How Cyber Essentials Changes Cyber Insurance for the SME Community

How the “Free” Cyber Insurance with Cyber Essentials Changes the Game for SMEs

For SMEs and SMBs, getting cyber insurance can be expensive and difficult—especially with rising premiums, increasing exclusions, and insurers tightening requirements. However, Cyber Essentials and Cyber Essentials Plus offer a unique opportunity: free cyber insurance for businesses that achieve certification.

📌 Cyber Essentials certification automatically includes free cyber insurance for UK businesses with a turnover of under £20M.
📌 Cyber Essentials Plus (the higher certification level) further strengthens security, reducing insurance risk.
📌 Insurers trust Cyber Essentials-certified businesses more, meaning easier access to additional coverage.

1️⃣ How Does Cyber Essentials’ Free Cyber Insurance Work?

When an SME becomes Cyber Essentials certified, it automatically qualifies for cyber insurance, provided by a designated insurer (as of 2024, this is typically HISCOX, but policies may change).

What Does the Free Cyber Insurance Cover?

✅ Cyber incident response costs – Access to an expert response team for crisis management.
✅ Legal support – If you’re sued due to a data breach, the insurance helps cover legal fees.
✅ Data breach costs – Covers customer notifications, investigations, and remediation.
✅ Forensic investigation – Pays for experts to determine the cause of the cyberattack.
✅ Reputational damage support – PR and communications support to manage fallout.

📌 Key Limitation: The policy doesn’t always cover financial losses due to fraud, extortion, or business downtime, meaning SMEs may still need additional coverage.

2️⃣ How Does Cyber Essentials Reduce Cyber Insurance Costs?

Even if a business needs additional cyber insurance beyond the free cover, Cyber Essentials helps reduce premiums by proving the company has strong baseline security controls.

💡 Insurers often give better rates to Cyber Essentials-certified businesses because:
✔ MFA (Multi-Factor Authentication) is required – Reduces the risk of credential theft.
✔ Patching & software updates are enforced – Stops many common exploits.
✔ Access controls & firewall protections are in place – Strengthens network security.
✔ Security awareness training is part of certification – Helps reduce human error.

📌 Result: Businesses with Cyber Essentials often get lower premiums, better policy terms, and fewer exclusions.

3️⃣ Cyber Essentials vs Cyber Essentials Plus: Which One is Better for Insurance?

Factor	Cyber Essentials	Cyber Essentials Plus
Insurance Eligibility	Free cover included	Free cover included
Security Testing	Self-assessment only	Independent technical audit
Best for	Basic cyber hygiene	Stronger security & compliance
Impact on Insurance Premiums	Moderate reduction	Higher reduction

📌 Cyber Essentials Plus is more valuable for businesses looking to secure larger cyber insurance policies, as it proves that their security measures have been independently verified.

4️⃣ Does Cyber Essentials Solve the Cyber Insurance Gap?

✅ Yes, in These Cases:

✔ For SMEs needing basic coverage at no cost.
✔ For businesses that want to improve their insurability & reduce premiums.
✔ For companies aiming to meet supply chain security requirements (e.g., UK public sector contracts).

❌ No, in These Cases:

❌ If you need coverage beyond breach response costs (e.g., business interruption, ransomware payments, or regulatory fines).
❌ If your business operates in high-risk industries (finance, legal, defence, healthcare—where more coverage is needed).
❌ If you rely on third-party vendors for critical services, as Cyber Essentials doesn’t cover supply chain failures.

📌 Best Strategy: Cyber Essentials should be seen as a strong foundation, but SMEs should still assess their risks and consider additional cyber insurance where necessary.

5️⃣ Final Thoughts: Cyber Essentials is a Smart Move for SMEs

For SMEs, Cyber Essentials is one of the best ways to secure affordable cyber insurance. It helps businesses:
✔ Get free insurance coverage (for those under £20M turnover).
✔ Improve their security posture, making them more insurable.
✔ Reduce cyber insurance costs by meeting insurer security expectations.

🚀 While it doesn’t solve every gap, Cyber Essentials is a great first step toward bridging the cyber insurance divide—especially for smaller businesses struggling to secure coverage.

View more resources

Blogs & News, Glossary

The Hidden Cyber Risks in Your Supply Chain
Introduction The cybersecurity risks within supply chains are often overlooked, yet they represent one of the biggest threats to businesses [...]

Continue reading
Blogs & News, Glossary

How Schools Can Secure Their Digital Learning Platforms
Introduction The adoption of digital learning platforms has transformed education, making learning more interactive, accessible, and flexible. However, as schools [...]

Continue reading
Blogs & News, Glossary

Cyber Risk for Startups: What Founders Need to Know
Introduction For startups, cybersecurity is often an afterthought—until something goes wrong. In the race to scale, security is frequently deprioritised [...]

Continue reading

View all resources