Skip to main content

Why now is the time to review your cyber insurance

7 May 2025

Cybersecurity is not a new topic, but recent developments make it essential to reassess your cyber insurance coverage. The UK Government's has launched recent initiatives aimed at bolstering cyber resilience. So there has never been a better time to ensure your business is adequately protected. Most cyber insurance policies can start from as little as £430 +IPT. This can provide you with peace of mind in an increasingly digital world.

Understanding the risks

The landscape of cyber threats is constantly evolving. Here are some key risks and common cybercrimes that should prompt you to review your coverage:

  • Ransomware Attacks: These attacks often involve malicious software and can cripple your operations. Hefty ransoms could be demanded for the return of your data.
  • Data Breaches: The loss of sensitive customer information can lead to significant financial and reputational harm. There can also be ramifications for affected customers as well as legal and defence costs.
  • System Outages: Being locked out of your computer systems and/or digital assets can halt your business operations. This in turn can lead to lost revenue.
  • Phishing Scams: These deceptive tactics can trick employees into revealing confidential information. This can expose your business to further risks.

Read our article ‘Do you really understand cyber risk?’ for more insights into the way cyber risk can present itself in your business.

Cost implications of a cyber attack or cyber event

The financial impact of a cyber incident can be staggering. Consider the average system outage: how long would it take for your business to lose revenue? Recovery can take days, if not weeks, depending on the severity of the incident. While the media often focuses on ransomware and data breaches, the silent threat of being locked out of your systems can be just as damaging. For instance, the recent incident involving M&S. It reportedly cost the company on average £3.8 million a day in online sales while offline. This highlights the urgent need for robust cyber insurance.1

Many businesses still operate with inadequate cyber cover. This can leave them vulnerable to significant financial losses. These can include related costs from data destruction for example.

Current cyber risk insurance market conditions

Historically, cyber insurance has been viewed as cost-prohibitive, leading many businesses to forgo coverage. However, recent statistics reveal a shift in the market. Marsh’s latest Global Insurance Market Index indicates that cyber insurance premiums have seen an 8% reduction, with 78% of cyber clients benefiting from lower rates. This change is part of a broader trend, as global commercial insurance rates declined by 3% in the first quarter of 2025, marking the third consecutive decrease following seven years of increases.2

Cyber insurance costs shouldn't be a barrier to protecting your business; you can now access coverage from as little as £430 +IPT, making it a viable option for many businesses. Many clients are leveraging this increasingly competitive landscape to negotiate better terms, enhance their coverage, and explore alternative risk transfer solutions such as self-insurance and captives.

What cyber insurance covers

Traditional insurance products and/or third party coverages generally don't provide enough cover to protect against today's cyber risks. So how does cyber insurance work? Dedicated cyber liability insurance typically covers a range of incidents, including:

  • Data Breach Response: Costs associated with notifying the parties affected and managing public relations. This can also include privacy liability.
  • Business Interruption: Compensation for lost income during system outages.
  • Legal Fees: Coverage for legal expenses arising from cyber incidents.
  • Forensic Investigation: Costs for investigating the security breach and securing your systems.

Ensuring insurability

To secure cyber insurance, it’s crucial to have certain measures in place, start by reading our 12 key controls to help strengthen your cyber security.

Having cyber insurance is vital to protect businesses. But it does not replace the need for robust risk management.  Consider the potential impact of a cyber loss on your business and take proactive steps to mitigate risks. Key elements to have in place include:

  • Regular Risk Assessments: Identify vulnerabilities and address them promptly.
  • Incident Response Plans: Prepare your team to respond effectively to cyber incidents and recover from a security failure.
  • Employee Training: Educate your staff on recognising and preventing cyber threats, and how not to fall victim to deepfakes.

Now is the time to take action. Contact your Marsh Commercial adviser today to review your cyber insurance coverage. Protect your business from the evolving cyber landscape and ensure you have the right safeguards in place. Your business deserves the best protection—let us help you achieve it.

 

Sources

1. theguardian.com/inside-the-marks-and-spencer-cyber-attack-chaos
2. Marsh Global Insurance Market Index, Q1 2025

For people and businesses like you

Sign up to our newsletter for updates to your inbox

What are you looking for?

© Marsh Ltd t/a Marsh Commercial and Marsh Private Clients