Cyber Essentials Cyber Insurance: Free £25,000 Cyber Liability Insurance
What UK SMEs Need to Know
Many UK small and medium-sized businesses are surprised to learn that Cyber Essentials certification includes free cyber liability insurance — up to £25,000 — for eligible organisations.
While this built-in cover is not a replacement for full cyber insurance, it can play a valuable role in helping businesses respond to incidents such as ransomware attacks and data breaches.
This article explains:
- Who is eligible for the free insurance
- What it covers (and what it doesn’t)
- How the insurance works in practice
- Why additional cyber insurance is often still needed
All in plain English.
What Is the Cyber Essentials Free Cyber Insurance?
When an eligible UK organisation becomes Cyber Essentials certified, it can opt in to receive £25,000 of cyber liability insurance at no additional cost.
The policy is provided via IASME’s insurance partners (commonly underwritten by AIG) and is designed to support SMEs during the early stages of a cyber incident.
This insurance is intended as baseline protection, not comprehensive cover.
Who Is Eligible for the Free £25,000 Cover?
To qualify, your organisation must:
- Be UK-based
- Have annual turnover under £20 million
- Certify the entire organisation (not just part of it)
- Successfully achieve Cyber Essentials certification
- Opt in to the insurance during the application process
If only part of your organisation is in scope, the free insurance does not apply.
How the Cyber Essentials Insurance Works
1. Achieve Cyber Essentials Certification
Your organisation completes the Cyber Essentials assessment through an authorised certification body.
This confirms you meet the UK government’s baseline cybersecurity controls.
2. Meet the Eligibility Criteria
Eligibility is assessed automatically based on:
- Turnover
- UK registration
- Certification scope
3. Opt In During the Application
During the certification process, you’ll be asked whether you wish to receive the included insurance.
You must actively opt in.
4. Receive the Policy Documents
If eligible, insurance documentation is issued alongside your Cyber Essentials certificate.
This includes details of:
- Coverage limits
- Policy conditions
- Access to the 24/7 support helpline
What’s Covered by the Free Cyber Insurance (Up to £25,000)
The policy typically covers costs associated with:
✔ Ransomware Attacks and Malware
Support for incidents involving malicious software or encryption attacks.
✔ Data Breaches
Including unauthorised access to sensitive or personal data.
✔ Incident Response and Forensics
Access to technical specialists to investigate:
- How the breach occurred
- What systems were affected
- How to contain the incident
✔ Business Interruption
Limited financial support for disruption caused by a cyber incident.
✔ Legal Support and Regulatory Defence
Assistance with:
- Legal advice
- Regulatory engagement
- Initial response to data protection issues
Key Benefits for UK SMEs
Cost Recovery When It Matters Most
Cyber incidents often incur immediate, unexpected costs. The included cover helps pay for:
- Technical specialists
- Legal advice
- Crisis response services
Reduced Risk Profile
Research shows that Cyber Essentials certified organisations make significantly fewer insurance claims — with figures commonly cited around 90%+ fewer claims compared to non-certified businesses.
Certification reduces risk before insurance is ever needed.
Access to 24/7 Expert Support
The included policy provides access to a 24/7 cyber incident helpline, offering guidance during what is often a stressful and time-critical situation.
An Important Reality Check: £25,000 Is Often Not Enough
While the free insurance is valuable, it’s important to be realistic.
For serious incidents such as:
- Large ransomware attacks
- Significant data breaches
- Prolonged downtime
Costs can easily exceed £25,000.
That’s why many UK SMEs use the included cover as:
- An entry-level safety net
- Evidence of reduced risk for insurers
- A stepping stone to higher-limit cyber insurance policies
Cyber Essentials + Additional Cyber Insurance: A Sensible Approach
Many insurers now:
- Expect Cyber Essentials as a minimum
- Offer better premiums to certified businesses
- Provide broader cover when baseline controls are proven
Cyber Essentials doesn’t replace cyber insurance — it strengthens it.
How Fortitude Cyber Helps
At Fortitude Cyber, we help UK SMEs:
- Achieve Cyber Essentials first time
- Understand the insurance implications
- Align security controls with insurer expectations
- Decide when additional cyber insurance is appropriate
We focus on practical security, not box-ticking.
Thinking About Cyber Essentials?
Cyber Essentials certification delivers more than compliance — it provides real-world protection, credibility, and built-in support when things go wrong.