In a world where cyber threats are varied (and constantly changing), cyber insurance can help your organisation to get back on its feet, should something cyber-related go wrong. 

However, cyber insurance will not instantly solve all of your cyber security issues, and it will not prevent a cyber breach/attack. Just as homeowners with household insurance are expected to have adequate security measures in place, organisations must continue to put measures in place to protect what they care about. 


This guidance, from the National Cyber Security Centre, is for organisations of all sizes who are considering purchasing cyber insurance.

It is not intended to be a comprehensive cyber insurance buyers guide, but instead focuses on the cyber security aspects of cyber insurance. If you are considering cyber insurance, these questions can be used to frame your discussions. This guidance focuses on standalone cyber insurance policies, but many of these questions may be relevant to cyber insurance where it is included in other policies.


In the first instance, it’s worth checking if your organisation already has cyber insurance in place as part of existing policies, such as business interruption or property insurance. These may provide some level of coverage for cyber-related losses (or they may specifically exclude certain cyber-related incidents). Check your policy document, or speak to your insurance provider or broker for advice.

Read full guidance.