Cyber Insurance

Does our business need cyber insurance and how to arrange cover?

Below we explain why every business should consider cyber insurance and how to compare the different types of coverage available from the market to protect your business from data breaches and cyber attacks.

 Cyber Insurance from the Willis Towers Watson Network

What is cyber insurance and how best to protect your business?

Cyber insurance can provide financial protection and expert support to help recover after a data breach or attack. As a Willis Towers Watson Network Broker, we have access to the best cyber insurers in the market and can ensure your business is fully protected with a comprehensive policy. With increasing attacks, your security and business insurance are paramount when operating a company in the digital age.

 AIG Cyber Insurance Brand
 Allianz Cyber Insurance Brand
 Beazley Cyber Insurance Brand
 CFC Cyber Insurance Brand
 Chubb Cyber insurance Brand
 Hiscox Cyber Insurance Brand
 QBE Cyber Insurance Brand
 Travelers Cyber Insurance Brand

Why companies need cyber insurance?

Unfortunately, data breaches and cyber crimes are increasingly common, and criminals are targeting business with the objective of committing fraud, holding your business to ransom, or selling your data on the dark web. 

That's why cyber insurance can be a smart precaution for any size business. The threat of an attack continues to change, and even with the best practices and security available your business will never be fully protected.

Financial protection and potentially third-party support to help recover after a data breach or attack can make all the difference. There are different types of cyber coverage available under the policies and below we explain how they work.

What does cyber insurance cover?

Malicious breaches by third-parties or employee actions, whether deliberate or not, can unfortunately negate the security measures your company has in place. Below are the most common attacks that can infiltrate your computer systems and why you need cyber coverage.

 Malware insurance

Malware cover

Malware cover can protect against malicious software which can exploit vulnerabilities, potentially allowing your activities to be recorded.

 Ransomware insurance

Ransomware cover

Ransomware insurance offers cover after locking you out your system and then demanding a ransom to release control and not publish data.

 Denial-of-service insurance

Denial-of-service cover

Denial-of-service cover can provide solutions to attacks which seek to render a system or server unavailable, typically overwhelming a server.

Understand how cyber insurance can help protect your business and data in a connected world

Get indemnity™ cyber protection can start at £323 annually or £26.91 per month

What are the different types of cyber insurance available?

If your company holds confidential, customer or employee data, publishes electronic content, transacts business over the internet, or uses service providers for processing information, you should arrange cyber coverage to help protect your business. Below we identify the different types of cover available.

Cyber liability

Cyber liability insurance helps provides cover for your legal liability for damages and defence costs from third party claims arising from a data and privacy breach. The coverage can offer protection from failure to prevent an individual's data being breached or transmission of harmful malware to a third party.

Cyber extortion

Cyber extortion insurance will respond to fraudsters attempting to extort money by threatening to carry out an attack or threatening to expose/destroy data having already compromised the network. The policy coverage will pay the ransom demanded to stop a data leak and restore your systems.

Response and notification

Incident response and notification coverage provides access to specialists to mitigate the damage of security and privacy breaches. The policy coverage can include IT security, forensic investigation, legal advice, and the costs associated with notifying any individuals under data protection laws (i.e., GDPR).

Business interruption

Business interruption insurance provides cover for the subsequent loss of profits and increased costs because of a security or data breach. There is usually a 12 hour waiting period as a deductible, then during the time you are unable to trade the policy coverage will reimburse your loss of profits and increased costs.

Media liability

Media liability insurance provides coverage for your legal liability for damages and defence costs from third party claims arising from infringement of any intellectual property rights. Including libel, slander, or defamation via an electronic platform.

System damage and fines

System damage coverage provides for the costs of data and applications to be repaired and restored in the event computer systems are damage from an attack, often critical in getting the company operating again. Regulatory fines coverage provides for fines and penalties imposed by a government or regulatory body because of a security and data breach, where permitted by law.

Consider cyber risk insurance insurance to mitigate the damage and cost of an attack or data breach

Working with the best cyber insurers, we can provide you competing options

First-party vs third-party cyber coverage

Below we explain the two separate types of cover available under a cyber policy. First-party coverage which provides for your expenses, and third-party liability coverage which provides for damages and expenses in defending your business against claims.

First-party cyber insurance

Covers the cost of IT security, forensic investigation, legal advice, notifying individuals their data was stolen, cyber extortion, system damage, regulatory fines and subsequent loss of profits and increased costs as a result of a security and data breach.

Third-party cyber liability

Covers the damages and legal costs in defending allegations and damages from a security or data breach, or infringement of intellectual property rights, including libel, slander or defamation via an electronic platform.

How much does cyber insurance cost?

Get indemnity™ cyber insurance premiums start at £323 annually or £26.91 per month for a small business, which can provide coverage for a variety of threats with a response hotline, technical advice, legal input, and forensic experts.

However, the cost of cyber insurance will be unique to your business and will depend upon a number of factors, including your turnover, exposure to the USA, the industry that you work, and the security measures you employ.

We can offer guidance to companies to ensure you have the necessary security controls in place to meet insurer's minimum requirements. With increased claims activity greater emphasis is being placed on risk management.

What does cyber insurance not cover?

There are many different commercial insurance covers available to help protect your company from financial losses. Talk to an expert insurance broker to discuss your business needs and how to secure the best coverage at the most affordable premiums. If you are specifically concerned about cyber crime, you may want to consider standalone crime insurance.

Talk with a specialist insurance broker to ensure your policies are adequate to meet your business needs

As a Willis Towers Watson Network Broker, we have access to the best insurers in the cyber market.

How do insurers calculate your cyber risk insurance premium?

There are various factors we discuss below that can impact insurers perception of your cyber risk. Underwriting your application is a subjective process and each insurer will take an individual view to calculating your cyber risk insurance premium. However, the below guide should provide some helpful information to understand what the cover may cost your business and how you can improve your risk profile.

Business activities

The industry which you work will impact your susceptibility to breaches, and therefore increase your insurance premium cost. For example, the following industries carry an increased expose to claims: accountants, casinos, data aggregators, education sector, financial services, hospitals, hotels, medical industry, payroll services, professional services, solicitors, telecommunications, trading platforms, online gaming, and payment card processors. It's important to clearly identify what business activities you undertake when applying for cover.

Size of turnover

Turnover is a direct rating factor for insurers to calculate your premium cost. The larger your business the higher premiums your business will be required to pay. There will also be certain thresholds, where insurers will provide discounted rates to grow their portfolio. For example, companies with a turnover less than £1 million is the most competitive. Whereas there is significantly less competition when your turnover exceeds £100 million.

Data processed

The number of individual data subjects (otherwise known as personally identifiable individuals PII) is another direct rating factor for insurers. Less than 25,000 is commonly acceptable, once you breach the 100,000 or 250,000 threshold this will impact insurers decision making. In addition, the type of data you hold or process will impact your premium. Sensitive data such as: banking, card details, and medical information is perceived as the highest risk. The larger and more sensitive the data you process or hold the greater risk to insurers and will attract higher premium charges.

Territorial scope

Insurers will want to understand your turnover split by territory. Certain countries such as the US are more litigious in nature and allow for class actions (otherwise known as collective actions) on an opt-in basis which means their ability to bring a demand for compensation that much easier in a court of law. The higher exposure to a legal system which makes more frequent and higher awards means insurers will need to charge higher premiums when calculating the cost of your cyber risk insurance.

Risk management

There is a growing emphasis from insurers requiring minimum controls as conditions within the policies. Cybersecurity remains the first line of defence and if insurers are going to accept your risk, they want to make sure you adhere to best practices that mitigate your exposure to claims. Premium discounts will be available for companies which are able to demonstrate their risk adverse nature. Common controls required by insurers include: backups of critical data, VPN for remote access, multifactor authentication for cloud based services, and cybersecurity training.

Claims history

If you have been the subject to cyber breaches that would have been insured, even if you didn’t have a policy in force you need to disclose that information. Unfortunately, you incur higher premium costs if you have been the subject of cyber claims in the past five years. Insurers will want to understand exactly what occurred, how much the cyber incident cost, and what remedial actions were taken to stop a similar incident occurring again.

Frequently asked questions

Do we need cyber insurance if we have good cybersecurity?

Cybersecurity is unfortunately not full proof, especially in an ever-changing environment. It is commonly accepted that attacks and security breaches are increasing in frequency and sophistication. Good security is increasingly being combined with insurance to ensure financial protection and access to specialists.

Does cyber security insurance have a deductible?

You can select the amount of your deductible when arranging the coverage. Typically, there will be minimum threshold insurers will expect you to cover. For business interruption there will usually be a waiting period of 12 hours before the policy responds.

What is cyber liability insurance?

Cyber liability insurance is financial protection for damages and defence costs from third party claims arising from a data and privacy breach.

Can you provide two examples of a cyber liability insurance claims?

A cyber liability claim could arise from failing to prevent an individual's data being breached. Those individuals then bring a claim against your business for financial losses and emotional distress resulting from their data being leaked. A second example, would be the transmission of harmful malware to a third party. They then suffer a financial loss as a result of that malware and seeking damages from your business.

What is social engineering fraud?

Social engineering fraud is the manipulation of employees to bypass digital security, which typically results in money being transferred to a fraudsters bank account.

What is cybercrime coverage?

Some insurers will provide financial protection from a criminal or fraudulent taking of money. Typically, the coverage amount is sub-limited under a cyber policy.

How big is the cyber risk insurance market in the UK?

The UK has one of the largest and diverse cyber risk insurance markets in the world, with Lloyds of London a leader for large and difficult to place risks. There are numerous insurance companies and agencies with a cyber product offering.

Can you provide personal cyber coverage?

We can offer cyber coverage to businesses and sole traders, but only in the course of their business activities. Whilst a personal attack could lead to a the policy responding, it would only cover losses incurred by the business.

Related articles and guides

5 steps to a better cybersecurity program

Cybersecurity can be complex and confusing, but there are some basic steps that can help your clients develop a more robust cybersecurity program.

Cyber security server.jpg
Cyber insurance market: The year in review

Cyber liability is fast becoming the last frontier of the insurance world. Hackers and cyber thieves are growing in number and in the sophistication of their attacks.