What Is Cyber Insurance?

A complete, plain-English guide to understanding what cyber insurance covers, how claims work, what's excluded, and how to choose the right policy for your business.

Updated March 2026 15 min read
In this guide

What is cyber insurance?

Cyber insurance is a type of business insurance that covers your financial losses from cyber incidents like data breaches, ransomware attacks, system outages, and other digital disruptions. It's also known as "cyber liability insurance" or "cyber risk insurance."

Think of it like other types of business insurance. Property insurance covers damage to your building. Liability insurance covers third-party injury claims. Cyber insurance covers the financial fallout from cyber attacksβ€”and unlike property or liability, it includes both the cost to fix your own systems and claims from affected customers.

Cyber incidents are no longer rare. 39% of UK businesses experienced a cyber attack in 2024, and the average cost of a data breach globally is $4.9 million. For small and medium businesses, a single breach can be catastrophic. 60% of SMBs close within 6 months of an attack. Cyber insurance exists because many businesses can't absorb this financial shock alone.

Key point: Cyber insurance reimburses you for direct costs (forensic investigation, ransom negotiation, notification costs) and third-party claims (lawsuits from affected customers). It's not like property insuranceβ€”you're buying protection for a type of liability and operational crisis, not a physical asset.

What does cyber insurance cover?

Most cyber insurance policies split coverage into two main categories: costs to YOUR business (first-party) and claims FROM OTHERS (third-party).

First-party coverage (costs to your business)

This covers direct costs you incur in response to a cyber incident:

  • Incident response and forensic investigation β€” The cost of hiring experts to investigate the breach, determine what was compromised, and identify the attacker.
  • Data recovery and restoration β€” Costs to recover lost or corrupted data and restore systems to normal operation.
  • Business interruption losses β€” If your systems are down, you lose revenue. This covers the income you would have earned during the outage.
  • Ransomware payments β€” Some policies reimburse ransom payments if you decide to pay. Note: Not all jurisdictions allow this, and governments increasingly advise against payment.
  • Notification costs β€” If you must notify affected individuals of a breach, cyber insurance covers letters, email campaigns, and call center costs.
  • Credit monitoring β€” Providing monitoring services to individuals affected by the breach (often 1-3 years).
  • Public relations and crisis management β€” Costs to hire PR firms to manage reputational damage and public communication.

Third-party coverage (claims from others)

This covers legal claims and regulatory action arising from the incident:

  • Regulatory defence and fines β€” Defence costs if you face investigations by privacy regulators (like the ICO in the UK). Also covers GDPR fines up to specified limits.
  • Legal defence costs β€” Attorneys to defend you against lawsuits from affected customers or partners.
  • Settlements and judgments β€” Compensation you're ordered to pay to affected parties after losing a lawsuit.
  • PCI DSS and compliance penalties β€” If you process card payments and suffer a breach, payment networks may fine you. Cyber insurance can cover these.
  • Media liability claims β€” Claims that your business defamed someone or invaded privacy through your digital systems or online presence.

Most policies come with coverage limits (e.g., Β£5 million total), deductibles (you pay the first Β£10,000 of any claim), and sub-limits (e.g., ransomware covered up to Β£500,000, even if total limit is Β£5 million).

What doesn't cyber insurance cover?

Insurance is defined as much by what it excludes as by what it includes. Here are the most common cyber insurance exclusions:

  • Pre-existing breaches or known vulnerabilities β€” If you knowingly had an unpatched system or previous breach before buying the policy, the insurer won't cover new claims related to it.
  • Acts of war or nation-state attacks β€” Most policies exclude attacks by governments or military forces. This "war exclusion" is standard across insurance.
  • Unpatched known vulnerabilities β€” If a security patch was available and you didn't apply it, the insurer may deny claims from attacks exploiting that specific vulnerability.
  • Bodily injury or property damage β€” Cyber insurance covers digital losses. If a cyber attack leads to physical harm (e.g., hospital systems fail, leading to patient injury), that's typically covered by your general liability policy, not cyber.
  • Long-term reputational damage β€” Cyber insurance covers short-term crisis costs (PR, notification). Permanent loss of customer trust or market share isn't covered.
  • Loss of future revenue β€” Business interruption covers revenue lost during the incident. It doesn't cover future lost business due to reputational harm.
  • Prior known claims β€” If you knew about a potential claim before buying the policy, it's excluded.
  • Voluntary shutdowns β€” If you choose to shut down your systems without insurer approval, resulting losses may not be covered.
  • Social engineering (sometimes) β€” Some policies exclude or heavily sub-limit losses from social engineering attacks (e.g., CEO fraud). Check your policy carefully.

Read the fine print: Exclusions vary significantly between insurers. A breach that one insurer covers, another may exclude. Always ask your broker to highlight exclusions relevant to your business.

How does a cyber insurance claim work?

Understanding the claims process helps you prepare for an incident and ensures you act quickly if a breach happens.

Step 1: Incident occurs β€” You discover a breach, system outage, or suspected attack.

Step 2: Contact insurer immediately β€” Call your insurer's claims hotline right away. Most policies require prompt notification. Delaying notification may void coverage.

Step 3: Insurer appoints incident response team β€” The insurer will typically have a preferred team of forensic experts, legal counsel, and PR firms. Some policies let you choose your own; others require you to use the insurer's panel. The insurer pays the IR team directly.

Step 4: Containment and investigation β€” The IR team stops the attack (if ongoing), investigates what happened, identifies what data was compromised, and documents findings.

Step 5: Claim assessment β€” The insurer reviews the incident and IR findings to determine what's covered under your policy. They'll assess whether exclusions apply, whether costs are reasonable, and whether the claim is within coverage limits and deductibles.

Step 6: Payout β€” Once approved, the insurer reimburses you for covered costs or pays vendors directly (especially IR firms and legal counsel).

Important: Good cyber insurance policies don't just provide moneyβ€”they provide people. Your policy includes access to forensic investigators, legal counsel familiar with breach notification law, and PR specialists. These are often more valuable than the dollar payout because they know how to handle incidents efficiently and protect you from regulatory action.

Who needs cyber insurance?

Short answer: almost every business. Long answer: it depends on your data, your customers, and your industry's regulatory environment.

You almost certainly need cyber insurance if you:

  • Store customer data β€” Names, email addresses, phone numbers, payment information, or any personally identifiable information (PII). If a breach exposes this data, you face notification costs and legal liability.
  • Process payments β€” If you accept credit or debit cards, you're bound by PCI DSS compliance rules. A breach could result in fines from payment networks.
  • Rely on IT systems to operate β€” If ransomware or a system failure would halt your business, cyber insurance covers business interruption losses.
  • Face regulatory oversight β€” Healthcare (HIPAA), finance, and many other sectors face specific privacy and security rules. Breach fines and regulatory defence are major cyber insurance benefits.
  • Have employees β€” Your staff's email accounts, credentials, and access to systems are attack vectors. Social engineering and credential theft are common attack methods.

By industry:

  • Healthcare β€” Required. HIPAA penalties are severe, and patient data is highly valuable to attackers.
  • Financial services β€” Required. Regulators expect cyber insurance, and data breaches trigger notification requirements.
  • E-commerce β€” Strongly recommended. Customer payment and personal data are primary targets.
  • Professional services (law, accounting, consulting) β€” Strongly recommended. You hold sensitive client data and face professional liability if breached.
  • Retail and hospitality β€” Recommended. You process payments and may hold customer data.
  • Manufacturing and logistics β€” Recommended. Your operational technology (OT) and systems are increasingly networked and vulnerable to ransomware.
  • Small businesses β€” Yes, even you. 43% of cyber attacks target small businesses, often because attackers assume small businesses have weaker defences and fewer resources to respond.

If you're reading this and thinking "my business is too small to be targeted," remember: attackers use automated tools that scan millions of websites and systems looking for vulnerabilities. They don't hand-pick targets. Small businesses are hit constantly, often without realizing it.

How to choose the right policy

Not all cyber insurance policies are created equal. Here are the key factors to evaluate:

Coverage limits β€” How much will the insurer pay in total? Β£1 million? Β£5 million? For small businesses, Β£1-2 million is common. For mid-market, Β£5-10 million. Make sure your limit matches your potential exposure (consider: annual turnover, customer count, regulatory fines in your sector).

Deductible (retention) β€” How much do you pay before the insurer pays? Β£5,000? Β£25,000? Higher deductibles lower your premium but increase your risk. Think about how much your business could absorb upfront.

Sub-limits β€” Insurers often set lower limits for specific coverages within the overall policy. For example: ransomware covered up to Β£500,000, business interruption up to Β£1 million, regulatory fines up to Β£750,000. Check that sub-limits align with your biggest risks.

Retroactive date β€” This is the date before which incidents are excluded. If your retroactive date is 1 January 2025, the insurer won't cover incidents that occurred before that date. Important if you've had a potential breach in the past.

Business interruption waiting period β€” How long after an incident begins does the insurer start paying? 4 hours? 24 hours? 72 hours? If your business can't afford downtime, you need a short waiting period.

Panel vs. choice of vendor β€” Does the insurer let you choose your own forensic investigators and lawyers, or must you use their pre-approved panel? Panel policies are cheaper; choice policies give you more control.

Geographic scope β€” Does the policy cover incidents worldwide, or only in specific countries? If you have offices or customers internationally, ensure global coverage.

Regulatory coverage scope β€” Which regulators and jurisdictions are covered for regulatory defence and fines? If you operate in the UK, US, Australia, and Canada, ensure all are included.

Additional services β€” Some insurers bundle additional benefits: cybersecurity training, vulnerability scanning, incident response planning, or security assessments. These can add real value beyond claims reimbursement.

Pro tip: Use a specialist cyber insurance broker. They understand the fine print, know which policies actually pay claims, and can negotiate better terms and pricing than you can alone. A good broker is essential for navigating the complexity and exclusions in cyber policies.

Last updated: March 2026 Share this guide with your network

Ready to find the right cover?

Get matched with a specialist cyber insurance broker β€” free, fast, no obligation.

Find My Policy β†’
Related guides

How much does cyber insurance cost?

Real pricing data by company size, industry, and coverage level. Plus the factors that push premiums up or down.

Read β†’

Do I actually need it?

Not every business needs the same cover. Find out whether cyber insurance makes sense for your size and sector.

Read β†’