Choosing cyber insurance for a Belgian SME is not a question of price, but of real coverage, hidden exclusions and intervention quality when an incident occurs. Two policies that look identical on paper can differ by tens of thousands of euros in indemnification on a ransomware claim. This checklist helps you compare offers on what really matters.
1. The essential coverages to verify
Serious cyber insurance covers at minimum the following components. Check that each is explicitly present in the general terms:
- GDPR protection: notification to the DPA, communication to affected persons, legal assistance and fines to the extent insurable
- Business interruption: indemnification of operational interruption, short waiting period, sufficient indemnification duration
- Recovery costs: forensic investigation, system restoration, network reconfiguration, external service providers
- Cyber extortion: professional negotiation, framed ransom payment, decryption costs
- Civil cyber liability: damages to third parties, malware propagation, defense costs
- Crisis communication: press relations, reputation management, client messaging
To better understand what each coverage entails in practice, see our ransomware protection guide and the GDPR obligations in case of cyberattack.
2. Assistance services that make the difference
Financial coverages are worth nothing without a team that answers when the countdown starts:
- 24/7 hotline with contractually guaranteed pickup time
- Multidisciplinary team: forensics, approved ransomware negotiators, GDPR lawyers, crisis communicators
- Continuous monitoring of the external perimeter and vulnerability alerts
- Technical partners in Belgium for on-site interventions
A phone that rings into the void on a Saturday night cancels out the value of the entire coverage.
3. External passive monitoring: the often-overlooked edge
Most SMEs compare policies on what they reimburse after the incident. The real differentiator of a modern policy is what happens before: reducing the attack surface visible from the internet, spotting publicly exposed flaws before they’re exploited, and detecting leaked credentials before they’re used for intrusion.
External passive monitoring doesn’t touch your internal infrastructure, no agent to install, no internal traffic inspected. It continuously observes what an attacker would see from the outside:
- External perimeter surveillance: domains, subdomains, exposed services, TLS certificates, open ports
- Leaked credential scanning on the dark web (company email addresses, reused passwords)
- Public vulnerability alerts on your exposed assets, with severity and recommendations
- Brand abuse detection: domain typosquatting, fake pages and phishing campaigns targeting your brand
Beware of a common confusion: some providers call “monitoring” a simple annual scan or a static dashboard. Demand continuous surveillance included in the premium, not a separately activated Premium option. At Inqase, this external monitoring is part of the standard policy. See why cybersecurity monitoring has become essential for a detailed analysis.
4. Exclusions to read carefully
The bad surprises hide in the exclusions. Points to clarify before signing:
- Cyber war and state acts: some contracts exclude attacks attributed to state-sponsored groups, among the most frequent
- Lack of updates: an attack through a flaw patched several months ago may fall outside coverage
- Failure to meet security measures (MFA, backups, professional antivirus)
- Subcontractors and remote work: check whether a claim originating from a provider or a remote workstation is covered
- Definition of a cyberattack: the exact wording in the contract determines what is indemnifiable or not
5. Deductible and coverage limit
The deductible must remain absorbable by your cash flow without difficulty. Avoid deductibles so low they inflate the premium, as well as deductibles so high they cancel out the value of being insured.
The coverage limit (or guarantee limit) is chosen based on your exposure: potential business interruption loss, volume of personal data held, and typical ransom amounts demanded of Belgian SMEs. Most executives opt for a one-million-euro limit, which covers almost all SME ransomware scenarios. For an analysis of the overall budget, see our article on the cost of cyber insurance in Belgium.
6. The classic pitfalls to avoid
- Focusing only on the premium: a cheap policy with broad exclusions costs much more in case of an incident than complete coverage slightly more expensive.
- Underestimating your needs: prefer slightly oversized coverage, undercoverage surprises are always paid cash.
- Neglecting service quality: in a crisis, hotline speed matters more than the premium gap.
- Not reading the general terms: have them reviewed by your broker, that’s exactly their role.
- Forgetting the review clause: your revenue evolves, your coverage must follow.
7. Why go through a specialized cyber broker
A broker doesn’t just pass on a quote. They bring access to multiple insurers, negotiation of conditions, sector expertise and end-to-end claims management. For an SME without an internal legal team, this is often the difference between a decent contract and a tailored one.
Inqase is an FSMA-registered broker specialized in SME cyber insurance. We distribute Hiscox CyberClear policies with public pricing, an online simulator and integrated assistance service, underwriting completed in 3 minutes, 24/7 monitoring included, hotline in French, Dutch and English.
Frequently asked questions
What’s the first thing to check in a cyber insurance policy?
The exclusions and the definition of the cyberattack in the contract. A policy with broad exclusions may refuse to indemnify a claim that seems obvious.
Do I need cyber insurance if I already have professional liability?
Yes. Professional liability does not cover business interruption from ransomware, recovery costs, or GDPR notification. The two policies are complementary. See our comparison cyber vs professional liability.
Is external monitoring really useful?
Yes. The majority of attacks start with exploiting an asset visible from the internet, a forgotten port, an expired certificate, a credential leaked on the dark web. External passive monitoring identifies these weak points before the attacker finds them, without intrusion into your IT system. See why cybersecurity monitoring has become essential.
Can I change insurers mid-year?
Yes, subject to notice period. Most modern policies distributed in Belgium are cancellable monthly with no penalty.
In summary
Choosing cyber insurance is not a formality. Compare coverages before price, read exclusions in full, and rely on a specialized broker to translate the general terms into real impact for your SME.