Cyber Insurance Cost Comparison - What You Need To Know

How much does Cyber Insurance Cost?

Business Insurance

 

Key takeaways

  • Cyber insurance typically costs between £350 and £5,000 per year for small and medium-sized businesses in the UK

  • Your no-obligation and tailored cyber insurance quote can be offered within 48 hours, offering informed decision making


We work with wide range of cyber insurers to meet your needs:

CFC Logo     Chubb Logo     Coalition Logo


Cybercrime has become one of the fastest-growing risks for businesses in today's world. From ransomware attacks, phishing scams to data breaches, businesses of all sizes are increasingly vulnerable to digital threats. The financial consequences of a cyber incident can be significant, often including regulatory fines, legal costs, loss of profit, extortion payments, compensation claims, and reputational damage.

Cyber insurance is a type of business insurance designed to protect against cyber-attacks, data breaches and cyber criminals. Cover will typically provide for third-party cyber liability and first-party costs and expenses associated with recovering from cyber incidents, such as a cyber security breach, ransomware attack, hack, phishing attack, and other cyber threats.


Typical costs of cyber insurance

Premiums will vary dependent upon a number of factors we discuss below, however the majority of small and medium-sized businesses can expect to pay between £350 and £5,000 per annum. Some micro-businesses with minimal data exposure may pay as little as £175 annually, while at the other end of the spectrum large corporates in high-risk industries can see premiums excess of £100,000.

For example, a marketing company firm with modest revenues and limited sensitive data might pay around £800 per year, while a financial services company handling volumes of personal data may face annual costs closer to £4,000. While these figures provide a benchmark, it is important to remember that no two businesses are the same.


Example cyber insurance premiums

Retailer

A small online retailer with £250k turnover and less than 25k personal data records, purchases £1 million @ £323 annual premium

Software Company

A medium sized software company with a £2 million turnover and less than 500k personal data records, purchases £2 million @ £2,450 annual premium

Solicitor

A medium sized solicitor with a £3 million turnover and less than 1 million personal data records, purchases £3 million  @ £8,750 annual premium


Factors which impact your cyber insurance premiums

Insurers will calculate your cyber insurance premium based on a number of rating factors when assessing your risk. Below we look at the key rating factors that will impact insurer's decision making.


Cyber security

There is a growing emphasis from insurers requiring minimum cyber security controls as conditions within the policies. Cyber security remains the first line of defence and if insurers are going to accept your risk, they want to make sure you adhere to best practices that mitigate your exposure to claims. Premium discounts will be available for companies which are able to demonstrate their risk averse nature.

Common controls required by insurers include:

•   backups of critical data:
•   VPN for remote access:
•   multi-factor authentication for cloud based services: and
•   cyber security training.


Business activities

The industry which you work will impact your susceptibility to breaches and therefore increase your premiums.

For example, the following industries carry an increased exposure to claims: accountants, casinos, data aggregators, education sector, financial services, hospitals, hotels, medical industry, payroll services, professional services, solicitors, telecommunications, trading platforms, online gaming, and payment card processors.


Turnover and employees

Turnover and number of employees is a direct cyber risk rating factor for insurers to calculate your premium cost. The larger your business the higher premiums your business will be required to pay.

There will also be certain thresholds, where insurers will provide discounted rates to grow their portfolio. For example, companies with a turnover less than £1 million is the most competitive. Whereas, there is significantly less insurer competition when your turnover exceeds £100 million.


Personal data

The number of individual data subjects, otherwise known as personally identifiable individuals (PII) is another direct cyber risk rating factor for insurers. Less than 25,000 is commonly acceptable, once you breach the 100,000 or 250,000 threshold this will impact insurers decision making.

Additionally, the type of data you hold or process will impact your premium. Sensitive data such as: banking, card details, and medical information is perceived as the highest risk. The larger and more sensitive the data you process or hold the greater risk to insurers and will attract higher premium charges.


Territorial scope

Insurers will want to understand your turnover split by territory. Certain countries such as the US are more litigious in nature and allow for class actions (otherwise known as collective actions) on an opt-in basis which means their ability to bring a demand for compensation that much easier in a court of law.

The higher exposure to a legal system which makes more frequent and higher awards means insurers will need to charge higher premiums when calculating the cost of your policy.


Claims history

If you have been the subject to a cyber threat that would have been insured, even if you didn’t have a policy in force you need to disclose that information.

Unfortunately, you will incur higher premium costs if you have been the subject of cyber insurance claims in the past five years. Insurers will want to understand exactly what occurred, how much the cyber incident cost, and what remedial actions were taken to stop a similar cyber incident occurring again.


How to reduce your cyber insurance costs?

There are proactive steps businesses can take to reduce the cost of cover, which typically includes improving your cybersecurtiy controls. The minimum standards are commonly prerequisities to cover and insurers will expect you to maintain regular backups and use MFA for all users access to web based email.

Discounts are available from some insurers if you:

  • regularly scan services exposed to the internet for vulnerabilities;
  • regularly send simulated phishing email tests to all user, and you enforce additional anti-phishing training for those who fail:
  • use an EPP (Endpoint Protection Platform) and/or EDR (Endpoint Detection and Response).

Working with a specialist insurance broker can help navigate the wide range of options available and assist with identifying an insurer that takes a favourable view of your business. At Get Indemnity we have access to a wide range of insurers that offers comprehensive cover at affordable premiums.


What covers are available at an additional cost?

  • Social engineering fraud - means the act of influencing a person to divulge sensitive information or to perform a task, which typically results in a voluntary payment to the fraudster.
  • Crime insurance - provides financial protection from a fraudulent taking, or appropriation of money, securities, or property (third-party, employee, or to the deprivation of a client).
  • Tech Errors and omissions - otherwise known as professional indemnity cover, provides cover for mistakes, neglect, or unintentional breach of duty when providing a technology or professional service.

 



 

About the author

Simon Taylor is a respected senior industry professional and a Chartered Insurance Broker with over 20 years’ of experience in the commercial insurance sector as an underwriter, broker and director.