Cyber Insurance
Does our business need cyber security insurance and how to arrange cover?
Below we explain why every business should consider cyber security insurance and how to compare the different types of coverage available from the market to protect your business from data breaches and cyber attacks.
How to protect your business with insurance for cyber and data?
As a Willis Towers Watson Network Broker, we have access to the best cyber security insurers in the market and can ensure your business is fully protected with a comprehensive policy designed to meet your needs. With increasing attacks, your security and business insurance protection are paramount when operating a company in the digital age.
Why companies need cyber insurance?
Unfortunately, data breaches and cyber crimes are increasingly common, and criminals are targeting business with the objective of committing fraud, holding your business to ransom, or selling your data on the dark web.
That's why cyber security insurance can be a smart precaution for any size business. The threat of an attack continues to change, and even with the best practices and security available your business will never be fully protected.
Cyber security insurance is financial protection and potentially third-party support to help recover after a data breach or attack. There are different types of coverage available under the policies and below we explain how they work.
What does cyber security insurance cover?
Malicious breaches by third-parties or employee actions, whether deliberate or not, can unfortunately negate the security measures your company has in place. Below are the most common attacks that can infiltrate your computer systems and why you need cyber coverage.
Malware cover
Malware cover can protect against malicious software which can exploit vulnerabilities, potentially allowing your activities to be recorded.
Ransomware cover
Ransomware insurance offers cover after locking you out your system and then demanding a ransom to release control and not publish data.
Denial-of-service cover
Denial-of-service cover can provide solutions to attacks which seek to render a system or server unavailable, typically overwhelming a server.
Understand how cyber liability insurance can help protect your business and data in a connected world
Get indemnity™ cyber protection can start at £323 annually or £26.91 per monthWhat type of cyber security insurance cover is available?
Cyber liability
Cyber liability insurance helps provides cover for your legal liability for damages and defence costs from third party claims arising from a data and privacy breach. The coverage can offer protection from failure to prevent an individual's data being breached or transmission of harmful malware to a third party.
Cyber extortion
Cyber extortion insurance will respond to fraudsters attempting to extort money by threatening to carry out an attack or threatening to expose/destroy data having already compromised the network. The policy coverage will pay the ransom demanded to stop a data leak and restore your systems.
Response and notification
Incident response and notification coverage provides access to specialists to mitigate the damage of security and privacy breaches. The policy coverage can include IT security, forensic investigation, legal advice, and the costs associated with notifying any individuals under data protection laws (i.e., GDPR).
Business interruption
Business interruption insurance provides cover for the subsequent loss of profits and increased costs because of a security or data breach. There is usually a 12 hour waiting period as a deductible, then during the time you are unable to trade the policy coverage will reimburse your loss of profits and increased costs.
Media liability
Media liability insurance provides coverage for your legal liability for damages and defence costs from third party claims arising from infringement of any intellectual property rights. Including libel, slander, or defamation via an electronic platform.
System damage and fines
System damage coverage provides for the costs of data and applications to be repaired and restored in the event computer systems are damage from an attack, often critical in getting the company operating again. Regulatory fines coverage provides for fines and penalties imposed by a government or regulatory body because of a security and data breach, where permitted by law.
Consider cyber risk insurance insurance to mitigate the damage and cost of an attack or data breach
Working with the best cyber insurers, we can provide you competing optionsFirst-party vs third-party coverage
First-party cyber costs
Covers the cost of IT security, forensic investigation, legal advice, notifying individuals their data was stolen, cyber extortion, system damage, regulatory fines and subsequent loss of profits and increased costs as a result of a security and data breach.
Third-party cyber liability
Covers the damages and legal costs in defending allegations and damages from a security or data breach, or infringement of intellectual property rights, including libel, slander or defamation via an electronic platform.
Cyber security insurance cost
Get indemnity™ cyber security insurance starts at £323 annually or £26.91 per month for a small business, which can provide coverage for a variety of threats with a response hotline, technical advice, legal input, and forensic experts.
However, the cost that insurers charge will be unique to your business and will depend upon a number of factors, including your turnover, exposure to the USA, the industry that you work, and the security measures you employ.
We can offer guidance to companies to ensure you have the necessary security controls in place to meet insurer's minimum requirements. With increased claims activity greater emphasis is being placed on risk management.
What does cyber security insurance not cover?
There are many different commercial insurance covers available to help protect your company from financial losses. Talk to an expert insurance broker to discuss your business needs and how to secure the best coverage at the most affordable premiums.
Talk with a specialist insurance broker to ensure your policies are adequate to meet your business needs
As a Willis Towers Watson Network Broker, we have access to the best insurers in the cyber market.How do insurers calculate your cyber risk insurance premium?
Business activities
The industry which you work will impact your susceptibility to breaches, and therefore increase your insurance premium cost. For example, the following industries carry an increased expose to claims: accountants, casinos, data aggregators, education sector, financial services, hospitals, hotels, medical industry, payroll services, professional services, solicitors, telecommunications, trading platforms, online gaming, and payment card processors. It's important to clearly identify what business activities you undertake when applying for cover.
Size of turnover
Turnover is a direct rating factor for insurers to calculate your premium cost. The larger your business the higher premiums your business will be required to pay. There will also be certain thresholds, where insurers will provide discounted rates to grow their portfolio. For example, companies with a turnover less than £1 million is the most competitive. Whereas there is significantly less competition when your turnover exceeds £100 million.
Data processed
The number of individual data subjects (otherwise known as personally identifiable individuals PII) is another direct rating factor for insurers. Less than 25,000 is commonly acceptable, once you breach the 100,000 or 250,000 threshold this will impact insurers decision making. In addition, the type of data you hold or process will impact your premium. Sensitive data such as: banking, card details, and medical information is perceived as the highest risk. The larger and more sensitive the data you process or hold the greater risk to insurers and will attract higher premium charges.
Territorial scope
Insurers will want to understand your turnover split by territory. Certain countries such as the US are more litigious in nature and allow for class actions (otherwise known as collective actions) on an opt-in basis which means their ability to bring a demand for compensation that much easier in a court of law. The higher exposure to a legal system which makes more frequent and higher awards means insurers will need to charge higher premiums when calculating the cost of your cyber risk insurance.
Risk management
There is a growing emphasis from insurers requiring minimum controls as conditions within the policies. Cybersecurity remains the first line of defence and if insurers are going to accept your risk, they want to make sure you adhere to best practices that mitigate your exposure to claims. Premium discounts will be available for companies which are able to demonstrate their risk adverse nature. Common controls required by insurers include: backups of critical data, VPN for remote access, multifactor authentication for cloud based services, and cybersecurity training.
Claims history
If you have been the subject to cyber breaches that would have been insured, even if you didn’t have a policy in force you need to disclose that information. Unfortunately, you incur higher premium costs if you have been the subject of cyber claims in the past five years. Insurers will want to understand exactly what occurred, how much the cyber incident cost, and what remedial actions were taken to stop a similar incident occurring again.
Frequently asked questions
Do we need cyber insurance if we have good cybersecurity?
Cybersecurity is unfortunately not full proof, especially in an ever-changing environment. It is commonly accepted that attacks and security breaches are increasing in frequency and sophistication. Good security is increasingly being combined with insurance to ensure financial protection and access to specialists.
Does cyber security insurance have a deductible?
You can select the amount of your deductible when arranging the coverage. Typically, there will be minimum threshold insurers will expect you to cover. For business interruption there will usually be a waiting period of 12 hours before the policy responds.
What is cyber liability insurance?
Cyber liability insurance is financial protection for damages and defence costs from third party claims arising from a data and privacy breach.
Can you provide two examples of a cyber liability insurance claims?
A cyber liability claim could arise from failing to prevent an individual's data being breached. Those individuals then bring a claim against your business for financial losses and emotional distress resulting from their data being leaked. A second example, would be the transmission of harmful malware to a third party. They then suffer a financial loss as a result of that malware and seeking damages from your business.
What is social engineering fraud?
Social engineering fraud is the manipulation of employees to bypass digital security, which typically results in money being transferred to a fraudsters bank account.
What is cybercrime coverage?
Some insurers will provide financial protection from a criminal or fraudulent taking of money. Typically, the coverage amount is sub-limited under a cyber policy.
Related articles and guides
Cybersecurity can be complex and confusing, but there are some basic steps that can help your clients develop a more robust cybersecurity program.
Cyber liability is fast becoming the last frontier of the insurance world. Hackers and cyber thieves are growing in number and in the sophistication of their attacks.