How cyber insurance can support your business

Cyber insurance cover offers vital protection against a critical business risk. Below, we explain what it is, and how it can be used to support your business.

Why cyber security is important

Cyber risks continues to rank high among the potentially systemic risks that businesses could face. Half of businesses (opens a new window) in the UK reported some form of cyber security breach in 2024. Meanwhile, the average cost of a breach was £17.970 for medium-to-large businesses.

Cyber criminals target businesses of all sizes, in all industries, and in all parts of the world. Just as organisations embrace new technologies, cyber criminals using artificial intelligence (AI) and other tools to commit increasingly sophisticated cyber-crimes. Complex supply chains and rising geopolitical tensions are increasing the likelihood of attacks. Ransomware as a service (Raas) is also reducing barriers to entry for threat actors looking to commit ransomware attacks.

In the face of this growing cyber risk, organisations must have sufficient cyber protections in place to avoid significant disruption, financial loss and potential reputational harm.

What is cyber insurance?

Cyber liability insurance offers protection against the costs of a cyber-attack, enabling businesses to reduce their risk exposure.

A comprehensive cyber policy typically includes two components:

  • First-party coverage to cover the costs of investigating a cyber incident and helping your business become operational again. Typical losses include incident response, damage to systems and business interruption, and loss of funds.

  • Third-party coverage to cover any liabilities, including damages owed to third parties, costs and expenses (including legal fees), and any regulatory penalties.

Cyber insurance benefits

However, cyber insurance doesn’t just offer cover for your costs. A market-leading cyber insurance policy will also include access to:

  • Breach response to assist in the immediate aftermath of a cyber event. This can help to minimise the damage caused by a cyber-attack and get back up and running as quickly as possible.

  • PR support to manage reputational harm, minimise long-term damage, and preserve client relationships.

  • Board-level guidance for investing in effective cybersecurity controls.

Smaller businesses in particular are likely to benefit, as they may otherwise lack this detailed level of support.

Cost of cyber insurance

Given the potential cost of a cyber-attack, cyber insurance represents an increasingly cost-effective option for many businesses. Each policy will respond differently, with pricing dependent on a firms’ individual risk profile.

Factors influencing the cost of cyber insurance:

  • Size of the business

  • The types of data held, and in what volume

  • Cyber security measures in place

  • Employee numbers

  • Specific terms of the insurance policy

However, despite its benefits, many businesses are still without adequate cyber coverage. The cyber protection gap stood at around $900bn in 2021 (opens a new window), with insurance companies covering just $6bn in losses.

Mitigating a cyber attack

Cyber insurance provides businesses with a final line of defence against a cyber-attack or data breach. However, cyber risk management should be the first port-of-call when looking to prevent and mitigate cyber-attacks.

Preparing for a cyber-attack doesn’t need to be complex. In fact, simple cybersecurity measures can often be effective when it comes to protecting against an attack.

Organisations can manage a cyber-attack by:

  • Identifying unsecure network ports and installing firewalls

  • Updating computer programmes regularly

  • Controlling access to data and computer systems (e.g. through multi-factor authentication)

  • Conducting regular stress-tests of cyber security systems

  • Educating teams and staff on cyber threats

Taking out cyber insurance

The ever-changing threat landscape continues to make it difficult for clients to know where to start. At Lockton, we partner with our clients to develop a proactive approach to cybersecurity, risk mitigation and management.


Contact us (opens a new window) for more information, or visit our Cyber and Technology (opens a new window) page.

Our latest Cyber and Technology insights