For most businesses, the question is no longer whether a cyber incident could happen, but how badly it would hurt if it did. A breach, a ransomware attack or the failure of a key system can interrupt trading, expose customer data and trigger claims and regulatory action. Business cyber insurance brings together the covers that respond to all of this. This guide takes a business-owner view of cyber cover; for the full technical detail of how each element works, see our complete cyber insurance guide.
Business cyber insurance: definition. Business cyber insurance protects a company against the financial impact of cyber incidents, covering both the cost of responding to and recovering from an incident and the business's liability to customers and regulators affected by it.
What Is Business Cyber Insurance?
Business cyber insurance is a policy that protects a company against the financial consequences of cyber incidents, including data breaches, ransomware, hacking and system failures. It typically combines first-party cover, which deals with your own recovery costs, and third-party cover, which deals with your liability to customers and regulators. For most businesses it also provides immediate access to specialist help when an incident occurs.
Why Your Business Needs It
Traditional business insurance was not built for cyber risk, so a breach or attack often falls outside property and liability policies. The exposures that make cyber cover worth considering include:
- Data you hold about customers, employees or suppliers
- Payments you take and the financial information that comes with them
- Systems you rely on to trade, where downtime stops revenue
- Supply chain dependence on cloud and IT providers
- Contracts that increasingly require suppliers to hold cyber cover
What Business Cyber Insurance Covers
Cover varies by insurer, but a business cyber policy generally brings together:
| Protecting your business | Protecting against claims |
|---|---|
| Incident response and IT forensics | Third-party data breach claims |
| Ransomware and cyber extortion | Legal defence costs |
| Business interruption and extra costs | Regulatory investigation costs and insurable fines |
| Data restoration and system repair | Compensation and settlements |
| Breach notification and PR support | Liability for transmitting malware |
The breakdown of these covers, including business interruption, contingent business interruption and the typical policy extensions, is set out in full in our cyber insurance guide. The third-party side is covered in our guide to cyber liability insurance.
Small Businesses and Cyber Risk
It is a common misconception that cyber criminals only go after large organisations. In practice, smaller businesses are frequently targeted precisely because their defences can be weaker, and the impact of an incident is often proportionately greater for a small company with limited resources to recover. If a small business holds data, takes payments or depends on systems to trade, the case for cyber cover is much the same as for a larger one. Cover can be scaled to suit the size and risk of the business.
What Insurers Expect From Your Business
Cyber underwriting has tightened, and insurers now look for a baseline of security before offering cover. Having these in place, and being able to evidence them, improves both your options and your terms:
- Multi-factor authentication on email and remote access
- Regular, tested backups held securely
- Endpoint detection and prompt patching
- Email filtering and phishing protection
- Staff security awareness training
- An incident response plan
Our guide to cyber security insurance goes into the controls insurers expect in more detail.
Choosing Cover and Setting Limits
The right business cyber policy is the one whose cover matches your actual exposure, not simply the cheapest option at a given limit. It is worth checking how the policy handles ransomware and business interruption, what the breach response service includes, and whether the limit reflects a realistic worst-case incident for your business. The appropriate limit is generally arrived at by benchmarking against similar businesses, the data you hold, your dependence on systems and any contractual requirements. A broker can bring that benchmarking and scenario view to help you decide. Our guide to what affects the cost of cyber insurance explains the rating factors that drive price.
How Taurus Helps
We are an FCA-regulated, independent broker. We assess how your business operates and what it is exposed to, structure cyber cover that brings together the protection and liability sides, and place the risk with financially secure, highly rated UK insurers and Lloyd's markets. We also help you understand what insurers expect on security, so you go to market in the strongest position.
Frequently Asked Questions
What is business cyber insurance?
Business cyber insurance protects a company against the financial impact of cyber incidents such as data breaches, ransomware and system failures. It covers both the cost of responding to and recovering from an incident and the business's liability to customers and regulators affected by it.
Does my business need cyber insurance?
If your business holds customer data, takes payments or relies on IT systems to operate, it carries cyber risk and cyber insurance is generally worth considering. Many clients and contracts now require it, so it can also be needed to win or keep work.
What does business cyber insurance cover?
It typically covers incident response, data restoration, ransomware, business interruption and breach notification on the first-party side, plus third-party claims and regulatory costs from a data breach. Many insurers also provide access to a specialist breach response team.
Do small businesses need cyber insurance?
Small businesses are often targeted precisely because their defences may be weaker, and an incident can be proportionately more damaging. If a small business holds data, takes payments or depends on systems to trade, cyber cover is generally worth considering.
What security do insurers expect from a business?
Insurers commonly expect multi-factor authentication, regular tested backups, endpoint detection, prompt patching, email filtering and staff training. Strong controls can improve the terms available, while gaps can restrict cover, so it is worth addressing them before going to market.
How much does business cyber insurance cost?
Cost depends on your turnover, sector, the data you hold, your security controls and the cover limit. Businesses with strong controls often secure better terms. A broker can benchmark the market and structure cover to match your risk and budget.
