Do you need help & advice with Cybersecurity?
The world of cyber insurance is changing fast, and if you run a business, you can’t just tick a box and expect to be covered anymore. Underwriters are getting pickier, and if you don’t have your tech ducks in a row, making a claim could be a real headache.
Key Takeaways
- Cyber insurance is no longer a formality – providers want proof you’re protecting your business
- Be honest with your broker and review your policy regularly
- Budget realistically for IT security – skimping puts you at risk
- Add policy and emergency numbers to your incident plan, not just an email
- Meeting Cyber Essentials is often the minimum, not the goal
Why Cyber Insurance Standards Are Rising
A few years ago, you could get away with minimal cybersecurity if you were a small company. Bigger firms had to do more, but overall, insurance policies were pretty forgiving. That isn’t true anymore. Insurers are paying closer attention: they want to know what you’re doing to stay secure and how resilient you really are.
For anyone who owns a managed services provider, insurers see you as a big risk. They’re asking more questions, and often, the people signing these policies don’t fully understand the technical stuff. That’s where things go wrong – there are even policies out there that no company could possibly meet in reality. So, if there’s ever a claim, who knows how that will play out?
Even in the UK, where claims are still mostly being paid out, it’s not a guarantee. It just means you need to be really clear with your broker and make sure there are no gaps in what you think you’re covered for.
What Insurers Want to See
When it comes to applying (or renewing) in 2025, underwriters are looking for a few basics:
- Cyber Essentials compliance: At a minimum, you should meet these standards.
- Device encryption: Is your data protected if a laptop goes missing?
- Business continuity plan: What happens if you do get hacked?
- Detailed answers: If you’re not sure about any policy questions, get your IT team involved. It’s better to say, "I don’t know" than to make a guess.
Depending on the size of your business, you’ll face more detailed questions and sometimes a deeper checkup.
Typical Tech Basics Insurers Check (UK):
| Item | Check |
|---|---|
| Device Encryption | Yes/No |
| Multi-factor Authentication | Yes/No |
| Business Continuity Plan | Yes/No |
| Cyber Essentials | Pass/Fail |
| Regular Backups | Yes/No |
Why You Need More Than the Minimum
Here’s the thing: insurance often just wants you to meet a baseline, but that might not actually protect your business. For practical budgeting, aim for about £40 per staff member, per month if they use a computer. That’s usually enough to do the basics well. Small businesses often try to spend less, while big enterprises spend way more.
If you’re struggling to meet standards because of legacy systems or odd requirements, there are ways around this. For example, you can add extra controls or set up separate tech so those old systems aren’t a risk anymore. Often, that’s enough to satisfy the insurer.
Simple Steps to Avoid Cyber Insurance Nightmares
- Work With a Real Broker: Not someone who just sells you a policy off the shelf.
- Keep Your Info Handy: Add your policy number and emergency phone numbers to your cyber incident plan – don’t just leave it in your email inbox.
- Get IT Advice: Don’t guess on policy forms. If you or your IT team don’t know the answers, ask someone who does.
- Budget Realistically: Cutting corners on security just to get the policy cheaper will cost you more in the long run.
- Plan For Updates: Technology ages out. Make upgrading a regular part of your business.
When to Get Extra Help
If you can’t answer something on the forms, or your IT isn’t sure, don’t wing it. Reach out to someone who can translate what the underwriters mean. It can save you a ton of pain if you ever need to make a claim.
And finally, if you need help with getting your insurance sorted, technical controls, or just some advice about securing your business, find someone who actually lives in this stuff every day. It’ll make a difference.
Cyber risks aren’t going away, and neither are the questions from insurers. Being prepared means less stress now—and a whole lot less stress if you ever have to make that dreaded phone call after something goes wrong.
