Almost half (43%) of UK businesses faced a cyber attack in the last 12 months. And while the internet can make running a business easier, it also opens the door to digital threats.
If you store customer data, take online payments, or use cloud software, you could be at risk. But you don’t need to be an IT expert to help protect your livelihood.
With hackers and criminals using more and more sophisticated techniques, most modern businesses that operate online should think about cyber insurance (if they don’t have it already).
The growing threat of cyber crime in 2026
The UK government recently published its Cyber Security Breaches Survey 2025, which revealed that 43% of businesses identified a cyber security breach or attack in the last year.
Phishing remains the biggest problem by far. In fact, 85% of businesses that faced an attack experienced phishing. This is when staff receive fraudulent emails or are sent to fake websites.
But other threats are growing too. The number of businesses targeted by ransomware doubled from less than 0.5% in 2024 to 1% in 2025. This means attackers demand money to unlock your files.
43%
of businesses experienced a cyber attack in the last year
£1.6k
is the average cost of a disruptive cyber attack
Read more: A beginner’s guide to cyber security (and why it’s important)
Why small businesses should consider cyber insurance
The same report revealed that 45% of businesses are insured against cyber attacks in some way. Small businesses are leading the way here, with 62% of small businesses having some form of cyber insurance.
Cyber insurance helps protect your business from the financial impact of computer-based threats. This includes data breaches, hacking, and viruses.
If a hacker steals your customers’ personal details, this insurance can cover the costs of dealing with the fallout. It can help pay for legal fees, IT experts, and compensation claims.
Many policies also help if your business is forced to stop trading because of a cyber attack. It gives you peace of mind so you can focus on running your business.
Does my business need cyber insurance?
Any business that relies on computer systems and the internet is open to cyber attacks and should consider cyber insurance.
Think about cyber insurance if your business:
- relies on computer systems and online software
- has sensitive data about customers or employees, like names, addresses and financial information
- has a website
- has a payment card industry (PCI) merchant services agreement in place
How much can a cyber attack cost?
A cyber attack can seriously hit your profits. According to the Department for Science, Innovation and Technology, the average cost of the most disruptive breach for businesses is £1,600.
But that figure includes attacks that didn’t end up costing anything. If we only look at attacks that had a material outcome, the average cost jumps to £8,260.
3 types of cyber attacks to look out for
Malware
Malware is harmful software designed to damage data, devices, or individuals. Common types include viruses, trojans, worms, spyware, and ransomware.
Social engineering
This type of cyber attack involves manipulation and interaction to gain access to sensitive data or accounts. Key methods include:
- phishing – fake emails from trusted institutions to steal personal or financial information
- baiting – exploiting curiosity by leaving infected USB drives in public areas
- scareware – fake ads scare victims into installing malware
- waterholing – infecting websites frequently visited by a specific group to spread malware
Looking for examples? Here’s how to spot some common small business scams:
Denial of service (DoS) attack
A DoS attack overwhelms a network with excessive traffic, causing it to crash and become inaccessible to its intended users.
Quick checks you can do today
Some security checks you can do might only take a few minutes and can help prevent cyber criminals getting access to your systems.
The government’s Cyber Essentials checklist is designed for smaller firms to protect from the biggest online risks – and you don’t need specialist IT knowledge.
Quick checks you can do include:
- securing your email accounts and with strong passwords and setting up two-factor authentication
- updating your devices to the latest version (as this often includes security updates)
- removing users from accounts if they don’t work for you anymore
What to do if your business has a data breach or cyber attack
Businesses have a responsibility to report personal data breaches to the Information Commissioner’s Office (ICO) within 72 hours of becoming aware of the breach. If you need to notify the ICO about a breach and don’t do so within the appropriate time frame, you could be fined up to 2% of your turnover in the preceding financial year (or more for global businesses with a turnover of more than £8.7 million).
If your business faces a cyber attack, you should:
- disconnect affected devices and stop any access
- gather evidence and document what happened
- report a cyber incident or fraud to Action Fraud, or call 101 in Scotland
- assess the scale of the incident
- inform anyone who needs to know in your business and externally
Questions to ask when buying cyber insurance
When looking for cyber insurance, make sure you check all the same kind of details you’d usually think about when buying an insurance policy.
Josh Hopkins, Senior Insurance Product Manager at Simply Business, says you should also ask these specific questions around cyber insurance:
- will your provider be able to offer immediate support in the event of a cyber attack?
- will you be covered for both targeted attacks on your business as well as wider attacks you’re caught in?
- will your policy update automatically as new threats appear?
- will you be covered for mistakes made by employees?
- could you introduce more security to lower premiums?
- will claims affect future premiums?
- is the cover standalone or part of an overall policy (standalone cover can be more comprehensive)?
Frequently asked questions about cyber insurance
What does cyber insurance cover for a small business?
Cyber insurance helps protect your small business from the financial impact of cyber attacks and data breaches. It helps pay for the costs of recovering compromised data, repairing damaged computer systems, and notifying customers about a breach. It also covers legal fees and regulatory fines linked to data protection failures. You get the coverage you need to handle the fallout of a digital attack.
Why do I need cyber insurance if I already have standard business insurance?
Standard general liability policies usually don’t cover digital risks. If a hacker targets your network, you need dedicated cyber insurance to step in. While strong cybersecurity practices help prevent attacks, a dedicated policy provides a reliable financial safety net.
What happens if I need to make a cyber insurance claim?
If you spot malware or experience a breach, you should contact your insurer immediately. The claims team will guide you through the process step-by-step.
More guides for small businesses
- 7 new ways to use WhatsApp for business
- 6 of the best free AI tools for small businesses
- 7 things to do before making a business insurance claim
- Why insurance claims get delayed (and how to avoid it)
Ready to set up your cover?
As one of the UK’s biggest business insurance providers, we specialise in public liability insurance and protect more trades than anybody else. Why not take a look now and build a quick, tailored quote?