For a small UK business (under 50 employees, under £3.5M revenue), cyber insurance typically costs between £800–£2,500 per year for £1M in coverage. But costs vary significantly based on industry, company size, security maturity, and claims history.
A micro business (1–10 employees) might pay as little as £400–£1,200 annually, while an enterprise with 1,000+ employees could pay £40,000–£350,000+ per year. Like all insurance, the larger and riskier your organisation, the more you pay. UK regulatory requirements—particularly GDPR and ICO enforcement—also influence premiums.
Your company size is one of the strongest predictors of premium. Below are typical annual premiums and coverage levels for UK businesses:
| Company Size | Employees | Typical Annual Premium | Typical Coverage |
|---|---|---|---|
| Micro | 1–10 | £400–£1,200 | £500K–£1M |
| Small | 11–50 | £800–£2,500 | £1M–£2M |
| Mid-market | 51–250 | £2,500–£12,000 | £2M–£5M |
| Upper mid-market | 251–1,000 | £12,000–£40,000 | £5M–£10M |
| Enterprise | 1,000+ | £40,000–£350,000+ | £10M+ |
These figures are for standard coverage with a £10,000–£25,000 deductible. Premiums vary by industry, regulatory environment, security controls, and underwriter appetite. UK market data shows pricing is influenced heavily by GDPR compliance posture and prior data incidents.
Some sectors face significantly higher premiums due to regulatory scrutiny, sensitive data handling, or targeting by criminals. Insurers apply industry-specific multipliers to base rates. Here's how they compare in the UK context:
| Industry | Risk Level | Premium Multiplier | Why (UK regulatory focus) |
|---|---|---|---|
| Healthcare / NHS | Very High | 2–3× | DSPT compliance, patient data, ICO fines, ransomware target |
| Financial Services | High | 1.5–2.5× | FCA regulations, high-value data, regulatory fines |
| Legal / Professional Services | High | 1.5–2× | Client confidentiality, GDPR exposure, IP protection |
| Technology / SaaS | High | 1.5–2× | IP, customer data, SaaS liability, supply chain exposure |
| Retail / E-commerce | Medium-High | 1.3–1.8× | Payment card data, PCI DSS, online fraud exposure |
| Manufacturing / OT | Medium | 1–1.5× | Operational technology (OT) convergence, supply chain risk |
| Education | Medium | 1–1.3× | Student data (GDPR), budget constraints, growing targets |
| Charity / Non-profit | Low-Medium | 0.8–1.2× | Limited data volumes, smaller targets, donor data |
Example: A small NHS dental practice with 12 employees faces a 2.5× multiplier on base rates. If the base premium is £1,200, they would pay around £3,000. Financial services firms face similar multipliers due to FCA supervision and regulatory data requirements.
Underwriters assess dozens of variables when setting your rate. Here are the main factors driving premiums in the UK market:
Your premium is not fixed. Improving your security posture and demonstrating compliance controls can yield substantial savings. Many UK insurers offer discounts for implemented security measures:
Many businesses find that the cost of implementing these controls (often £5,000–£20,000) pays for itself through lower premiums within 12–24 months. The investment also reduces your actual breach risk.
The average cost of a data breach for a medium-sized UK business is approximately £4,200 according to the DCMS Cyber Security Breaches Survey. However, larger breaches and those involving regulatory investigations incur far greater costs. A breach affecting 10,000 records at the average cost of £165–£280 per record would result in £1.65M–£2.8M in recovery, investigation, notification, and regulatory defence costs.
Beyond direct breach costs, cyber insurance covers:
For UK businesses, cyber insurance is essential risk management—especially given GDPR fines, ICO enforcement activity, and the £4,200 average breach cost. A single incident can far exceed years of premium payments.
Get matched with an FCA-authorised specialist broker who'll find a policy tailored to your risk profile and budget.
Get a personalised quote →