What is the Companies House definition of a small business for UK cyber insurance?

Companies House defines SMEs as companies with fewer than 250 employees and either turnover not exceeding £50.2m or balance sheet total not exceeding £25.9m. Cyber insurers typically align with this definition for SME coverage tiers and pricing.

How much does cyber insurance cost for a UK small business?

UK small businesses typically pay £350–£2,200 per year depending on size and sector. Micro-businesses (under £100K turnover) pay £350–£900. Small businesses (£100K–£1M) pay £700–£1,800. Growing businesses (£1M–£5M) pay £1,600–£2,200.

Does UK cyber insurance cover GDPR fines and regulatory penalties?

Most standard cyber policies exclude regulatory fines and penalties. However, some specialist insurers offer optional regulatory fine coverage. This is a critical underwriting point—a GDPR breach can trigger ICO fines up to £17.5m. Check policy wording carefully.

What government support is available for UK small business cyber protection?

The UK government provides free resources through NCSC (Cyber Essentials scheme, free risk assessment tools), British Business Bank (cyber insurance grants for startups), and local business support organisations. Many SMEs are unaware of free NCSC Cyber Essentials certification which improves insurability.

Cyber Insurance for Small Business in the UK: SME Coverage & Companies House Compliance

Why UK small businesses are targeted

Small businesses are not collateral damage. They are targeted because attackers know SMEs typically have weaker defences than large enterprises but hold valuable customer data. The statistics are stark: 43% of all cyberattacks target small and medium-sized businesses.

A typical ransomware attack costs a UK small business £120,000–£150,000 in recovery, downtime, and incident response. More devastating: 60% of small businesses close within six months of a major cyberattack. Not because the technical damage is irreversible, but because they lack cash reserves and expertise to recover. Cyber insurance bridges that critical gap.

What it costs in the UK

UK small business cyber insurance is more affordable than many business owners assume. Pricing varies by turnover, employees, and sector:

Micro-business: Under £100K turnover, 1–3 staff: £350–£900/year
Small business: £100K–£1M turnover, 4–20 staff: £700–£1,400/year
Growing: £1M–£5M turnover, 21–50 staff: £1,600–£2,200/year

Most small businesses can get robust cyber insurance for under £100 per month. Compare that to a single ransomware attack or a week of downtime.

What small business cyber insurance covers

Ransomware recovery. Covers incident response, forensic investigation, and recovery costs.
Business interruption. Covers lost revenue whilst systems are offline. Critical for small businesses with no cash buffer.
GDPR breach costs. Covers customer notification, credit monitoring, regulatory reporting, and legal defence if the ICO investigates.
Incident response. Immediate access to forensic investigators and recovery specialists.
Legal defence. Covers solicitor fees if customers sue or the Information Commissioner's Office investigates.

Top cyber risks for UK small businesses

These are the attacks actually targeting UK SMEs:

Phishing and email compromise. 90%+ of attacks start with a phishing email. Someone clicks a fake invoice or password reset. The attacker gains network access.
Ransomware. Once inside, attackers encrypt your data and demand payment. Small businesses are hit hard because they have few offline backups.
Invoice fraud. Attackers compromise email and send fake invoices. You pay the attacker instead of your supplier.
Employee error. Your team misconfigures cloud storage, accidentally emails sensitive data to the wrong person, or uses weak passwords.
Supply chain compromise. You are breached not through your own systems, but through a vendor or supplier's network.

UK government support for small business cyber protection

The UK government provides free and low-cost resources:

NCSC Cyber Essentials. Free certification scheme proving your basic security controls. Improves insurability and is government-backed.
NCSC risk assessment tools. Free vulnerability assessment resources for SMEs.
British Business Bank cyber grants. Some funding available for startup and scale-up cyber insurance.
Business support organisations. Local business councils offer free cyber awareness training and guidance.

What insurers expect from UK small businesses

Multi-factor authentication (MFA). Enable MFA on email and critical cloud applications.
Endpoint protection. Use antivirus or EDR on all computers and mobile devices.
Regular backups. Back up critical data daily and store at least one backup offline.
Email security. Use email filtering to block phishing.
GDPR compliance. Document your data handling, conduct impact assessments, and implement privacy controls.

These are table stakes. The good news: all are achievable for small businesses with minimal cost.

Ready? Get matched with a specialist UK small business cyber insurance broker. Answer a few questions and get a personalised quote within 24 hours. Free, fast, no obligation.

Cyber Insurance for Small Business in the UK