Cyber Insurance
Compare active cyber coverage for small business and corporates
What is cyber insurance?
Cyber insurance, also known as cyber liability insurance or cybersecurity cover, is a policy which provides financial protection and expert support to help recover from a cyberattack or data breach. It can provide the necessary financial resources to cover your legal liabilities, pay ransomware demands, cover your loss of profits, pay expenses such as incident response, forensic investigations, legal fees, public relations costs, customer notifications, and potential regulatory penalties.
A policy can provide protection against a wide range of cyber risks that businesses face in the digital age. These include but are not limited to data breaches, malware attacks, phishing scams, ransomware, denial-of-service attacks, network disruptions, employee actions, social engineering fraud, mistakes, negligence, IT failures, and vendor failures. Understanding the breadth of coverage offered by cyber insurers is crucial for companies seeking comprehensive protection.
In today's digital world, businesses face an ever-growing cyber risk. Ensure your business has financial protection, incident response, in combination with cyber security controls. To compare cyber insurance quotes, complete our digital onboarding. Premiums can start from £323 annually for a £1 million limit for a small business.
Do you need cyber insurance?
A comprehensive policy will help businesses safeguard their finances, ability to operate, and reputation, by providing financial protection and resources to navigate an attack or data breach. The cover can mitigate against the devastating consequences of cyber criminals that seek to profit from a cyber threat or ransomware attack.
It is commonly accepted that all businesses require protection against a wide range of digital threats. These may include legal expenses, theft of personally identifiable information, unauthorised access to sensitive data, reputational damage, and costs associated with regulatory compliance and breach notification.
In addition, policies can provide access to specialist incident response services, which is invaluable to reduce the exposurers associated with malicious software, criminal extortion, and sensitive data leaks. By addressing these risks, a policy can provide companies with a safety net against the impact and financial consequences.
What is cyber liability insurance?
The cover can protect against a wide range of damages awarded that result from data breaches, attacks, unauthorised data access, loss of sensitive information, and other forms of malicious or accidental incidents. If sensitive or confidential information is disclosed without permission, the entity responsible for securing that information may face significant financial liabilities for failing to protect it. It is becoming increasingly important if you are contracted to provide a service or software solution, that you maintain network security and privacy liability alongside professional indemnity insurance.
Network security
Means a failure of computer security to prevent unauthorised access, or the transmission of malicious code, that results in a liability claim.
Privacy liability
Means an actual or alleged loss of all data that can identify a natural individual, otherwise known as personally identifiable information.
Information liability
Means an actual or alleged loss or unauthorised disclosure of third party information which you are legally required to maintain in confidence.
Compare quotes for cyber-security insurance to protect your business from cyber-crime
Get indemnity™ can arrange cover starting from £323 per annumWhat does cyber insurance cover?
Cyber liability
Otherwise known as network security and privacy liability insurance, it provides cover for your legal liabilities arising from damages and defence costs from third party claims arising from a network, information or privacy breach. For example, it can offer protection from your legal liabilities in failing to prevent an individual's personally identifiable information being stolen or inadvertently transferring harmful malware to a third-party which causes them a financial loss. This coverage is being more commonly requested under contract to ensure that if there is an incident, they have the ability to seek damages.
Incident response
Otherwise known as breach response, this section will generally respond to all of the costs involved in immediately responding to an incident. A policy can include IT security, forensic investigation, legal advice in relation to breaches of data security, and the costs associated with having to notify individuals that have had their information stolen under data protection laws (i.e., GDPR). The incident response section of a policy provides access to experts as well as paying for their services. This is one of the most important protections provided under a policy because it provides access to the right specialists without any delays. Please note the most important decisions are made within the first 24 hours after an event.
Cyber extortion
Will respond to fraudsters attempting to extort money by threatening to carry out an attack or threatening to expose/destroy information having already compromised the network. A policy will pay the ransom demanded to stop a data leak and restore your systems. The two most common types of extortion are ransomware and DDoS (Distributed Denial of Service) attacks. These types of claims against policies have been on the rise over the past couple of years with businesses increasingly targeted by criminals because they expect cover to respond in the event of an extortion attempt.
Business interruption
Can indemnify you for the loss of profits and increased costs because of a security breach. There is usually a 12-hour waiting period as a deductible, then during the time you are unable to trade the policy will reimburse your loss of net profit and increased costs. This section aims to reimburse the business for the difference between the typical income of the business and the reduced generated income during the shutdown caused by a cyber event. The purpose of business interruption cover is to soften the blow of the losses incurred when a business cannot operate due to a covered loss. The insured shall not profit from the business interruption section.
Media liability
Protects against third-party claims arising out of defamation or infringement of intellectual property rights. Claims will typically arise from communicating, reproducing, publishing, disseminating, displaying, releasing, transmitting, or disclosing media content, including social media. It can also include infliction of emotional distress, or other tort related to disparagement or harm to the reputation or character. The media section started out in cyber policies to offer protection in respect of online content only, but as policies have broadened over the years, it’s not uncommon for full media cover to be provided.
Restoration and penalties
Provides for the costs of electronic data or computer software to be repaired and restored in the event computer systems are damage from an attack, often critical in getting the company operating again. Additionally, it can typically provide for the legal costs and expenses to defend the business in a regulatory proceeding. Plus indemnify regulatory fines and penalties imposed by a government or regulatory body because of a security breach, where permitted by law.
Policy sections explained:
Typically, policies can be separated into:
First Party - includes the cost of incident response, extortion demands, forensic investigation, legal advice, notifying individuals their personal information was stolen, system damage, regulatory fines, and subsequent business interruption loss of profits and increased costs.
Third Party - includes the legal liabilities and costs of damages awarded by a court, insurer agreed settlements, and the legal expenses to defend any allegations.
Third-party cover is commonly requested by clients under contract to ensure they can seek compensation against your business because of a breach or attack where you are legally liable.
What additional business insurance is available?
Cyber-crime
Provides financial protection from a fraudulent taking, or appropriation of money, securities, or property (third-party, employee, or to the deprivation of a client).
Understand how cyber coverage can help protect your business in a connected world
Talk with a specialist broker to ensure your policies are adequate to meet your business needsMisconceptions
Every business, not just technology companies are exposed to cyber risks and should consider a policy to mitigate their threats. As criminals become more sophisticated and the technology you use becomes more connected, so do the threats of financial harm. We've identifed some objections about the need to arrange coverage and want to challenge some of the assumptions:
Our network is hosted by a third-party provider - Whether or not you outsource any services to third-party providers, any data breach will be your responsibility and your ability to recoup costs from such third-party may be limited.
We don’t process or hold sensitive data - Considering the extended scope of GDPR, most business will now hold personal information (i.e. email address) on their customers, note this doesn’t need to be credit/debit card details.
Our computer system has high security - No system can ever be 100% protected, no matter the levels of security controls embedded. Good cyber risk management promotes risk transfer as a valuable mechanism for an unforeseen events.
Cyber-attacks only occur at large corporations - Large recognisable brands can make the news, but insurer’s claims experience shows that criminals will not discriminate against small to medium sized businesses, especially with lessor controls.
Underwriting considerations:
There are various factors we discuss below that can impact insurers perception of your cyber exposure. Underwriting your application is a subjective process and each insurer will take an individual view to calculating your premium. However, the below guide should provide some helpful information to understand what the cover may cost your business and how you can improve your risk profile.
Business activities
The industry which you work will impact your susceptibility to breaches, and therefore increase your premium cost. For example, the following industries carry an increased exposer to claims: accountants, casinos, data aggregators, education sector, financial services, hospitals, hotels, medical industry, payroll services, professional services, solicitors, telecommunications, trading platforms, online gaming, and payment card processors. It's important to clearly identify what business activities you undertake when applying for cover.
Size of turnover
Turnover is a direct rating factor for insurers to calculate your premium cost. The larger your business the higher premiums your business will be required to pay. There will also be certain thresholds, where insurers will provide discounted rates to grow their portfolio. For example, companies with a turnover less than £1 million is the most competitive. Whereas there is significantly less competition when your turnover exceeds £100 million.
Data processed
The number of individual data subjects (otherwise known as personally identifiable individuals PII) is another direct rating factor for insurers. Less than 25,000 is commonly acceptable, once you breach the 100,000 or 250,000 threshold this will impact insurers decision making. In addition, the type of data you hold or process will impact your premium. Sensitive data such as: banking, card details, and medical information is perceived as the highest risk. The larger and more sensitive the data you process or hold the greater risk to insurers and will attract higher premium charges.
Territorial scope
Insurers will want to understand your turnover split by territory. Certain countries such as the US are more litigious in nature and allow for class actions (otherwise known as collective actions) on an opt-in basis which means their ability to bring a demand for compensation that much easier in a court of law. The higher exposure to a legal system which makes more frequent and higher awards means insurers will need to charge higher premiums when calculating the cost of your policy.
Risk management
There is a growing emphasis from insurers requiring minimum controls as conditions within the policies. Cybersecurity remains the first line of defence and if insurers are going to accept your risk, they want to make sure you adhere to best practices that mitigate your exposure to claims. Premium discounts will be available for companies which are able to demonstrate their risk averse nature. Common controls required by insurers include: backups of critical data, VPN for remote access, multifactor authentication for cloud based services, and cybersecurity training.
Claims history
If you have been the subject to cyber breaches that would have been insured, even if you didn’t have a policy in force you need to disclose that information. Unfortunately, you incur higher premium costs if you have been the subject of cyber claims in the past five years. Insurers will want to understand exactly what occurred, how much the cyber incident cost, and what remedial actions were taken to stop a similar incident occurring again.
Frequently asked questions
How can a policy provide protection?
It can provide financial protection and proactive tools to help guard against the consequences of cyber-attacks, data breaches, and other malicious online threats. Many policies today also include services that help the insured respond to an incident. This can involve access to cybersecurity experts who can remedy the breach and manage getting your systems up and running, legal teams to address compliance issues, breach notification services, and public relations professionals to handle any communications.
A policy can financial protection and expert support in the event of an attack or data breach. However, it is important the businesss should consider a proactive approach. Cyber hygiene measures identifed in many insurers minimum requirements need to be implemented given that many threats remain relatively unsophisticated.
Should you use a cyber insurance broker?
Cover is increasingly viewed as an essential component of a company or organisation’s risk management strategy, especially given the frequency and severity of events and information breaches continue to rise. It’s important to note that policies can be tailored to fit the specific needs, dependent upon their industry, size, exposure, amount of personally identifiable information, and sensitivity of that personal information. Therefore, it’s worth engaging with a broker to discuss your requirements.
Factors to consider include limits, deductibles, policy terms and conditions, retroactive dates, sub-limits, and additional services provided by the insurer. It's worth noting that each insurers’ cover, definitions, exclusions, and conditions will vary. Working with an experienced broker can make all the difference in making sure your company is adequately protected from threats at a cost-effective premium.
All the insurers we work with have an AM Best rating of A+ and are regulated by the Financial Conduct Authority and the Prudential Regulation Authority.
If we have good cyber security do we need insurance?
Cyber risk management is becoming increasingly important, with attacks becoming more sophisticated and prevalent, targeting businesses of all sizes and industries. From ransomware attacks to data breaches, hackers exploit vulnerabilities in systems and networks, causing significant harm to businesses. Understanding the nature and severity of these threats is crucial in comprehending the necessity of a policy in the digital age. The costs associated with recovering from a malicious attack, employee action, or vendor failure, can be very expensive. Not to mention the legal liabilities if you have failed to protect client information, or regulatory fines imposed under law (i.e. GDPR).
Why choose 'Get Indemnity'?
Our mission is to provide our clients with the knowledge, expertise, and advocacy to secure the best cover at the lowest cost premium. We work with a wide range of insurers to ensure we can secure the most competitive cover to protect your business.
Ensure your fully protected and compare quotes from the wholesale market by completing our digital onboarding process or give us a call on 0345 625 0711 to discuss your requirements.
What is Cyber Essentials?
Cyber Essentials is a government-backed scheme launched by the UK government in 2014. It is primarily aimed at small and medium-sized enterprises (SMEs). The scheme focuses on basic cyber hygiene measures to help reduce a company's vulnerability. The cover provided is typically deemed insufficient for most businesses and non-profit organisations, given the size of the limits available and scope of the cover.
What threats should we be concerned about?
A policy is designed to protect against a wide range of threats and incidents, which can significantly impact your financials, operations, and reputation. Some of the key risks include:
Data Breaches: Unauthorised access to or theft of data, including sensitive customer information like payment card numbers, passport information, or health records.
Ransomware Attacks: Malicious software that encrypts data and demands a ransom for the decryption key. Coverage can include the ransom payment, as well as costs associated with recovery.
Social Engineering: Fraudulent schemes that often involve email phishing attacks aiming to trick employees into transferring money or sensitive information to attackers.
Denial of Service (DoS): These are designed to overwhelm systems, networks, or applications to make them unavailable to intended users. A policy can cover business interruption losses and the cost of mitigating the attack.
Malware and Viruses: Software designed to damage or gain unauthorised access to computer systems. Insurance can cover the costs related to eliminating the malware and restoring systems to normal.
Data Loss: This includes data destroyed by cyber-attacks or accidentally deleted or corrupted by employees. Cover often includes the cost of restoring or recreating data.
Legal Action and Regulatory Fines: Costs arising from legal actions taken against an organization for failing to protect data or for violating privacy laws, along with potential regulatory fines.
Reputational Damage: Costs associated with managing and mitigating damage to your reputation following an event, including crisis management and public relations.
Given the increasing frequency, sophistication, and impact, comprehensive coverage can play a vital role in helping manage these risks effectively. It acts not just as a financial safety net, but also as a comprehensive support system in the face of new risks.
Why cyber resilience is important when applying for insurance?
Resilience is an important consideration during the business insurance application process and commonly a prerequisite to obtaining the required cover. It refers to the internal practices and features applied to help maintain a minimum level of security.
Effective cyber hygiene involves a variety of regular activities such as:
Regular Software Updates: Keeping all software up to date, including operating systems, applications, and security software, to patch security vulnerabilities.
Use of Strong Passwords: Creating and using strong, unique passwords for all accounts and using a password manager to keep track of them.
Multi Factor Authentication: Enhancing security by adding a second layer of protection to account logins, such as a text message code or an authentication app, to email account and your back-end software.
Regular Backups: Performing regular backups of important data to prevent data loss in the event of a cyber-attack or hardware failure.
Secure Network Connections: Using secure, encrypted connections to access the internet, avoiding public Wi-Fi without a virtual private network (VPN), and ensuring that home and business networks are secured.
Anti-Virus and Anti-Malware Protection: Installing and maintaining anti-virus software to detect and remove malicious software.
Education and Training: Keeping oneself and employees trained on the latest cybersecurity threats and how to avoid them, such as recognizing phishing emails and malicious websites.
Limiting User Access: Restricting user access to the information necessary for their work duties to minimise the risk of insider threats or accidental data exposure.
Related articles and guides
Find out about the methods used by UK businesses to limit their levels of liability. There are multiple ways a business can use contracts to limit their liability exposure, thus managing their risk levels effectively.
The Financial Conduct Authority (FCA) regulates the financial services industry in the UK. Its role includes protecting consumers, keeping the industry stable, and promoting healthy competition between financial service providers.