PageID: insights-cyber-insurance

Cyber Insurance

    We use cookies

    GDPR Compliant

    We use cookies and similar technologies to enhance your browsing experience, analyse website traffic, and provide personalised content. By clicking "Accept All", you consent to our use of cookies. Learn more in our Privacy Policy

    Back to Insights

    Cyber Insurance and Cyber Liability Insurance: A UK Guide

    A single data breach or ransomware attack can stop a business trading, trigger regulatory scrutiny and lead to claims from everyone whose data was exposed. This guide explains what cyber insurance covers, how business interruption and ransomware fit in, the security insurers expect, and how limits are set.

    By Taurus Risk
    Cyber security analyst monitoring systems, illustrating cyber insurance for UK businesses

    Key Takeaways

    • Cyber insurance covers the financial costs and liabilities following incidents like breaches, ransomware and system failure.
    • Policies typically split into first-party (your own losses) and third-party (cyber liability) cover.
    • Business interruption and ransomware response are often the most valuable parts of the cover.
    • Insurers now treat multi-factor authentication, tested backups and similar controls as a condition of cover.

    In This Guide

    Cyber risk is now one of the most significant exposures facing UK businesses, and it sits largely outside the protection of traditional property and liability policies. Cyber insurance exists to fill that gap, covering both the cost of responding to an incident and the liability that can follow. This guide explains what cyber insurance is, the first and third-party cover it provides, how business interruption and ransomware are handled, the network security insurers now require, and how cover fits alongside professional indemnity insurance.

    Cyber insurance: definition. Cyber insurance covers the financial costs and liabilities a business faces after a cyber incident such as a data breach, ransomware attack or system failure, including incident response, data recovery, business interruption and claims from affected third parties.

    What Is Cyber Insurance?

    Cyber insurance is a policy that protects a business against the financial impact of cyber incidents, such as data breaches, ransomware, hacking, and the failure or compromise of IT systems. It typically does two jobs: it covers your own costs of responding to and recovering from an incident, and it covers your liability to other people affected by it. Because cyber threats evolve quickly, wordings vary considerably between insurers, which makes the detail of a policy particularly important.

    Cyber Insurance, Cyber Liability and Cyber Security Insurance

    These three terms cause a lot of confusion and are often used to mean the same thing. In practice:

    • Cyber insurance is the broad term for cover against cyber incidents, including both your own costs and your liability to others.
    • Cyber liability insurance emphasises the third-party side, the claims and regulatory costs that follow when other people's data is exposed. Many insurers use it interchangeably with cyber insurance.
    • Cyber security insurance is a common informal term for the same cover, framed around protection against security breaches.

    The label matters less than the wording underneath it. What counts is whether the policy covers the specific first-party and third-party exposures your business faces, which is where a broker helps.

    First-Party and Third-Party Cover

    Almost every cyber policy is built around two halves. Understanding the split is the clearest way to read what a policy actually does.

    First-party (your own losses) Third-party (your liability to others)
    Incident response and IT forensics Claims from customers or partners whose data was exposed
    Data restoration and system repair Legal defence costs
    Ransomware and cyber extortion costs Regulatory investigation costs and certain fines, where insurable
    Business interruption and extra working costs Compensation and settlements
    Breach notification, PR and credit monitoring Liability for transmitting malware to others

    First-party cover deals with the cost of putting your own business back together after an incident. Third-party cover, often described as cyber liability, responds to the claims and regulatory action that can follow when other people are affected. Most businesses need both, because a single event, such as a breach of customer data, usually triggers each at once.

    Cyber Business Interruption and Contingent Business Interruption

    For many businesses, the largest cyber loss is not the breach itself but the downtime that follows. Cyber business interruption cover is designed for exactly this.

    Cyber business interruption covers the income you lose, and the additional costs you incur to keep operating, when a cyber incident disrupts your own systems. If an attack takes your platform or network offline, this cover responds to the resulting financial impact while you recover.

    Contingent (or dependent) business interruption extends that protection to outages at a third party you rely on, rather than an attack on your own systems. If your cloud host, IT provider or another key supplier suffers a cyber event and you cannot trade as a result, contingent business interruption can respond. Given how dependent most businesses now are on a handful of platforms, this extension is increasingly important, and it is worth checking whether a policy includes both system failure and security failure as triggers.

    Time deductibles (the waiting period). Cyber business interruption usually applies only after the disruption has lasted beyond a set waiting period, known as a time deductible, expressed as a number of hours rather than a sum of money. Losses during that initial window are not covered, so a shorter time deductible gives broader protection. It is one of the most important details to check in a cyber policy.

    Ransomware and Cyber Extortion

    Ransomware is one of the most common and damaging cyber events, and most policies include cyber extortion cover for it. This generally provides access to specialist negotiators, covers the response and investigation costs, funds system restoration, and picks up the business interruption that typically follows an attack. Cover for ransom payments themselves is usually included but is increasingly conditional, and is subject to sanctions rules and to you having met the insurer's security requirements. In practice, the value often lies less in any payment and more in the expert response and the cost of getting the business running again.

    Typical Policy Extensions

    Beyond the core first and third-party cover, cyber policies offer a range of extensions. The mix you need depends on how your business operates, and they are a key area to compare between insurers:

    Extension What it responds to
    Cyber extortion / ransomware Negotiation, response and restoration following a ransomware attack.
    Contingent business interruption Downtime caused by an outage at a supplier you depend on.
    Social engineering, wire & funds transfer fraud Losses from being deceived into making a payment or transferring funds, including wire fraud and invoice or CEO impersonation fraud.
    System damage & data restoration Repairing systems and recovering or rebuilding data.
    Regulatory defence & fines Investigation costs and fines under data protection law, where insurable.
    PCI fines & assessments Penalties relating to payment card data.
    Reputational harm PR support and, in some wordings, loss of income from reputational damage.
    Media liability Claims such as defamation or IP infringement from your digital content.

    What Cyber Insurance Does Not Cover

    Exclusions vary, but cyber insurance generally will not respond to:

    • Pre-existing or known incidents that began before the policy started.
    • Failure to maintain required security controls, such as unpatched systems or missing multi-factor authentication where the insurer required it.
    • Loss of the business's own value, as opposed to defined response and liability costs.
    • Bodily injury and property damage, which fall under other policies.
    • Professional negligence in your work, which is the domain of professional indemnity insurance.
    • Upgrade or betterment, where you improve systems beyond their pre-incident state.

    Network Security Requirements

    Cyber underwriting has tightened considerably, and insurers now treat certain security controls as a condition of cover rather than a nice-to-have. Falling short can mean higher excesses, restricted cover or a declined risk. The controls insurers most commonly expect include:

    • Multi-factor authentication on remote access, email and privileged accounts
    • Regular, tested backups, ideally held offline or immutable
    • Endpoint detection and response across devices
    • Prompt patching of known vulnerabilities
    • Email filtering and phishing protection
    • Staff security awareness training
    • An incident response plan and managed privileged access

    Because these controls affect both whether you can get cover and the terms you are offered, it is worth getting them in place, and being able to evidence them, before approaching the market. A broker can tell you what insurers will expect for a business like yours.

    Who Needs Cyber Insurance?

    Almost any business that holds personal or client data, takes payments, or depends on IT systems to operate carries cyber risk. The exposure is particularly high for businesses that:

    • Hold large volumes of customer or personal data
    • Take card or online payments
    • Rely on systems or software to trade day to day
    • Have access to clients' systems or data, such as technology firms and IT consultants
    • Operate in regulated sectors with data obligations

    Increasingly, clients and contracts also require suppliers to hold cyber cover, so it can be a condition of winning work as well as a protection.

    Cyber Cover Within a Technology PI Programme

    For technology businesses, cyber and professional indemnity are closely linked, and the two are sometimes, but not always, combined. Some technology firms hold a single programme that blends professional indemnity and cyber, which can be efficient and avoids gaps between the two covers. Others, particularly larger or more complex businesses, keep standalone cyber cover so that the limits, wording and insurer can be optimised independently of the professional indemnity. There is no single right answer; it depends on the size and risk profile of the business and how its contracts are structured. We explain how the two covers interact for technology firms in our guide to professional indemnity for IT consultants and technology companies.

    Cyber Insurance vs Professional Indemnity

    The two covers are easy to confuse, and many businesses need both. The simple distinction is what each responds to:

    Cyber insurance Professional indemnity
    Responds to Incidents affecting data and systems Your work causing a client a financial loss
    Typical claim A breach or ransomware attack Negligent advice or a failed project
    Covers your own costs? Yes, including response and interruption Mainly defence and third-party compensation

    A single event can trigger both, so they are often structured to dovetail. Our complete guide to professional indemnity insurance covers that side in full, and our guide for software developers looks at the overlap in a development context.

    Typical Limits and How They Are Assessed

    There is no single correct cyber limit, and choosing one is less about a standard figure than about understanding your exposure. Rather than picking a round number, a sound limit is arrived at by assessing several things together:

    • Benchmarking against similar businesses by sector, size and turnover, using market data on what comparable firms buy and what incidents have cost them.
    • The volume and sensitivity of data you hold, which drives your potential regulatory and notification exposure under UK data protection law.
    • Dependence on systems, and how large a business interruption loss a prolonged outage could create.
    • Contractual requirements, where clients or frameworks specify a minimum level of cyber cover.
    • Worst-case scenarios, modelling a serious breach or ransomware event to test whether the limit would hold.

    A broker can bring benchmarking data and loss scenarios to this conversation, so the limit reflects your actual risk rather than a guess, and meets any limits written into your contracts.

    What Affects the Cost of Cyber Insurance?

    Cyber premiums are rated on how likely an incident is and how much it could cost. The main factors are:

    Factor Why it affects the premium
    Turnover & sector Larger and higher-risk businesses present more exposure.
    Data held The volume and sensitivity of personal or client data you hold.
    Security controls Strong controls can improve terms; gaps can restrict cover.
    Cover limit & extensions Higher limits and broader extensions increase premium.
    Time deductible & excess A shorter business interruption waiting period broadens cover and can affect price.
    Claims history Previous incidents are a strong rating factor.

    Because strong controls can materially improve both the price and the availability of cover, it is worth getting your security basics in order before you go to market.

    Choosing the Right Cyber Cover

    The right cyber policy is the one whose wording matches your actual exposures, not simply the cheapest cover at the limit a contract demands. It is worth checking how the policy responds to ransomware, whether business interruption includes contingent cover and what the time deductible is, what the breach response service provides, and how cyber sits alongside your other covers. At Taurus Risk we are an FCA-regulated, independent broker; we assess your exposures, explain the wording in plain terms, and place your risk with financially secure, highly rated UK insurers and Lloyd's markets.

    Related Cyber Insurance Guides

    Continue exploring cyber cover with our deep-dive guides on each topic:

    Frequently Asked Questions

    What is cyber insurance?

    Cyber insurance covers the financial costs and liabilities a business faces after a cyber incident, such as a data breach, ransomware attack or system failure. It typically pays for incident response, data recovery, business interruption and claims from third parties affected by the event.

    What does cyber insurance cover?

    Cyber insurance generally covers two areas: first-party costs (incident response, IT forensics, data restoration, ransomware and business interruption) and third-party liability (claims and regulatory costs arising from a breach of personal or client data). The exact cover depends on the policy and its extensions.

    What is cyber liability insurance?

    Cyber liability insurance is the part of cyber cover that responds to third-party claims, for example from customers or partners whose data was exposed in a breach, along with associated legal and regulatory costs. In practice the term is often used interchangeably with cyber insurance.

    What is cyber business interruption insurance?

    Cyber business interruption covers the income you lose and the extra costs you incur when a cyber incident disrupts your systems. Contingent (or dependent) business interruption extends this to outages at a third party you rely on, such as a cloud or IT provider. Cover usually starts after a short waiting period known as a time deductible.

    Does cyber insurance cover ransomware?

    Most cyber policies cover ransomware and cyber extortion, including specialist negotiation, the response costs, system restoration and any business interruption that follows. Cover is usually conditional on meeting the insurer's security requirements, such as multi-factor authentication and tested backups.

    What security controls do insurers require for cyber insurance?

    Insurers commonly expect multi-factor authentication on remote and email access, regular tested backups, endpoint detection, prompt patching, email filtering and staff awareness training. Gaps in these controls can restrict cover or affect terms, so it is worth addressing them before going to market.

    How are cyber insurance limits decided?

    Limits are usually set by benchmarking against similar businesses by sector and size, the volume and sensitivity of data held, dependence on systems, regulatory exposure and any contractual requirements. A broker can use benchmarking data and loss scenarios to recommend an appropriate limit.

    Is cyber insurance included in a technology professional indemnity policy?

    Sometimes, but not always. For some technology firms cyber is combined with professional indemnity in a single programme, while others hold standalone cyber cover so the limits and wording can be optimised. The right structure depends on the size and risk profile of the business.

    How much does cyber insurance cost?

    Cost depends on your turnover, sector, the volume and sensitivity of data you hold, your security controls and the cover limit. Businesses with strong controls often secure better terms. A broker can benchmark the market for your profile.

    Do I need cyber insurance?

    If your business holds personal or client data, takes payments, or relies on IT systems to operate, you carry cyber risk and cyber insurance is generally worth considering. Many clients and contracts now also require it. A broker can help you weigh the exposure against the cost.

    Need cyber cover that fits your business?

    We assess your cyber exposure and place cover with rated UK and Lloyd's insurers, structured around your security controls, contracts and operations.

    Wording review

    Ransomware, BI, time deductibles and extensions explained

    Limit benchmarking

    Sector and size-based benchmarking to match your exposure

    PI & cyber together

    Structured so claims do not fall into a gap

    Related Insights

    Technology Industry Insights

    Stay informed with our latest insights, guides, and expert analysis specifically relevant to the technology sector.

    Cyber Security Insurance: A UK Guide
    Guide

    Cyber Security Insurance: A UK Guide

    Cyber security insurance explained: what it protects against, whether it is the same as cyber insurance, the controls insurers expect, and who needs it.

    How Much Does Cyber Insurance Cost?
    Guide

    How Much Does Cyber Insurance Cost?

    What affects the cost of cyber insurance in the UK: the factors insurers rate, how security controls influence price, and how to get competitive cyber cover.

    Cyber Liability Insurance: A UK Guide
    Guide

    Cyber Liability Insurance: A UK Guide

    Cyber liability insurance explained: the third-party side of cyber cover for data breach claims, regulatory costs and GDPR exposure, and who needs it.

    Business Cyber Insurance: A UK Guide
    Guide

    Business Cyber Insurance: A UK Guide

    Business cyber insurance explained for UK companies: what it covers, why your business needs it, the security insurers expect, and how to choose cover.

    Cyber Insurance and Cyber Liability Insurance: A UK Guide
    Guide

    Cyber Insurance and Cyber Liability Insurance: A UK Guide

    Cyber insurance explained for UK businesses: what it covers, business interruption, ransomware, extensions, network security requirements, limits and cost.

    IT Contractor Insurance: Professional Indemnity and Liability Cover
    Guide

    IT Contractor Insurance: Professional Indemnity and Liability Cover

    A UK guide to IT contractor insurance: professional indemnity, public and employers' liability, why clients require it, and how cover is arranged.

    CallGet a Quick Quote