Cyber Insurance from £8.90/month

Cyber insurance for UK SMEs, retailers and professional firms

The UK government's most recent Cyber Security Breaches Survey reported that 43% of UK businesses identified a cyber attack or breach in the last 12 months. Ransomware demands now routinely hit five and six figures for small firms, and the operational cost — downtime, forensic investigation, regulatory notification, customer communications, credit monitoring — usually dwarfs the ransom itself. A modern cyber policy is no longer a "nice to have"; for any business taking card payments, storing customer data, or relying on cloud systems, it is core balance-sheet protection.

What a strong cyber policy responds to

• Ransomware & extortion — including ransom payment (where lawful), negotiation specialists and decryption
• Business interruption from system downtime, including dependent business interruption from cloud or supplier outage
• Data breach response — forensics, legal counsel, ICO notification, customer notification, credit monitoring
• Third-party liability from customer or supplier claims arising from a breach
• Social engineering / funds transfer fraud — invoice scams and CEO-fraud losses
• Hardware bricking and reputational harm cover
• PCI fines if card-payment data is exposed
• Telephone hacking (PBX fraud) — still a £30k+ exposure for many SMEs

Typical cyber insurance pricing in 2026

Indicative premiums for a clean-risk UK SME with MFA on email, endpoint protection and a basic backup regime:

• Micro-business (turnover under £500k): £28.00–£55.00/mo for £250k limit
• SME (£500k–£5m turnover): £65.00–£195.00/mo for £500k–£1m limit
• Mid-market (£5m–£25m turnover): £220.00–£780.00/mo for £1m–£3m limit
• Card-acceptor uplift: PCI exposure typically adds 30–60% depending on transaction volume

The proposal-form questions that decide whether you can buy at all

Since the 2020-2022 ransomware surge, insurers have tightened their pre-bind requirements aggressively. Expect to be asked about: MFA on email, remote access and admin accounts; endpoint detection & response (EDR) not just antivirus; offline or immutable backups tested in the last 90 days; email filtering (Mimecast, Proofpoint, Microsoft Defender for Office 365); privileged access management; and phishing-simulation testing for staff. Get any of these wrong on the proposal and either the quote disappears or the claim later gets denied for material non-disclosure. We help you complete the proposal accurately the first time.

Why Premier brokered cover beats direct-online cyber

Direct cyber policies frequently exclude social-engineering loss, cap business interruption at a token figure, or require MFA across all systems on day one (and then void claims if any single mailbox is missed). We benchmark wordings from Beazley, CFC, Coalition, Tokio Marine, Hiscox, Travelers and Chubb, and warn you about the warranties most likely to trip you up — particularly the dependent-BI sub-limits on AWS / Microsoft 365 / Salesforce outages, and the strict notification timelines (some insurers require notification within 24 hours of awareness, not 72). Speak to a broker on 020 8908 2426.

Common questions about cyber insurance

Is cyber insurance worth it for a small business?

For any UK SME that takes card payments, holds customer data or relies on cloud systems, yes. The average ransomware demand on a UK small business now runs into five figures and the operational cost — downtime, forensics, ICO notification, customer communications — usually exceeds the ransom itself. Premiums for a clean-risk micro-business typically start around £28.00–£55.00/mo for a £250k limit.

Does cyber insurance cover ransomware payments?

Most UK cyber policies include ransom payment cover where lawful, alongside negotiation specialists, decryption support and the cost of restoring systems from backup. Insurers will not pay ransoms to sanctioned entities — the OFAC / UK sanctions check is part of the response.

What is "social engineering" cover and is it included?

Social engineering covers invoice-redirect scams, CEO fraud and similar deception losses where staff are tricked into transferring funds. It is frequently excluded or sub-limited on cheaper policies — we make sure it sits inside the main limit on every quote we present.

Will my claim be paid if my MFA wasn't fully deployed?

This is the most common cyber claim dispute. Insurers expect MFA on email, remote access and admin accounts as warranted on the proposal — a single uncovered mailbox can void a claim for material non-disclosure. We help you complete the proposal accurately to avoid this.