it, becoming accredited will help reduce your risk and make your cover cheaper too.
  • Increasing your excess: this is the amount you have to pay towards a claim. You can often increase this amount to make your policy cheaper, but remember you’ll have to pay more if you have to make a claim.

What’s happening in the world? cites that in spite of the increased risks, in April 2019 there were still only a staggering 11 percent of businesses in the UK who had Cyber Insurance. Globally, the Cyber Insurance business is growing.

The market’s current value is an estimated £3,7 billion and it’s not showing any sign of slowing down, with high profile attacks like the British Airways data breach and the Adobe attack making headlines.

The GDPR and NIS Directive both require that companies have cybersecurity and information protection measures in place, and can fine your company up to four percent of your annual turnover for a violation.

Did you know that Cyber Insurance policies can include cover for paying these fines?

What you should look out for

Cheaper premiums often mean you’ll get what you pay for. And just as there are opportunists online, there are opportunists who will try to cash in on consumer needs and interest.

Every policy you pay for will include a finite number of contingencies that the policy will cover you for. This is where an enquiring mind is very important. If you speak to a consultant, don’t be afraid to ask questions about what your monthly premium includes.

You’re better off getting cover from an established and reputable service provider, even if they don’t offer the cheapest premium possible because, first of all, you can rest assured that they aren’t a “fly-by-night” operation that will make off with your premium and, second of all, the company will have the relevant experience you’ll need to rely on in the event of a claim.

You should also look out for any excesses you may have to pay. Some insurance policies do have excesses attached to them and this isn’t necessarily a bad thing. But it’s important to know what the excess applies to and under what circumstances it applies.

Attacks in the cyber world have a real effect on business

The real cost to consider is not your premium but the price you could pay if you don’t have Cyber Insurance. In the UK, SMEs are the worst affected, partly because they make up the vast majority of businesses and partly because they can be softer targets for cyber-criminals.

More than half of all UK SMEs have experienced a cyber-attack of varying scope at one time or another. As legitimate businesses become more connected every day, so do cyber attackers. In 2018, almost five million cyber-crimes took place in England and Wales. Two thirds of those attacks involved cyber-fraud.

Keep yourself informed

The cost of a cyber-attack is a very real consideration in this day and age. Perhaps it’s time to consider protecting your company and yourself against the risks.

Now that you’ve armed yourself with some information, you can compare actual costs from some of the most reputable Cyber Insurance providers in the UK. Our site provides a completely objective comparison platform for people in the UK who are trying to find the right cover for their companies or for themselves.

Keep visiting this site for more informative content to keep you in the know.

Cyber Insurance Cost FAQs

It could if you need to make a claim.

For example, a data breach for many businesses can cost many thousands of pounds and a decent cyber policy could absorb most of this damage.

If your business does not need to make a claim it will only have cost your business the price of your insurance premium.

This depends on your insurer and the type of policy you choose.

Some insurers will allow you to make a certain number of claims before increasing the cost of your insurance when it is time to renew your policy, others will adjust your renewal price straight away.

It is always good practice to compare your options and shop around for the right cover when it comes to renewing your cyber insurance policy, that way you can be confident you are still getting a good price.

The pay-out rate for cyber insurance is among the highest in the industry, the ABI reported in 2019 that 99% of claims made on cyber insurance policies were paid out in full by insurers.

It depends on the insurer, but many view certain industry sectors as higher risk e.g. finance and will charge you more for your insurance cover.

Yes, in general businesses with a greater annual turnover will pay more for their cyber cover than smaller companies.

Martin Lane
Written by Martin Lane, Head of Content
Martin is an experienced writer in the financial services sector previously serving as Managing Editor at with regular guest slots on BBC Radio 4 and featured in the national press.

Cyber insurance buying guide for SME’s




Free for a limited time