Cyber insurance for small businesses
Why cyber risk matters for small businesses
Cyber incidents — ransomware attacks, data breaches, phishing scams, and system outages — can cost a small business tens of thousands of pounds in downtime, recovery costs, legal obligations, and reputational damage. Small businesses are frequently targeted precisely because their defences tend to be weaker than those of larger organisations.
What does cyber insurance cover?
A dedicated cyber insurance policy typically covers: incident response costs (forensic investigation, recovery); legal and regulatory costs (including potential fines under UK GDPR, though fines themselves are not always insurable); business interruption losses during the incident; notification costs (if you must notify customers or the ICO of a data breach); and crisis communications.
First-party vs third-party cyber cover
First-party cover pays for losses your business directly suffers (downtime, data recovery). Third-party cyber liability cover pays for claims made against you by customers or other parties whose data was compromised. A comprehensive cyber policy should include both.
Estimating your exposure
Use our cyber insurance cost estimator to gauge your potential disruption exposure and see an illustrative insurance cost band. For accurate quotes and cover recommendations, speak to a commercial insurance broker who specialises in cyber risk.
Frequently asked questions
No. Small businesses are frequently targeted by cyber criminals because their defences are often weaker than those of large organisations. Any business that stores customer data, takes online payments, or relies on IT systems should consider its cyber risk.
Standard commercial combined or business insurance policies typically do not cover cyber incidents. Some may include limited cyber cover as a basic extension, but dedicated cyber insurance provides much broader protection including incident response, legal costs, and business interruption from a cyber event.
Ransomware is a type of malicious software that encrypts your data and demands payment for the decryption key. It can bring a business to a halt within hours. Cyber insurance can cover the cost of incident response, legal advice, and in some cases ransom negotiations (though paying ransoms is discouraged by the NCSC).
Basic steps include: keeping software and operating systems updated; using strong, unique passwords and multi-factor authentication; regular data backups stored separately from your main systems; staff training on phishing awareness; and limiting access to sensitive systems. These measures also help with insurance underwriting.
Related calculators
Business insurance
Cyber Insurance Cost Estimator
Gauge the potential cost of a cyber incident and get an illustrative insurance cost band.
Business insurance
Business Interruption Calculator
Estimate your business interruption insurance exposure based on revenue, costs, and recovery time.
Business insurance
Public Liability Calculator
Think through how much public liability cover your business might need.
Disclaimer
This is a simplified estimate based on the assumptions shown above. It isn't a quote, and a real insurer may arrive at a different figure. Use it as a starting point, then check the details with your insurer or adviser.