Secure 0118 359 2220 Get Started

Press ESC to close or Enter to search

Popular Pages
Managed IT Cyber Security Case Studies Pricing Contact
Home
About Us
Services
Managed IT Services Cyber Security & Compliance Microsoft 365 Cloud & Hosting Backup & Disaster Recovery Connectivity & Telephony Incident Response & 24/7 IT Support Reading
Pricing
Tools
Domain Health Check About You Password Generator
Resources
Case Studies Threat Intelligence Blog & Insights Guides FAQs Customer Portal Remote Support
Contact
Get Started
Live Security Feed
Your IPDetecting...
NCSCUK organisations urged to strengthen cyber defences ALERTPhishing attacks targeting Microsoft 365 users on the rise CISACritical vulnerabilities identified in popular software NEWSRansomware groups increasingly targeting SME businesses NCSCNew guidance released for securing remote workers ALERTBusiness email compromise attacks cost UK firms millions CISAZero-day exploits require immediate patching attention NEWSAI-powered threats becoming more sophisticated in 2025 NCSCUK organisations urged to strengthen cyber defences ALERTPhishing attacks targeting Microsoft 365 users on the rise CISACritical vulnerabilities identified in popular software NEWSRansomware groups increasingly targeting SME businesses NCSCNew guidance released for securing remote workers ALERTBusiness email compromise attacks cost UK firms millions CISAZero-day exploits require immediate patching attention NEWSAI-powered threats becoming more sophisticated in 2025
View Dashboard
Microsoft

Why Is Cyber Insurance So Expensive and Hard to Get?

Quick Answer

Ransomware losses, increasing claims, and immature risk modelling have made cyber insurance expensive and selective. Insurers now require specific security controls—MFA, EDR, backups, email security—before they'll quote. Poor security means no coverage or sky-high premiums.

Quick answer: Ransomware losses, increasing claims, and immature risk modelling have made cyber insurance expensive and selective. Insurers now require specific security controls—MFA, EDR, backups, email security—before they'll quote. Poor security means no coverage or sky-high premiums.

What Happened

2019-2021: Ransomware claims exploded. Insurers paid out billions. Loss ratios exceeded 70%+ (meaning they paid more in claims than they collected in premiums).

2022-2024: Insurers responded:

  • Premiums increased 50-100%+
  • Coverage limits reduced
  • Exclusions expanded
  • Underwriting requirements tightened dramatically
2025-2026: Market stabilising but requirements remain strict. Insurers learned their lesson—no security, no coverage.

What Insurers Now Require

Most cyber insurers now mandate specific controls. Lack any of these and you won't get a quote:

Must-haves (deal-breakers)

MFA everywhere

  • All remote access
  • All email (Microsoft 365, Google)
  • All admin accounts
  • VPN and RDP
Endpoint Detection & Response (EDR) Not just antivirus. Proper EDR with behavioural detection.

Backup with offline/immutable copies Backups that ransomware can't reach. Tested recovery.

Email security Spam filtering, anti-phishing, ideally advanced threat protection.

Patch management Critical patches within 30 days. Evidence you actually do it.

Increasingly required

  • Security awareness training
  • Privileged access management
  • Vulnerability scanning
  • Incident response plan
  • Network segmentation
  • 24/7 monitoring capability

Application questions are detailed

Modern cyber insurance applications ask specifics:

  • "Is MFA enabled for all remote access methods?"
  • "What EDR solution do you use?"
  • "Are backups stored offline or immutable?"
  • "What is your patch deployment timeframe?"
Vague answers or "we're working on it" = declined or loaded premium.

Why This Actually Helps You

Insurers are now the security police. Their requirements represent genuine security basics. If you can't get cyber insurance, you probably have gaps that would hurt you anyway.

Meeting insurance requirements means:

  • Better actual security
  • Reduced breach likelihood
  • Faster recovery if breached
  • Compliance with many frameworks

How to Get Better Coverage

1. Fix the basics first

MFA, EDR, backups, email security, patching. These aren't optional anymore—for insurance or for actual security.

2. Document everything

Insurers want evidence, not promises:
  • Screenshots of MFA configuration
  • EDR deployment reports
  • Backup test records
  • Patch compliance reports
  • Training completion records

3. Work with a specialist broker

Cyber insurance brokers know which insurers want what. They can match your security posture to appropriate markets.

4. Consider managed services

MSPs/MSSPs that provide required controls make applications easier. "We use DSC's managed security service which includes..." carries more weight than DIY claims.

5. Improve continuously

Insurers reward security maturity. Year-on-year improvements mean better terms.

The ROI of Security Investment

Scenario: £15,000/year for security improvements (EDR, better backup, training)

Result:

  • Insurance premium reduced by £8,000
  • Actually get coverage (vs. declined)
  • Lower deductible
  • Reduced breach likelihood
  • Better compliance posture
Security investment often pays for itself in insurance savings alone.

What We Provide

We help clients get insurable—and stay that way:

  • Security controls that meet insurer requirements
  • Documentation and evidence for applications
  • Ongoing compliance with policy conditions
  • Support during claims if needed
Our Compliance-Ready managed service is designed to tick insurer boxes while genuinely protecting you.

---

*Disclaimer: Insurance requirements, premiums, and coverage vary significantly by insurer, industry, and your specific risk profile. This is general market commentary, not insurance advice. Work with a specialist cyber insurance broker for advice on your coverage needs. Market conditions change—verify current requirements with insurers.*

---

about getting your security to insurable standard.

---

Related Questions