Why Comparing Cyber Insurance Matters
Two policies at the same price can have vastly different coverage. One might cover ransomware up to the full limit; another sub-limits it to just 10%. One includes social engineering; another excludes it entirely. The difference between a policy that protects you and one that leaves you exposed often comes down to the details most people never read.
A specialist broker will spend weeks reviewing policy wording for nuances. But if you're comparing policies yourself, understanding what to look for is essential.
Key Comparison Factors
This framework covers the ten most critical areas when evaluating cyber insurance policies:
| Coverage Area | What to Compare | Why It Matters |
|---|---|---|
| Coverage Limits | Aggregate vs. per-incident limits | A £5M aggregate limit is your total payout for the year. If you hit it early, you have zero cover for the rest of your policy period. |
| Sub-limits | Specific caps on ransomware, BI, social engineering, legal fees | Your policy might have a £5M limit but only cover ransomware up to £500k. The sub-limit is your real cap. |
| Deductible/Retention | What you pay out of pocket on each claim | A £25k retention means you cover the first £25k of every claim. Higher retention = lower premium, but more out-of-pocket cost. |
| Business Interruption Waiting Period | How long after the incident before BI cover kicks in (typically 6, 12, 24, or 72 hours) | A 72-hour waiting period means you absorb three days of lost income. A 6-hour waiting period covers almost immediately. This can be a material cost difference. |
| War Exclusion Wording | Exact wording of war/terrorism/civil unrest exclusions | War exclusions vary significantly by insurer. Some are narrow; others are extremely broad and could deny coverage for a nation-state attack. This is critical. |
| Incident Response Panel | Quality and size of the insurer's panel of IR firms | Your insurer connects you with forensic and IR specialists. A panel with 50+ firms gives you choice. A panel with 3 firms doesn't. This affects response quality and cost control. |
| Retroactive Date | Coverage for incidents that occurred before the policy started but discovered during the policy | If your retroactive date is January 2026 but you discover a breach from October 2025, it won't be covered. Check this carefully. |
| Geographic Scope | Where in the world the policy covers your operations | A UK-only policy won't cover your operations or liabilities in the US, even if you have a small US subsidiary. This can create massive coverage gaps. |
| Defence Costs | Are legal/defence costs inside or outside the policy limit? | Inside the limit: your legal defence eats into your total payout. Outside the limit: you get your full coverage amount plus defence costs on top. Outside is significantly better. |
| Claims Notification | Timeframe to notify the insurer (24 hours, 72 hours, or more) | If you don't notify quickly enough, you risk denial. A 24-hour notification requirement is tighter than a 72-hour one. Check what "notification" means — does a breach attempt count? |
Comparison Checklist
Before You Compare, Gather These Documents
- Policy wording (not just the summary)
- Schedule of cover (lists the actual limits and retentions)
- Exclusions and limitations pages
- Claims procedures document
- Details of the incident response panel
Now go through each policy and note:
- Total aggregate limit vs. your potential loss scenario
- Sub-limits for ransomware, business interruption, social engineering, legal defence, and crisis management
- Exact deductible and how it applies (per claim or per year)
- Business interruption waiting period and how it's measured
- The full text of the war exclusion — does it cover cyber attacks by state-sponsored actors?
- Size and quality of the incident response panel
- Retroactive date and any exclusions for known or suspected breaches
- Countries and regions explicitly covered
- Whether defence costs reduce your policy limit or sit outside it
- Notification deadline (in hours) and what triggers a notification obligation
Common Cyber Insurance Comparison Mistakes
Avoid these pitfalls when evaluating policies:
- Comparing on price alone. A £2k policy with poor sub-limits and a 72-hour BI waiting period is more expensive than a £3k policy with full coverage and a 6-hour waiting period, even though the price is lower. Price is just one factor.
- Ignoring sub-limits. A £5M policy limit with a £250k ransomware sub-limit gives you far less actual coverage than a £3M policy with £2M ransomware coverage. Always check the sub-limits.
- Not reading the war exclusion. This clause varies more between insurers than almost anything else. Some exclude only declared wars; others exclude any "act in cyberspace by a nation-state, government actor, or military-affiliated entity." If your threat model includes nation-state attacks, this exclusion matters enormously.
- Assuming all "cyber insurance" policies are the same. They're not. An E&O policy with a cyber endorsement is very different from a dedicated standalone cyber policy. Understand what you're buying.
- Not checking the IR panel. If the insurer's incident response panel is small or doesn't include the forensic firms you want, you may struggle during an actual incident.
- Overlooking the BI waiting period. A 72-hour waiting period can cost you tens of thousands of pounds. A 6-hour waiting period covers almost immediately. This is one of the highest-impact clauses and is often missed in comparison.
Specialist Broker vs. Comparing Yourself
A specialist cyber insurance broker compares 10–20 markets for you, understands the technical wording differences, negotiates terms on your behalf, and advocates if a claim is disputed. This is their expertise.
If you're comparing policies yourself, you're working with whatever terms the insurer offers. A broker can often negotiate better limits, lower retentions, shorter waiting periods, or broader coverage — sometimes at a lower premium than you'd get by applying directly.
CyberPolicyFinder matches you with a specialist broker for free. They'll do the heavy lifting and present you with tailored options so you're comparing apples to apples.
Not sure how to compare?
A specialist cyber insurance broker will handle the comparison for you, negotiate on your behalf, and present tailored options. Get matched with one for free.
Get Matched with a Broker →Step-by-Step Comparison Process
Define Your Risk Profile and Coverage Needs
What's your industry? Size? What would a major cyber incident cost you? How long could you survive without revenue? What's your likely liability exposure? Use this to set a target for total coverage, BI limits, and acceptable deductibles.
Get Quotes from 3+ Markets
If possible, work through a broker who has access to multiple insurers. If you're getting quotes directly, approach at least three different insurers so you have real options to compare.
Compare Using the Checklist Above
For each policy, document the ten key factors: limits, sub-limits, deductible, waiting period, war exclusion, IR panel, retroactive date, geographic scope, defence costs, and notification requirements. Create a simple spreadsheet to see them side by side.
Ask About Each Exclusion and Sub-limit
Email the broker or insurer and ask for clarification on any clause that's unclear or concerning. Ask whether terms can be negotiated. Some insurers will increase limits, lower sub-limits, or shorten waiting periods if you ask.
Review the Actual Policy Wording, Not Just the Summary
The summary sheet is a marketing document. The policy wording is your contract. Read it. Look for exclusions you didn't see in the summary. Check the definitions section — sometimes a key term is defined in a way that narrows cover. A specialist broker will flag these for you.