Cyber Insurance
Compare active cyber insurance quotes for SME's and mid-corporates
In today's digital world, businesses face an ever-growing cyber risk. Ensure your business has cyber insurance protection in combination with cyber security controls. To compare cyber insurance quotes, complete our digital onboarding. Premiums can start from £323 annually for a £1 million limit for an SME.
What is cyber insurance?
Cyber insurance, also known as cyber liability insurance or cybersecurity insurance, is a policy which provides financial protection and expert support to help recover from a cyberattack or data breach. It can provide the necessary financial resources to cover your legal liabilities, pay ransomware demands, cover your loss of profits, pay expenses such as incident response, forensic investigations, legal fees, public relations costs, customer notifications, and potential regulatory penalties.
Cyber insurance covers a wide range of cyber risk that businesses face in the digital age. These include but are not limited to data breaches, malware attacks, phishing scams, ransomware, denial-of-service attacks, network disruptions, employee actions, social engineering fraud, mistakes, negligence, IT failures, and vendor failures. Understanding the breadth of coverage offered by cyber insurance providers is crucial for businesses seeking comprehensive protection.
Do you need cyber insurance?
Cyber insurance helps businesses safeguard their finances, ability to operate, and reputation, by providing financial protection and resources to navigate a cyber attack or data breach. A policy can mitigate against the devastating consequences of cyber criminals that seek to profit from a cyber threat or ransomware attack.
It is commonly accepted that all businesses require cyber insurance coverage to protect against a wide range of threats. These may include legal expenses, theft of personally identifiable information, unauthorised access to sensitive data, reputational damage, and costs associated with regulatory compliance and breach notification.
In addition, policies can provide access to specialist incident response services, which is invaluable to reduce the exposurers associated with malicious software, criminal extortion, and sensitive data leaks. By addressing these risks, cyber insurance policies provide business a safety net against the potential financial consequences.
Network security and privacy liability insurance
It is becoming increasingly important if you are contracted to provide a service or software solution, that you maintain network security and privacy liability, otherwise known as cyber liability insurance. Network security liability protection will provide your business the ability to pay damages to your client where required under law - for many service companies will be purchased alongside professional indemnity insurance.
Network security
Means a failure of computer security to prevent unauthorised access, or the transmission of malicious code, that results in a liability claim.
Privacy liability
Means an actual or alleged loss of all data that can identify a natural individual, otherwise known as personally identifiable information.
Information liability
Means an actual or alleged loss or unauthorised disclosure of third party information which you are legally required to maintain in confidence.
Compare quotes for cybersecurity insurance to protect your business from cyber crime
Get indemnity™ cybersecurity protection can start at £323 per annumWhat does cyber insurance cover?
Cyber liability
Otherwise known as network security and privacy liability insurance, it provides cover for your legal liabilities arising from damages and defence costs from third party claims arising from a network, information or privacy breach. For example, the cover can offer protection from your legal liabilities in failing to prevent an individual's personally identifiable information being stolen or inadvertently transferring harmful malware to a third-party which causes them a financial loss. This cover is being more commonly requested under contract to ensure that if there is a cyber incident, they have the ability to seek damages.
Incident response
Otherwise known as breach response, this section of cover will generally cover all of the costs involved in immediately responding to a cyber incident. The policy coverage can include IT security, forensic investigation, legal advice in relation to breaches of data security, and the costs associated with having to notify individuals that have had their information stolen under data protection laws (i.e., GDPR). The incident response cover of a policy provides access to cyber experts as well as paying for their services. This coverage section is one of the most important protections of a policy and provides access to the right specialists without any delays - because the most important decisions are made within the first 24 hours after an event.
Cyber extortion
Will respond to fraudsters attempting to extort money by threatening to carry out an attack or threatening to expose/destroy information having already compromised the network. The policy coverage will pay the ransom demanded to stop a data leak and restore your systems. The two most common types of cyber extortion are ransomware and DDoS (Distributed Denial of Service) attacks. These types of claims against policies have been on the rise over the past couple of years with businesses increasingly targeted by criminals because they expect insurance to cover the extortion attempt.
Business interruption
Can provide cover for the loss of profits and increased costs because of a security breach. There is usually a 12-hour waiting period as a deductible, then during the time you are unable to trade the policy coverage will reimburse your loss of net profit and increased costs. The coverage section aims to reimburse the business for the difference between the typical income of the business and the reduced generated income during the shutdown caused by a cyber event. The purpose of business interruption insurance is to soften the blow of the losses incurred when a business cannot operate due to a covered loss. The insured shall not profit from the business interruption section.
Media liability
This covers any third-party claims arising out of defamation or infringement of intellectual property rights. Can cover communicating, reproducing, publishing, disseminating, displaying, releasing, transmitting, or disclosing media content, including social media. Cover can also include infliction of emotional distress, or other tort related to disparagement or harm to the reputation or character. Media cover started out in cyber policies to offer protection in respect of online content only, but as policies have broadened over the years, it’s not uncommon for full media cover to be provided.
Restoration and penalties
Provides for the costs of electronic data or computer software to be repaired and restored in the event computer systems are damage from an attack, often critical in getting the company operating again. Additionally, the cover will typically provide for the legal costs and expenses to defend the business in a regulatory proceeding. Plus cover regulatory fines and penalties imposed by a government or regulatory body because of a security breach, where permitted by law.
How does a cyber insurance policy work?
Typically, policies can be separated into:
(1) First party coverage provides for the cost of incident response, cyber extortion, forensic investigation, legal advice, notifying individuals their personally identifiable information was stolen, system damage, regulatory fines, and subsequent business interruption including loss of profits and increased costs.
(2) Third party coverage provides for the legal liabilities and costs of damages awarded by a court, insurer agreed settlements, and the legal expenses to defend any allegations. This cover is commonly requested by clients under contract to ensure they can seek compensation against your business because of a breach or attack where you are legally liable.
What additional cyber covers are available?
Social engineering fraud
Means the act of influencing a person to divulge sensitive information or to perform a task, which typically results in a voluntary payment to the fraudster.
Cyber crime
Provides financial protection from a fraudulent taking, or appropriation of money, securities, or property (third-party, employee, or to the deprivation of a client).
Tech Errors and omissions
Otherwise known as professional indemnity insurance, provides cover for mistakes, neglect, or unintentional breach of duty when providing a technology or professional service.
Understand how cyber coverage can help protect your business in a connected world
Talk with a specialist broker to ensure your policies are adequate to meet your business needsMisunderstandings about cyber insurance
There are common misconceptions about cyber insurance. Every business, not just technology companies is exposed to cyber risk - as criminals become more sophisticated and the technology you use becomes more connected - so to the threats you face. Every business should consider a cyber insurance policy to mitigate their risk. We've identifed some objections about the need to arrange coverage and want to challenge some of the assumptions:
Our network is hosted by a third-party provider - Whether or not you outsource any services to third-party providers, any data breach will be your responsibility and your ability to recoup costs from such third-party may be limited.
We don’t process or hold sensitive data - Considering the extended scope of GDPR, most business will now hold personal information (i.e. email address) on their customers, note this doesn’t need to be credit/debit card details.
Our computer system has high security - No system can ever be 100% protected, no matter the levels of cyber security controls embedded. Good cyber risk management promotes risk transfer as a valuable mechanism for an unforeseen events.
Cyber-attacks only occur at large companies - Large recognisable brands can make the news, but insurer’s claims experience shows that cybercriminals will not discriminate against small to medium sized businesses, especially with lessor controls.
How do insurers calculate cyber insurance cost?
There are various factors we discuss below that can impact insurers perception of your cyber risk. Underwriting your application is a subjective process and each insurer will take an individual view to calculating your cyber risk insurance premium. However, the below guide should provide some helpful information to understand what the cover may cost your business and how you can improve your risk profile.
Business activities
The industry which you work will impact your susceptibility to breaches, and therefore increase your insurance premium cost. For example, the following industries carry an increased exposer to claims: accountants, casinos, data aggregators, education sector, financial services, hospitals, hotels, medical industry, payroll services, professional services, solicitors, telecommunications, trading platforms, online gaming, and payment card processors. It's important to clearly identify what business activities you undertake when applying for cover.
Size of turnover
Turnover is a direct rating factor for insurers to calculate your premium cost. The larger your business the higher premiums your business will be required to pay. There will also be certain thresholds, where insurers will provide discounted rates to grow their portfolio. For example, companies with a turnover less than £1 million is the most competitive. Whereas there is significantly less competition when your turnover exceeds £100 million.
Data processed
The number of individual data subjects (otherwise known as personally identifiable individuals PII) is another direct rating factor for insurers. Less than 25,000 is commonly acceptable, once you breach the 100,000 or 250,000 threshold this will impact insurers decision making. In addition, the type of data you hold or process will impact your premium. Sensitive data such as: banking, card details, and medical information is perceived as the highest risk. The larger and more sensitive the data you process or hold the greater risk to insurers and will attract higher premium charges.
Territorial scope
Insurers will want to understand your turnover split by territory. Certain countries such as the US are more litigious in nature and allow for class actions (otherwise known as collective actions) on an opt-in basis which means their ability to bring a demand for compensation that much easier in a court of law. The higher exposure to a legal system which makes more frequent and higher awards means insurers will need to charge higher premiums when calculating the cost of your cyber risk insurance.
Risk management
There is a growing emphasis from insurers requiring minimum controls as conditions within the policies. Cybersecurity remains the first line of defence and if insurers are going to accept your risk, they want to make sure you adhere to best practices that mitigate your exposure to claims. Premium discounts will be available for companies which are able to demonstrate their risk averse nature. Common controls required by insurers include: backups of critical data, VPN for remote access, multifactor authentication for cloud based services, and cybersecurity training.
Claims history
If you have been the subject to cyber breaches that would have been insured, even if you didn’t have a policy in force you need to disclose that information. Unfortunately, you incur higher premium costs if you have been the subject of cyber claims in the past five years. Insurers will want to understand exactly what occurred, how much the cyber incident cost, and what remedial actions were taken to stop a similar incident occurring again.
Frequently asked questions
How can cyber coverage help?
A policy can financial protection and expert support in the event of a cyber attack or data breach. However, it is important the businesss should consider a proactive approach to mitigating cyber threats and cyber attacks. Cyber hygiene measures identifed in many insurers minimum requirements need to be implemented given that many threats remain relatively unsophisticated.
What factors to consider when choosing a cyber policy?
Factors to consider include coverage limits, deductibles, policy terms and conditions, retroactive dates, sub-limits, and additional services provided by the insurer. It's worth noting that each cyber insurers’ coverage, definitions, exclusions, and conditions will vary. Working with an experienced insurance broker can make all the difference in making sure your company is adequately protected from cyber threats at a cost-effective premium.
All the insurers we work with have an AM Best rating of A+ and are regulated by the Financial Conduct Authority and the Prudential Regulation Authority.
If we have good cyber security do we need insurance?
Cyber risk management is becoming increasingly important, with attacks becoming more sophisticated and prevalent, targeting businesses of all sizes and industries. From ransomware attacks to data breaches, hackers exploit vulnerabilities in systems and networks, causing significant harm to businesses. Understanding the nature and severity of these threats is crucial in comprehending the necessity of a cyber insurance policy in the digital age. The costs associated with recovering from a malicious attack, employee action, or vendor failure, can be very expensive. Not to mention the legal liabilities if you have failed to protect client information, or regulatory fines imposed under law (i.e. GDPR). Cyber insurance is no longer an option, but a neccessity.
Why choose 'Get Indemnity' to arrange your cyber insurance?
Our mission is to provide our clients with the knowledge, expertise, and advocacy to secure the best coverage at the lowest cost premium. We work with a wide range of cyber insurers to ensure we can secure the most competitive coverage to protect your business from cyber risks. Ensure your business is fully protected and compare cyber insurance quotes from the wholesale market by completing our digital onboarding process or give us a call on 0345 625 0711 to discuss your requirements.
Related articles and guides
Cyber insurance, also known as cyber liability insurance, is a type of business insurance designed to help companies or organisations manage the risk of cyber-related security breaches and events.
Insurers require cybersecurity controls to ensure that organisations have taken necessary steps to mitigate cyber risks. These controls help reduce the likelihood and severity of cyber incidents, thereby minimising potential claims and financial losses for both the insurer and the insured.
Cyber extortion is a form of cybercrime where attackers demand payment or other forms of compensation from victims by threatening to damage, disrupt, or expose sensitive data. This can take various forms, including ransomware attacks, where data is encrypted until a ransom is paid, and threats to launch Distributed Denial of Service (DDoS) attacks or release stolen information.
Who provides cyber insurance and how can I compare providers? Find out about the leading cyber insurance providers in the UK market and what they offer as part of their policies.