Expert Q&A – cyber insurance Expert Q&A – cyber insurance

With Olivia Orringe, Assistant Underwriter and cyber specialist.

What do businesses need to know about cyber insurance?

The risks associated with cyber-attacks and data breaches are increasing each year. Whichever sector your business operates in, however big your business is, there's a diverse range of cyber-risks that you could be exposed to.

We sat down with our in-house expert, Assistant Underwriter Olivia Orringe, to answer some of the most asked questions about cyber-security and risk.

Whether you're a new business owner or a more experienced decision-maker and finding your current insurance provider is struggling to offer the kind of protection you need, find out how we help businesses and learn more about the cyber insurance we offer at Superscript.

Why should a business consider buying cyber cover?

These days, very few businesses can to operate without some form of online presence. Even typically "offline" businesses like hairdressers often now rely on Software as a Service (SaaS) booking systems and Electronic Point Of Sale (EPOS) software — like a contactless card reader — to trade.

These online systems are becoming increasingly critical to businesses’ ability to succeed. So when it comes to protecting revenue, getting insurance for these systems is just as important as maintaining cover for physical parts of a business, like stock, contents or buildings.

How has the market for cyber insurance changed in the last few years?

Cyber cover is still a relatively new product, given that the insurance industry is over 300 years old. Despite being available in some form or another for over a decade, for years it remained out of reach for the majority of companies due to high costs and slow underwriting processes.

In recent years, however, access to cyber cover and the scope of coverage available have transformed rapidly.

This is largely being spurred on by a global awakening to the threats cyber perils pose.

What type of business is cyber insurance most popular with, and why?

Unsurprisingly, cyber insurance is most popular with industries that rely heavily on the internet to carry out their business.

By shifting from a bricks-and-mortar footprint to a digital one, retail businesses have largely led the charge in buying cyber cover. And it’s no wonder, given how critical cyber issues could be to day-to-day operations.

The healthcare sector is also a major buyer of cyber cover. The reason in this industry, though, is largely due to data privacy concerns rather than worries about business interruption.

What are the major claims trends within cyber insurance?

Extortion remains overwhelmingly the largest claim type within cyber insurance. This is when criminals threaten to carry out a harmful cyber act, like stealing, leaking or encrypting data or shutting down systems, unless a ransom is paid.

Over recent years we’ve seen the emergence of "Quadruple Ransomware", which involves criminals targeting victims with four forms of extortion at the same time.

Breach of data, regulatory investigation costs, e-crime, social engineering attacks and other threats also remain very much present.

Buying cyber insurance through Superscript — what makes it different to other products?

The cyber insurance you can buy through Superscript offers considerably more than just financial coverage which helps it stand out in an increasingly crowded market.

One of the best additions, in my opinion, is access to the industry-leading Beazley Breach Response service in the event of a cyber-attack. This service can help a business confront the damage done by a cyber-attack head on. This is because it includes access to the expertise of legal ransomware negotiators and a team that can help businesses quickly fulfil their legal obligations to let affected customers know what’s happened.

People tend to conflate "cyber" with "data" which is a very dated approach. In fact, some markets still refer to cyber cover as "data breach insurance", which doesn’t help things. The scope of coverage provided by a cyber policy is far wider-reaching.

Olivia Orringe, Assistant Underwriter

What is a common misconception about cyber insurance?

A major misconception about cyber insurance is that people believe they’re too small or insignificant to be the victim of a cyber-attack. In reality, the data overwhelmingly points to small and medium-sized businesses (SME) attacks growing at a considerably faster rate than larger companies.

Cyber-attacks are not always the stereotypical "hacker" attacks where a human operator specifically targets your business. Many businesses are caught up in non-specific attacks like so-called "Zero Day Vulnerabilities" in commonly used software. This is where thousands of businesses are hit simultaneously and indiscriminately, regardless of their size.

Threats can also come from human error. One study suggests that an estimated 3.4 billion phishing emails were sent every day in 2025. Additionally, 83% of UK businesses that suffered a cyber-attack in 2022 reported it started with a phishing email. Scams are becoming more sophisticated every day, and with busy inboxes and stretched time, it’s no wonder people click on things they shouldn’t.

Are there any scenarios where a business would have to have cyber cover in place?

At the moment, there aren’t any mandatory legal requirements for cyber insurance. However, it is increasingly becoming a contractual requirement for firms to have cyber cover in place in order to do business with others.

This is mostly because businesses often need to promise to cover (or indemnify) the other party’s costs if there’s a data breach or leak involving their data.

In the past, this was usually covered by the professional indemnity part of a policy, since it was seen as part of a business’s contract responsibilities. When laws like GDPR came in and made data security and privacy more important, the amount of cover needed under professional indemnity policies often had to go up.

In recent years however, as cyber perils are being taken out of professional indemnity policies, we're seeing more and more contractual requirements to carry cyber insurance.

Is there anything else people should know about cyber insurance?

The part of cyber insurance which people tend to overlook in the SME sphere is the access it can give you to a wealth of experience and expertise.

Let’s use the example of a physical act of theft at an uninsured warehouse. Most people would know what to do if something like this happened to their business. They'd contact the police, speak to contractors to repair any damage from the break-in and consider increasing security.

Dealing with a hacker in an uninsured cyber scenario is substantially more complicated, however. As well as any costs you might incur from the event itself, you'd likely also have to hire specialists to begin tackling the longer-term implications of the event.

From cyber experts to PR teams — the fallout can be wide-reaching and long-lasting.

Superscript supports business owners of many different kinds to find the right insurance to help ensure you're covering yourself against risk, including those associated with the growing threat of cyber-attacks. Learn more about cyber insurance.

This content has been created for general information purposes and should not be taken as formal advice. Please always refer to your policy documents for full details around exclusions, terms and limits of your customised cover. Read our guide to understanding your policy documents.

Download your free guide to cyber risk

If you rely on systems, suppliers or customer data, you have exposure.

Download our report for a clear view of the UK threat landscape — and what resilient businesses are doing differently.

✔️ Understand where your business might be exposed
✔️ Benchmark yourself against 1,000 UK businesses
✔️ Straightforward guidance you can act on straight away

Download the report
Check out our latest posts
More stories