The Best Cyber Insurance Companies in the UK | 5-Star Cyber

Jump to winners | Jump to methodology

Always vigilant

Cybercrime is rising globally, with 2025 costs estimated to dwarf amounts recorded in previous years.

Highlighting the scale of the problem is Steve Morgan, founder of Cybersecurity Ventures and editor-in-chief at Cybercrime Magazine.

“We expect global cybercrime damage costs to grow by 15% over the next year, reaching US$10.5 trillion annually by 2025, up from US$3 trillion in 2015,” he says. “This represents the greatest transfer of economic wealth in history, risks the incentives for innovation and investment, is exponentially larger than the damage inflicted from natural disasters in a year, and will be more profitable than the global trade of all major illegal drugs combined.”

The UK’s own data also shows a serious cybercrime threat, with the government’s cyber security breaches survey 2024 reporting:

50% of businesses and around a third of charities (32%) experiencing some form of cybersecurity breach or attack in the last 12 months
higher rates for medium businesses (70%), large businesses (74%) and high-income charities with £500,000 or more in annual income (66%)

Travelers, which has been recognised as one of Insurance Business UK’s 5-Star Cyber winners 2025, pinpoints the leading vulnerabilities.

Managing director cyber, Chris McMurray, explains, “Ransomware continues to be the main threat and [cybercriminals] continue to use more complex attack methods; for example, data encryption and now psychological tactics.”

McMurray also stresses how AI is having a larger impact.

“It has the potential to create more sophisticated and smart AI-powered attacks and from an insurer’s perspective, how we underwrite and cover that exposure will need to evolve. The flip side is that AI presents an opportunity to help us detect, evade or neutralise those threats so it’s important to stress it can be every bit of an opportunity as it is a threat,” he says.

These concerns are shared by Adelle Gruber, class underwriter, global cyber, privacy and technology at Brit Insurance, also an IBUK 5-Star winner for 2025.

“Whilst we have seen some sophisticated attacks throughout 2024, there is still a high frequency of incidents resulting from human error, including clicking on phishing links. The year also saw the use of AI by cybercriminals to create sophisticated malware, but the traditional human element still remains a key route in for threat actors,” she says. “We have also seen critical vulnerability exploits being used increasingly as the initial access method into systems.”

This point is also emphasised by Morgan.

“AI is definitely a double-edged sword, but a few years ago it was a single-edged sword and cybercriminals had the upper hand. It’s a level playing field now,” he says.

With the number of attacks rising and the amount of threats similarly increasing, there is a greater reliance on the UK’s cyber insurance community to protect and support its clients.

“There is no room for complacency about the severity of state-led threats or the volume of the threat posed by cybercriminals,” says Richard Horne, CEO of GCHQ’s National Cyber Security Centre, in December 2024 . “The defence and resilience of critical infrastructure, supply chains, the public sector and our wider economy must improve. In the past year, we have seen crippling attacks against institutions that have brought home the true price tag of cyber incidents.”

To select the 5-Star Cyber 2025 award winners, IBUK enlisted some of the industry’s top experts. During a 15-week process, the research team conducted one-on-one interviews with specialist brokers and surveyed more within the publication’s network to gain a keen understanding of what insurance professionals think of current market offerings.

IBUK’s historical data

Brokers’ importance when placing a cyber policy has varied over the last three years. Some noticeable trends are:

Clarity of first-party coverage and breach response are the biggest factors in selecting an insurer in 2025.
Clarity of third-party coverage has dropped in value, whereas it led in importance back in 2023.
Between 2023 and 2025, there has been less importance placed on pricing, educating the broker about the policy and underwriting expertise.

Clarity of both first-party and third-party coverage and underwriting expertise are key performance indicators for policies.

These trends make it clear that brokers and their clients are placing a higher importance on being reimbursed for cybercrime committed against them, and on their insurer’s ability to communicate and act in the event of a successful cyberattack. This aligns with industry data showing that breaches are becoming more common and costly.

Source: UK Government Official Statistics, Cybersecurity breaches survey 2024

Lay of the land

The previous 12 months have been favourable for UK buyers, as Marsh’s Q3 2024 Global Insurance Market Index reveals that cyber rates fell by 8%, a decrease of 1% from Q2.

The UK cyber insurance market was forecasted to reach $1.35 billion in 2024, while increasing at a compound annual growth rate (CAGR) of 13.4% to reach $2.53 billion by 2029.

Source: Mordor Intelligence

Hiscox Group underlines how much of a risk cyber incidents pose to business reputation and brand trust. Their research highlights:

67% of organisations experiencing more cyber incidents in the past 12 months than the previous
47% had greater difficulty attracting new customers following a cyber attack
43% lost customers, while 38% experienced bad publicity

Extortion following ransomware attacks among Marsh UK clients increased by over 300% in 2023 compared to the previous year.

The primary cause of cyber incidents was human error.

“Last year, we saw a spike in the volume of cyberattacks in the legal and education sectors, with organisations successfully targeted by phishing emails. However, this year, we have seen a wide range of cyberattacks affecting a broader spectrum of industries,” the Q1 2024 UK cyber insurance report reveals.

“Multiple organisations have been affected by zero-day exploits. These types of attacks are expected to continue, as they are an efficient method for threat actors to access and infiltrate data and, most importantly, quickly monetise attacks,” according to the same report.

Best cyber insurance companies in the UK

“We believe in taking a wholistic approach when looking at a potential risk. If a risk has one or two areas and we feel they could improve on their cybersecurity, rather than just decline that risk, we will look to offer a solution that benefits the client by making them a better risk, and in turn allowing us to use our experience to continue to be consistent in our approach,” says Travelers’ McMurray.

The firm doesn’t believe in wild fluctuations in cover or pricing from year to year, preferring to offer clients peace of mind.

McMurray says, “Our coverage is specifically designed to help in the event of a cyber breach for businesses of all sizes, including coverage for forensic investigations, litigation expenses associated with a privacy or security breach, regulatory defence expenses/fines, crisis management expenses, business interruption and cyber extortion.”

Consistency is Travelers’ calling card, which has a maximum coverage cap of £10 million and has been writing cyber insurance since the 1990s. Its track record has equipped the company with an extensive bank of knowledge and skills.

“That experience allows us to offer our insureds consistency in terms of our approach to understanding the importance of mitigating the cyber exposure our clients face with our tailored pre-loss services,” explains McMurray. “Then, when something does go wrong, we provide a comprehensive market-leading breach response solution 24/7/365, and that’s before you get to the policy itself, which is a comprehensive solution covering both first- and third-party exposures with the ability to be tailored and further enhanced for specific risks.”

“We have seen a rise in the sophistication of AI-generated audio visuals, such as deepfakes. Technology is ever evolving and with every benefit, it also brings with it the potential for exploitation. We continue to witness the cyber threat landscape evolve and continue to evolve our product offering in turn”
Adelle GruberBrit Insurance

Brit Insurance also values providing a comprehensive service. It has evolved in response to the changing threat landscape.

“Our CPR product has been designed to offer our insureds comprehensive cyber insurance cover and pre-breach risk management support,” says Gruber.

The product offers clients three separate and distinct limits. The first covers the cost of incident response services, the second the cost of notifying any impacted individuals or applicable regulators, and the third contains the first- and third-party insurance coverages such as business interruption and privacy liability.

Gruber continues, “Furthermore, all our CPR clients are automatically given access to Datasafe and our virtual CISO service, which offers unlimited confidential advice from privacy and data security experts and independent, unbiased support. They have the ability to run phishing simulations [and provide] training resources for their employees. Industry-specific guidance is also available.

”In addition, insureds are able to undertake a cyber fitness check and perimeter scan to see what vulnerabilities the threat actors can see. They can also sign up to weekly critical vulnerability exploit (CVE) alerts to let them know what they should check and potentially patch.

“These services would generally cost several thousand pounds, but are fully subsidised by Brit as part of our CPR product for the benefit of our clients,” says Gruber.

What the UK’s Best Cyber Insurance Companies do in case of an attack

The first 24 hours are critical for Brit, and its CPR product has been designed to alleviate some of the stress from incident response.

The insured has a phone number, which they can ring from anywhere in the world (including via the Brit claims app), 24/7. They will be asked some initial questions about the event and will then be put in touch with their breach coach who will project manage the response.

Gruber comments, “The breach coach will always be a lawyer specialised in cyber and privacy law. They will manage all the vendors and also ensure that evidence is preserved in a manner that could be used in court while ensuring that legal privilege is maintained to protect the insured in the event of any subsequent legal action against them.”

The incident response specialists used will vary depending on the nature of the event to keep the overall costs down and resolve the incident as soon as possible. Managing all costs is also a priority for Travelers.

“Breach response is arguably the most important aspect of any cyber policy, and we put that at the centre of everything we do in conjunction with our claims team”
Chris McMurrayTravelers

After a security breach, the company remains engaged by providing Betterment, an insuring agreement clause that provides coverage for costs to improve a computer system when improvements are recommended to eliminate vulnerabilities that could lead to a similar breach.

While the firm is prepared as much as possible, it’s aware that every situation is unique and is where the company’s longstanding presence pays dividends.

“No two incidents are identical so that experience is key to identify what is needed to get the insured back up and running urgently, as time in any breach is of the essence and we understand that urgency,” says McMurray.