Cyber Insurance in 2025: What Insurers Actually Want to See

Cyber insurance is changing, and for 2025, it’s getting a lot stricter. Insurers aren’t just going through the motions anymore; they genuinely want to see that your business is secure. If you don’t measure up, don’t be surprised if your claim gets rejected. It’s not just about ticking boxes; it’s about real protection.

Key Takeaways

• Insurers are getting smarter about cyber risks and won’t offer blanket coverage.
• Larger organisations face tougher questions about their cyber resilience.
• Policyholders and IT teams often don’t fully understand the technical details insurers require.
• Make sure your cyber insurance policy number and contact details are easily accessible in your incident plan.
• Meeting basic standards like Cyber Essentials is becoming a minimum requirement.
• Consider budgeting around £4 per staff member per month for cyber security measures.

Why Insurers Are Getting Tougher

Insurers are starting to understand the real risks involved with cyber threats. This means they’re moving away from just giving out policies without looking closely at what a business is actually doing to protect itself. For smaller companies, you might get away with less, but if you’re a bigger operation, expect some serious questions about your cyber defences.

If you run a business that’s considered high risk, like a managed services provider, insurers will have a lot of questions. They want to know you’re doing everything you possibly can to stay safe. The tricky part is that sometimes the people signing off on these policies don’t really get the tech side of things. This can lead to policies being offered that businesses simply can’t meet, which is a problem if you ever need to make a claim.

What Insurers Are Asking For

Right now, insurers are looking to see if you’re meeting at least the minimum standards, like those set out by Cyber Essentials. This includes things like:

• Are your devices encrypted?
• Do you have a business continuity plan in place?

Depending on how big your company is and how risky your operations are, they’ll ask more questions and dig deeper. Honestly, it’s probably a good idea to be doing more than what the insurance company is asking for. It’s about being properly protected, not just meeting a minimum requirement.

Budgeting for Cyber Security

As a starting point, a good budget to aim for is around £4 per staff member who uses a computer, per month. This should give you a decent amount to work with. Of course, some big companies spend a lot more, and some smaller ones spend less, but it’s a solid number to consider when planning your IT security spending.

Getting Help When You Need It

If you’re struggling to meet the standards required for your cyber insurance, or if you’re just not sure what the questions mean, help is available. You can get technical controls put in place that will satisfy the insurers. It’s also possible to work with brokers who understand the risks and can help show how you’ve managed them effectively.

For example, you might have older systems that don’t quite meet the latest standards. In these cases, technology can be added to make sure those systems don’t pose a risk to your business. This can often be enough to satisfy insurance companies.

Important Note: When you receive your insurance policy, make sure the policy number and the claims phone number are clearly written down in your cyber incident plan. If that information is buried in an email you can’t access during an emergency, you won’t know who to call when disaster strikes.