Is your business underinsured against cyberattacks? Here’s why you should probably be buying higher cyber insurance limits
Every October, Cybersecurity Awareness Month reminds us that no business is immune to cyberattacks. Yet while awareness has grown, preparedness hasn’t always kept pace, particularly when it comes to insurance protection. Many organisations still hold cyber insurance policies that would be insufficient in a real crisis, leaving them dangerously exposed to today’s escalating threats.
The financial impact is bigger than most imagine
The financial impact of cyber incidents continues to rise dramatically. This year, the cybercrime industry is expected to reach £8.4 trillion worldwide. No business – large or small – is immune to a cyberattack, making cyber resilience a critical part of any risk management strategy.
Cyber insurance is equally vital, providing a financial lifeline when incidents occur. But what if the policy responds and the limit of liability falls well short of the actual losses incurred?
The reality is that many organisations underestimate the true cost of today’s cyber threats – and that gap can be financially devastating when a breach strikes.
Consider that:
- The average ransomware payment now exceeds £200,000, with total recovery costs often reaching millions
- Business interruption losses frequently extend far beyond initial estimates, particularly for companies with complex digital supply chains
- Regulatory penalties and litigation costs are escalating under new data privacy laws to maintain market share.
Why current policies may not be enough
Policies purchased just 12–24 months ago often no longer align with today’s cyber risk landscape. Many organisations still buy coverage primarily to meet contractual requirements or settle for low limits due to budget constraints.
As a result, they may have enough insurance to cover a ransom payment but remain exposed to the far greater costs of incident response, system recovery, and legal liabilities.
Three critical factors are driving this underinsurance crisis
- Rising incident complexity: Modern breaches often trigger multiple coverage areas simultaneously (ransomware, business interruption, regulatory defence)
- Service cost inflation: Forensic investigators, legal teams, and crisis communicators have all increased rates significantly
- Longer recovery timelines: Many organisations now experience weeks or months of downtime, not days
Cybersecurity Awareness Month is the perfect moment to reassess coverage and ask the hard question: Would our policy limits truly hold up in a worst-case cyber scenario?
Steps to consider include:
- Conduct a Limit Adequacy Review: Don’t just model for the ransom demand – look across all exposures: downtime, liability, privacy breaches, and regulatory fines.
- Evaluate Vendor and Supply Chain Risks: Third-party exposures can multiply losses. Consider scenarios where a supplier outage or cloud provider compromise disrupts your operations.
The current insurance market presents the perfect opportunity to address this gap. With capacity continuing to increase and market conditions still soft, businesses can now secure higher limits at favourable terms. Waiting could prove costly – both in terms of available coverage and the potentially catastrophic consequences of being underinsured when the next attack occurs
Now is the time to review coverage
Now is the time to reassess your cyber insurance. A thorough limit adequacy review should consider worst-case scenarios across all potential exposure areas, not just the most obvious ones. The right coverage today could mean the difference between business continuity and financial ruin tomorrow.
For more information on our cyber insurance solutions, click here
To speak with one of our specialists about the right cover for your business, get in touch here
