Get Cyber Insurance
Cyber insurance protects UK and EU businesses against financial losses from ransomware, data breaches, and cyber attacks. Precursor Security delivers the evidence pack underwriters now demand, CREST-accredited penetration testing, Cyber Essentials Plus certification, and tested incident response, and places reduced premium cover through our broker partner New Dawn Risk. Independent research shows 10 to 40 percent premium reductions are achievable with documented controls.
Your insurer isn't scoring your security. They're scoring your documentation. Precursor produces the CREST-accredited evidence pack underwriters accept, closes the exclusion traps, and introduces you to our broker partner, New Dawn Risk, for reduced premium terms.
Built with New Dawn Risk.
A cyber-specialist broker with A-rated capacity, FCA authorised in the UK and MFSA regulated in the EU. They place the policy through their A-rated insurer panel.
Precursor Security is not a regulated insurance intermediary. Insurance products are placed through our broker partner, New Dawn Risk. Cover is subject to underwriter approval, evidence of security controls, and standard policy terms. Cover availability, wording, and pricing vary by jurisdiction. This page describes Precursor's readiness programme only and does not constitute insurance advice.
Cyber insurance is four conversations, not one.
CFO, IT Director, CISO, Risk Manager. Four roles, four fears, one evidence pack that addresses all of them.
Our Premium Doubled and the Board Is Asking Why
Cyber premiums rose 50 to 100 percent across UK mid market between 2021 and 2023. They softened briefly in 2025 but insurers tightened underwriting again for 2026. The only sustainable way to control premium cost is to demonstrably reduce risk. At renewal that means a CREST pentest, MFA enforcement, and EDR deployment evidence the underwriter can verify.
Will They Actually Pay When We Need Them?
56 percent of CISOs reported denied cyber payouts in 2024. The number one reason is insufficient evidence of active security controls at the time of breach. A CREST penetration test report with remediation verification is the gold standard evidence underwriters accept.
I Can't Honestly Answer the Supplemental
Modern cyber insurance supplementals run dozens of questions deep on MFA coverage, EDR rollout, patch SLA, backup testing, and IR plan freshness. Answer inaccurately and the insurer can void the policy post breach under misrepresentation clauses.
What If the Exclusion Swallows Our Claim?
War exclusions (Lloyd's mandate since 2023). Social engineering carve outs. Supply chain sublimits. Known vulnerability exclusions. The average UK policy has 12 to 15 exclusion categories. Most buyers do not read them until a claim is filed. Precursor's evidence pack closes the exclusions you can close, and surfaces the ones you cannot, so nothing is a surprise. Categories include war/nation state, social engineering, supply chain sublimit, prior knowledge clause.
Your insurer already checked you.
Underwriters run automated checks against your infrastructure before they read your application. Shodan for exposed ports. DMARC records for email spoof risk. External attack surface scans for unpatched public-facing services. Dark web credential monitoring for compromised accounts.
Your application answers must match that external data. Where they do not, loadings apply. Most organisations do not know which checks were run or what the underwriter saw. Our readiness assessment replicates the external view, matches it against your self attested posture, and closes the delta before your broker submits.
Cyber insurance requirements: the controls that cut your premium.
The eight most common supplemental control domains, the evidence underwriters demand for each, and the Precursor service that produces it. Premium impact cites WTW, UK Government and Beazley.
| Control Domain | Evidence Demanded | Precursor Service | Artefact | Premium Impact |
|---|---|---|---|---|
| MFA on remote and admin access | Configuration audit and attestation | Internal network pentest + AD password audit | MFA coverage report, exception register | 30 to 50 percent loading removed; ransomware cover restored |
| Annual external penetration test | CREST-accredited report with CVSS scoring | External network penetration test | CREST report, executive summary, remediation plan | Unlocks standard capacity; non CREST output often rejected |
| Cyber Essentials Plus certification | Active CE Plus certificate (IASME issued) | Cyber Essentials Plus delivery as certification body | CE Plus certificate (Precursor is certification body) | 80 percent fewer claims (UK Gov); free £25k IASME cover on SME schemes |
| EDR coverage across all endpoints | Deployment rollout and telemetry evidence | Managed detection and response service | Coverage report, endpoint inventory | 97.5 percent lower claim severity |
| IR plan tested in last 12 months | Tabletop exercise report | IR retainer and tabletop service | IR plan, tabletop outcome, RACI | Improves BI sublimit; qualifies for Beazley style optional controls discount |
| Patch management SLA (critical in 14 days) | Vulnerability management report | Continuous pentesting and patch verification | VM report, patch SLA dashboard | Removes known vulnerability exclusion (prior knowledge trap) |
| Privileged access management | PAM inventory and attestation | Active Directory security assessment | AD security report, privilege audit | Reduces escalation risk pricing |
| Security awareness and phishing testing | Training completion and click rate | Phishing simulation service | Training evidence, phishing metrics | Unlocks social engineering control linked endorsement |
Cyber insurance coverage vs. exclusions: what closes the gap.
Policies are sold by coverage section. Underwriters price and exclude by security control. The table below bridges the gap for the coverage inventory placed through New Dawn Risk.
| Coverage Section | Underwriters Want | Precursor Service | Exclusion Status |
|---|---|---|---|
| Ransomware and Extortion | MFA coverage, EDR, tested backups, IR plan | Pentest + MDR + IR retainer | Ransomware cover restored to primary |
| Business Interruption | RPO and RTO validated, backup recovery tested | Red team BCP test, backup restore verification | BI sublimit negotiated up |
| Security and Privacy Liability | Access control, data classification, encryption | Pentest, PAM audit, configuration review | Third party liability sublimit |
| System and Data Rectification | Forensic readiness, log retention | IR retainer + SOC and MDR | Forensic investigation cover improved |
| Crisis Management and Notification | Tested IR plan, 48 to 72 hour reporting capability | IR tabletop and retainer | Reporting deadline exclusion closed |
| Cyber Theft and Social Engineering | Phishing testing, BEC controls, payment verification | Phishing simulation + vishing and smishing testing | Social engineering carve out (where endorsable) |
| Regulatory Response (where insurable) | ICO ready documentation, DPIA records | GDPR advisory + CE Plus + pentest | Regulatory defence sublimit |
| Employee Dishonesty and Insider | Access reviews, privileged account monitoring | AD assessment + SOC | Insider exclusion narrower |
| Prior Acts and Known Unpatched Vuln | Remediation verified pentest (closed loop) | CREST closed loop testing | Prior knowledge clause neutralised |
| War and Nation State | Structural exclusion | Forensic attribution support if disputed | Lloyd's 2023 mandate; residual risk disclosed |
Cyber Essentials Plus: the SME certification insurers reward.
Cyber Essentials Plus is the UK government backed certification that directly unlocks insurance benefits: 80 percent fewer claims according to the UK Government evaluation, free £25,000 cover via IASME partner schemes on qualifying organisations, and a hard tick against multiple underwriter supplemental questions. Precursor is a certification body, so the audit, report, and certificate all come from the same assessor credentialed team.
IASME partner schemes provide a limited £25,000 cyber liability policy free to CE Plus certified organisations under £20M turnover.
UK Government evaluation showed organisations with Cyber Essentials controls file 80 percent fewer insurance claims than peers.
Full CE Plus audit including technical assessment. Precursor is an accredited certification body, no third party delivery markup.
What your broker and underwriter actually receive.
The evidence pack is what makes Precursor's readiness programme different from a stack of scan reports. It is packaged for underwriter consumption, mapped to the supplemental questions, and includes the artefacts that unlock better terms.
Your cyber insurance renewal, from first call to reduced premium.
Average engagement: 4 to 8 weeks from discovery to evidence pack delivery. Renewal critical engagements can condense to 3 weeks with focused scope.
Discovery
A 30 minute call. Current policy, renewal date, broker relationship, concerns.
Readiness Assessment
Gap analysis against current underwriter supplementals. Findings prioritised by premium impact.
Evidence Engagement
CREST pentest, CE Plus audit, and IR tabletop as required. Remediation and retest included.
Pack Delivery
Insurer ready evidence pack delivered. Optional Board summary one pager included.
Broker Introduction
Warm introduction to New Dawn Risk. You keep your existing broker relationship if preferred; the pack works with any broker.
Cyber insurance readiness: who this is for.
Mid-Market (250 to 2,500 employees)
Complex environments, tightening underwriter scrutiny, board level reporting, and significant premium exposure. Our core fit. Full evidence pack, committee ready narrative, and broker introduction.
Regulated Sector
Financial services (FCA), healthcare (NHS DSPT), legal (SRA), professional services. Sector specific exclusion awareness and regulator grade documentation. Evidence pack usable for both underwriter and regulator.
Renewing Organisations (60 to 180 days out)
Facing a premium increase, tighter questions, or reduced coverage at renewal. Targeted readiness sprint focused on supplemental critical gaps. Closed loop remediation evidence before broker submission.
Cyber insurance for small business via Cyber Essentials Plus
Under £20M turnover. CE Plus certification unlocks £25k IASME cover free plus qualifies you for optional controls discounts at renewal. Precursor is a CE certification body. Entry price £3,000.
Cyber insurance exclusions: the traps that void claims.
Evidence closes some. Others are untouchable, and we will tell you which.
The Prior Knowledge Trap
A pentest finds a vulnerability. You do not patch it fast enough. Six months later, attackers exploit it. The insurer reviews the pentest report during claims investigation and denies the claim under prior knowledge. Precursor's closed loop model closes this trap by re testing and verifying remediation before the evidence pack ships.
The BEC and Social Engineering Carve Out
An attacker spoofs a CEO email, finance wires £500k. Not covered, user error involved, unless you purchased a separate social engineering endorsement you did not know existed. Phishing simulation evidence and documented payment verification procedures often qualify you for endorsement linked discounts.
The Supply Chain Sublimit
A trusted SaaS vendor is compromised. Your operations halt. Policy covers BI, but the attacker never touched your systems. Insurer interprets coverage narrowly and denies. Vendor risk assessment and supplier onboarding evidence sometimes unlock a broader supply chain sublimit.
War and Nation State (Not Closable)
ResidualSince the Lloyd's 2023 mandate, state backed cyber incidents are excluded from all Lloyd's placed policies. No evidence pack closes this. Precursor discloses this exclusion explicitly on the residual risk line. What we can do: help document whether an incident was state backed vs criminal via forensic investigation, often the deciding factor in disputed claims.
The services that reduce your premium.
Each Precursor service maps directly to an underwriter requirement. The readiness assessment scopes which ones your renewal actually needs, in what order, and with what evidence artefact.
Start with a readiness assessmentThe best time to test your defences is now.
Join the high-growth companies relying on Precursor for continuous offensive and defensive security.
Frequently Asked Questions
Common questions about this service, methodologies, and deliverables.
Cyber insurance protects businesses against financial losses from ransomware, data breaches, denial of service attacks, and regulatory response costs. UK mid market organisations with revenue dependency on digital systems typically need it, and many supplier contracts now require it as a condition of engagement. It is not a substitute for security controls; it covers the residual risk after controls are in place.
Typical UK mid market cyber insurance premiums range from £3,000 for small businesses to £50,000 or more for organisations with complex environments. Cost is driven by revenue, sector, data types processed, existing security controls, and claims history. Microbusiness cover can start around £175 per year. High risk sectors can exceed £10,000. Our readiness assessment aims to reduce your premium by 10 to 40 percent on renewal, per WTW 2025 data.
Underwriters now expect MFA on all remote and admin access, EDR coverage across endpoints, tested immutable backups, an IR plan tested within the last 12 months, and annual external penetration testing. Cyber Essentials Plus certification satisfies many of these in one certification. The Underwriter Requirements Matrix on this page maps each control to the evidence underwriters accept.
Yes. WTW's 2025 UK cyber market update reports premium reductions of 10 to 40 percent for organisations with documented CREST-accredited testing and proactive control evidence. Beazley offers up to 20 percent discount for optional security controls including external vulnerability assessment. Typical pentest and IR plan saving is 10 to 20 percent on the renewal premium, and a CREST pentest usually pays for itself on the first renewal.
The number one reason is insufficient evidence that security controls were active at the time of breach. Other common denial reasons: late breach notification (the 48 to 72 hour reporting window is strict), misrepresentation on the application, the prior knowledge exclusion where a known vulnerability was left unpatched, and social engineering carve outs where the policy did not include an endorsement. Precursor's closed loop evidence model addresses the first three directly.
The three terms are used interchangeably in UK policy wording. Cyber liability insurance technically refers to third party coverage (claims brought by customers, partners, regulators) while cyber insurance covers both first party (your losses) and third party. In practice, all modern UK policies bundle both. When comparing quotes, compare coverage sections (ransomware, BI, liability, crisis response) not the label.
No. Precursor is a CREST-accredited security firm and a Cyber Essentials certification body. We do not sell insurance. Our broker partner, New Dawn Risk, is FCA authorised (FSR 773018) and MFSA regulated (Malta C87941) and places cyber policies through their panel of A-rated insurers. Precursor produces the evidence pack; New Dawn Risk places the cover.
Common exclusions: war and state backed cyber incidents (Lloyd's 2023 mandate), known but unpatched vulnerabilities, social engineering and BEC (unless endorsed), infrastructure failure, prior acts, regulatory fines not insurable by law, and contractual liabilities. Evidence based remediation can close some of these. Others are structural. Our exclusion register shows you which are closed for your engagement and which remain residual risk.
Yes. The average UK SME claim severity is around £40,000 and the lifecycle of a cyber incident is measured in months, not days. Cyber Essentials Plus certification through Precursor unlocks £25,000 free cover via IASME partner schemes for organisations under £20M turnover. Entry level paid cover for SMEs starts around £175 to £350 per year. The readiness programme is proportionate: CE Plus delivery plus targeted testing rather than the full mid market pack.
Prior knowledge exclusions void claims where the insured knew or ought to have known about a vulnerability before the incident and failed to remediate. Pentest reports can trigger this trap if findings are left open. Precursor's closed loop model tests, remediates, re tests, and evidences the fix before the report ships. Where a finding remains genuinely open, it is disclosed on the exclusion register and the broker negotiates either a time bound carve in or a sublimit, preventing surprise at claim time.
Precursor produces the evidence pack. With your consent, we introduce you to New Dawn Risk with the pack already in hand. They place the policy through their A-rated insurer panel. You retain the broker relationship of your choice; the evidence pack works with any UK or EU active broker. If you already have a broker, we provide the pack directly to them. New Dawn Risk charges standard brokerage on placed policies; Precursor charges for the security work separately.
Yes. The evidence pack is designed to satisfy any underwriter accepted standard: CREST pentest reports, IASME issued Cyber Essentials Plus certificates, NIST CSF and ISO 27001 Annex A mapping, and timestamped control attestations. If your broker has specific supplemental templates, we map the evidence to those templates. The pack is broker agnostic in format; only the final placement is channel dependent.