Cyber insurance costs vary, but most UK businesses pay between £500 and £3,500 a year. Our expert guide breaks down what affects the price, what’s included, and how to get the best value.
Most SMEs pay between £500 and £3,500 per year for basic cyber insurance cover. Larger or riskier businesses often fall in the £3,500 to £10,000+ range.
Insurers assess risk based on turnover, data, sector, and the strength of your cybersecurity setup. Premiums vary widely from £300 to £6,000 depending on those factors.
Three key points to know:
Cyber insurance premiums are based on risk. Insurers look at how exposed your business is, how well you’re protected, and what kind of cover you need.
Here’s what has the biggest impact on price:
Larger businesses tend to hold more data, use more systems, and face greater exposure. Turnover, headcount, and the scale of your operations all raise the potential cost of a claim.
Some industries carry more cyber risk than others. That could be due to the type of data they handle, how they operate, or the regulations they face.
Insurers factor this into your premium. Higher-risk sectors usually pay more.
Common high-risk industries include:
If you’re in one of these sectors, expect insurers to take a closer look at your controls, data, and recovery plans. Lower-risk sectors, such as creative agencies or small consultancies with limited data exposure, often pay less. But only if basic protections are in place.
If you store personal, payment, or health information, your risk is higher. Handling sensitive data increases the chance of claims, fines, or reputational damage.
Basic controls affect your premium. Using multi-factor authentication, encryption, regular backups, and Cyber Essentials can lower your quote.
If you skip these, you may pay more or be declined.
If your business has had past breaches or cyber claims, insurers may charge more. A clean record with strong controls can improve your pricing.
Need to know: Insurers don’t just price your business, they price your behaviour. Good cyber hygiene often cuts costs. Poor habits drive it up.
Cyber insurance is not priced the same for every business. Different insurers use different models depending on your size, sector, and risk profile.
Here’s how most policies are priced in the UK market.
Flat rate pricing is standard for micro businesses or freelancers. You pay a set annual fee based on your industry and basic risk profile. These policies are often simplified, capped at lower limits, and come bundled with standard cover.
Custom underwriting applies when your business is larger, regulated, or carries higher cyber risk. The insurer reviews your specific setup, including security controls, data volumes, and incident history. The price is tailored to your exposure and the cover limits you choose.
Flat rate works best for firms with simple needs and limited data; custom pricing gives more flexibility, but also more scrutiny.
Some insurers base your premium on the number of users or endpoints.
This is common for SaaS firms or businesses with distributed teams. The more people using your systems, the more access points you need to protect. Others use turnover-based pricing. This assumes larger businesses face larger losses and handle more sensitive transactions. Turnover is a proxy for risk exposure and helps insurers set claim limits.
Your pricing model may also depend on the insurer’s preference or platform. Ask how your premium is calculated, as it helps you understand what to optimise.
Risk assessment is at the core of pricing. Insurers look at:
Some insurers use questionnaires, others ask for technical scans or reports. A clean bill of health helps keep your premium low and makes you easier to insure in the first place.
CyberSure insight: Knowing how your premium is calculated often allows you to influence it. Better security, more precise documentation, and lower exposure help bring the cost down.
Cyber insurance covers both your business losses and, in some cases, your liability to others. But not all policies include the same features, and some add-ons come at a cost.
Here’s what you’re usually paying for and what to check before you buy.
Most standard policies cover the direct fallout from a cyber attack or data breach. That includes immediate support and legal protection.
You can expect:
This core cover helps get you back online and protects you from legal and financial consequences.
Some risks fall outside the default package. You should add them based on how your business operates.
Common add-ons include:
These extras can increase your premium but may be essential, mainly if you rely on digital tools or handle sensitive data.
Some events are excluded, even in well-priced policies. These are common reasons claims get denied.
Watch for:
Always read the full policy wording. A cheap quote means little if it doesn’t pay out when it matters.
Insurers reward businesses that take cyber risk seriously. The more prepared you are, the better your quote and the more likely your claim is to be paid.
Here’s what helps lower the cost of cyber insurance:
Doing the basics well doesn’t just reduce cost, it improves your chances of getting covered in the first place.
Still unsure what cyber cover costs, or whether it’s right for your business? These quick answers cover the most common questions UK firms ask before they buy.
Entry-level cyber insurance starts from around £17 per month or £200 per year for micro businesses and sole traders. These policies usually offer basic cover with lower limits, ideal for low-risk businesses with simple needs.
Yes. Many insurers offer cyber cover for sole traders, freelancers, and consultants. Premiums are usually lower, but make sure the policy still covers data loss, legal costs, and online liability.
Yes. Cyber Essentials reduces your risk, but it doesn’t cover the cost of an attack or breach. Cyber insurance helps you recover financially, and some insurers offer better rates if you’re certified.
References: