What Is Cyber Insurance?

A complete guide to understanding what cyber insurance covers in the UK, how claims work, what's excluded, GDPR and ICO regulatory requirements, and how to choose the right policy for your UK business.

Updated April 2026 15 min read

What is cyber insurance?

Cyber insurance is a type of business insurance that covers your financial losses from cyber incidents like data breaches, ransomware attacks, system outages, and other digital disruptions. It's also known as "cyber liability insurance" or "cyber risk insurance."

In the UK, cyber incidents are hitting businesses hard. 39% of UK businesses experienced a cyber attack in 2024, and the average cost of a data breach globally is approximately Β£3 million or higher. For small and medium businesses, a single breach can be catastrophic. 60% of SMBs close within 6 months of an attack. Cyber insurance exists because many businesses can't absorb this financial shock alone, particularly when GDPR fines can reach up to Β£20 million or 4% of turnover.

Key point: Cyber insurance reimburses you for direct costs (forensic investigation, ransom negotiation, notification costs under GDPR) and third-party claims (lawsuits from affected customers). You're buying protection for a type of liability and operational crisis, not a physical asset.

What does cyber insurance cover?

Most cyber insurance policies split coverage into two main categories: costs to YOUR business (first-party) and claims FROM OTHERS (third-party).

First-party coverage (costs to your business)

This covers direct costs you incur in response to a cyber incident:

  • Incident response and forensic investigation β€” The cost of hiring experts to investigate the breach, determine what was compromised, and identify the attacker.
  • Data recovery and restoration β€” Costs to recover lost or corrupted data and restore systems to normal operation.
  • Business interruption losses β€” If your systems are down, you lose revenue. This covers the income you would have earned during the outage.
  • Ransomware payments β€” Some policies reimburse ransom payments if you decide to pay. Note: UK and international authorities increasingly advise against payment.
  • Notification costs β€” GDPR requires notification of affected individuals following a breach. Cyber insurance covers letters, email campaigns, and call centre costs.
  • Credit monitoring β€” Providing monitoring services to individuals affected by the breach (often 1-3 years).
  • Public relations and crisis management β€” Costs to hire PR firms to manage reputational damage and public communication.

Third-party coverage (claims from others)

This covers legal claims and regulatory action arising from the incident:

  • GDPR regulatory defence and fines β€” Defence costs if you face ICO investigation and cover for GDPR fines up to specified limits (typically Β£20 million or 4% of turnover).
  • Legal defence costs β€” Solicitors and barristers to defend you against lawsuits from affected customers or partners.
  • Settlements and judgments β€” Compensation you're ordered to pay to affected parties after losing a lawsuit.
  • Privacy and data breach claims β€” Claims from individuals alleging misuse of personal data or failure to protect privacy under GDPR.
  • PCI DSS fines β€” If you process card payments and suffer a breach, payment networks may fine you. Cyber insurance can cover these.
  • Media liability claims β€” Claims that your business defamed someone or invaded privacy through your digital systems or online presence.

Most policies come with coverage limits (e.g., Β£1 million total), deductibles (you pay the first Β£10,000 of any claim), and sub-limits (e.g., ransomware covered up to Β£500,000, even if total limit is Β£1 million).

What doesn't cyber insurance cover?

Insurance is defined as much by what it excludes as by what it includes. Here are the most common cyber insurance exclusions:

  • Acts of war or nation-state attacks β€” Most policies exclude attacks by governments or military forces. This "war exclusion" is standard across insurance.
  • Unpatched known vulnerabilities β€” If a security patch was available and you didn't apply it, the insurer may deny claims from attacks exploiting that specific vulnerability.
  • Bodily injury or property damage β€” Cyber insurance covers digital losses. If a cyber attack leads to physical harm, that's typically covered by your general liability policy, not cyber.
  • Long-term reputational damage β€” Cyber insurance covers short-term crisis costs (PR, notification). Permanent loss of customer trust or market share isn't covered.
  • Loss of future revenue β€” Business interruption covers revenue lost during the incident. It doesn't cover future lost business due to reputational harm.
  • Prior known claims β€” If you knew about a potential claim before buying the policy, it's excluded.
  • Voluntary shutdowns β€” If you choose to shut down your systems without insurer approval, resulting losses may not be covered.
  • Social engineering (sometimes) β€” Some policies exclude or heavily sub-limit losses from social engineering attacks (e.g., CEO fraud). Check your policy carefully.

Read the fine print: Exclusions vary significantly between insurers. A breach that one insurer covers, another may exclude. Always ask your broker to highlight exclusions relevant to your business and industry.

How does a cyber insurance claim work?

Step 1: Incident occurs β€” You discover a breach, system outage, or suspected attack.

Step 2: Contact insurer immediately β€” Call your insurer's claims hotline right away. Most UK policies require prompt notification. Delaying notification may void coverage.

Step 3: Insurer appoints incident response team β€” The insurer will typically have a preferred team of forensic experts, legal counsel, and PR firms. Some policies let you choose your own; others require you to use the insurer's panel. The insurer pays the IR team directly.

Step 4: Containment and investigation β€” The IR team stops the attack (if ongoing), investigates what happened, identifies what data was compromised, and documents findings.

Step 5: Claim assessment β€” The insurer reviews the incident and IR findings to determine what's covered under your policy. They'll assess whether exclusions apply, whether costs are reasonable, and whether the claim is within coverage limits and deductibles.

Step 6: Payout β€” Once approved, the insurer reimburses you for covered costs or pays vendors directly.

Important: Good cyber insurance policies don't just provide moneyβ€”they provide people. Your policy includes access to forensic investigators, UK-qualified legal counsel familiar with GDPR breach notification law, and PR specialists. These are often more valuable than the pound payout because they know how to handle incidents efficiently and protect you from ICO action.

UK regulatory landscape

The UK's cyber insurance landscape is dominated by GDPR (retained EU law post-Brexit) and ICO enforcement. GDPR requires notification of affected individuals and the ICO without undue delay following a personal data breach. ICO fines can reach up to Β£20 million or 4% of annual global turnover, whichever is higher. Additionally, businesses processing payment card data must comply with PCI DSS standards, and various sectors (healthcare, finance, energy) face industry-specific rules. Cyber insurance covers regulatory defence costs and fines under these frameworks.

Last updated: April 2026

Ready to find the right cover?

Get matched with a specialist cyber insurance broker β€” free, fast, no obligation.

Find My Policy β†’
Related guides

How much does cyber insurance cost in the UK?

Pricing data by company size and industry. Plus the factors that push UK premiums up or down.

Read β†’

Do I actually need it?

Not every business needs the same cover. Find out whether cyber insurance makes sense for your size and sector.

Read β†’