Cyber insurance, also known as cyber liability insurance or cyber risk insurance, is a type of business insurance designed to protect against cyber attacks, data breaches and cyber criminals. Cover will typically provide for third-party cyber liability and first-party costs and expenses associated with recovering from cyber incidents, such as a cyber security breach, ransomware attack, hack, phishing attack, and other cyber threats. Find out more about cyber insurance.
We work with best cyber insurers that can undertake a non-intrusive scan of your websites to assess your risk to a cyber attack, data breach or ransom demand:
We have access to a wide range of specialist insurers to underwrite your cyber risk. Our digitial onboarding process provides a simple and effective platform to present your risk information and obtain cyber cover. A number of providers can now scan your websites to assess your cyber risk profile before providing a cyber insurance quote. Our customers can achieve cost savings by comparing their existing cyber cover against quotes from the wholesale market.
Cyber insurance premiums will vary dependent upon a number of factors we go into greater detail below, however the below provides an typical range of premium costs based on the size of the business.
Annual Turnover < £1m - Typical range (e.g., £500 to £3,500 annually)
Annual Turnover £1m - £10m - Typical range (e.g., £3,500 to £15,000 annually)
Annual Turnover +£10m - Broad range (e.g., £15,000 to £100,000+ annually).
The industry which you work will impact your susceptibility to breaches, and therefore increase your cyber insurance cost. For example, the following industries carry an increased exposure to claims: accountants, casinos, data aggregators, education sector, financial services, hospitals, hotels, medical industry, payroll services, professional services, solicitors, telecommunications, trading platforms, online gaming, and payment card processors.
Turnover is a direct cyber risk rating factor for insurers to calculate your premium cost. The larger your business the higher premiums your business will be required to pay. There will also be certain thresholds, where insurers will provide discounted rates to grow their portfolio. For example, companies with a turnover less than £1 million is the most competitive. Whereas there is significantly less insurer competition when your turnover exceeds £100 million.
The number of individual data subjects (otherwise known as personally identifiable individuals PII) is another direct cyber risk rating factor for insurers. Less than 25,000 is commonly acceptable, once you breach the 100,000 or 250,000 threshold this will impact insurers decision making. In addition, the type of data you hold or process will impact your premium. Sensitive data such as: banking, card details, and medical information is perceived as the highest risk. The larger and more sensitive the data you process or hold the greater risk to insurers and will attract higher premium charges.
Insurers will want to understand your turnover split by territory. Certain countries such as the US are more litigious in nature and allow for class actions (otherwise known as collective actions) on an opt-in basis which means their ability to bring a demand for compensation that much easier in a court of law. The higher exposure to a legal system which makes more frequent and higher awards means insurers will need to charge higher premiums when calculating the cost of your policy.
There is a growing emphasis from insurers requiring minimum controls as conditions within the policies. Cyber security remains the first line of defence and if insurers are going to accept your risk, they want to make sure you adhere to best practices that mitigate your exposure to claims. Premium discounts will be available for companies which are able to demonstrate their risk averse nature. Common controls required by insurers include: backups of critical data, VPN for remote access, multi-factor authentication for cloud based services, and cyber security training.
If you have been the subject to a cyber threat that would have been insured, even if you didn’t have a policy in force you need to disclose that information. Unfortunately, you will incur higher premium costs if you have been the subject of cyber insurance claims in the past five years. Insurers will want to understand exactly what occurred, how much the cyber incident cost, and what remedial actions were taken to stop a similar cyber incident occurring again.
Means the act of influencing a person to divulge sensitive information or to perform a task, which typically results in a voluntary payment to the fraudster.
Provides financial protection from a fraudulent taking, or appropriation of money, securities, or property (third-party, employee, or to the deprivation of a client).
Otherwise known as professional indemnity cover, provides cover for mistakes, neglect, or unintentional breach of duty when providing a technology or professional service.
A small online retailer with their own website and turnover < £250,000 purchases £1 million limit of cyber insurance. Personal Data Records limited to 250,000. Annual Premium: £323
A medium sized software company that provides hosting services with a turnover < £2 million purchases £2 million of cyber insurance. Personal Data Records limited to 500,000. Annual Premium: £2,450
A medium sized solicitor with a turnover < £3 million purchases £5 million of cyber insurance. Personal Data Records limited to 2 million. Annual Premium: £8,750
No system can ever be 100% secure, no matter the levels of cyber security controls embedded within the company. Ransomware attacks continue to increase in frequency year on year targeting businesses of all sizes. Unfortunately, if your cyber security defensives are overcome, the cost of a cyber-attack can have dire consequences for any business if they don’t have contingency plans in place.
If your company holds confidential, customer or employee data, publishes electronic content, transacts business over the internet, or uses service providers for processing information, it is recommended you buy cyber insurance.
Our mission is to provide our clients with the knowledge, expertise, and advocacy to secure the best cyber cover at the lowest cost. We work with a wide range of insurers to ensure we can secure the most competitive cover to protect your business. Ensure your fully protected and compare cyber insurance quotes from the wholesale market by completing our digital onboarding process or give us a call on 0345 625 0711 to discuss your requirements.
Third-party liabilities and first-party costs as a result of a data breach or cyber attack can be very expensive. Ensure you understand what cyber cover is available and the incident response services that can assist should your company need them.
Many cyber insurance products these days offer access to specialists whose role is to mitigate the cost of a cyber-attack. Triage within the first 12 hours is the most important and having access to experienced experts can make all the difference. Negotiating ransomware demands, recovering your systems and data, forensic, legal and public relations costs can all be covered.
Data breaches will typically occur because: 1) malicious attack; 2) human failure; and 3) system failure.
Obtaining early assistance from specialists to mitigate the damage of a cyber event can be invaluable. Minimising the interruption to the business and starting the triage process early will reduce the impact.
Cyber Essentials is a government-backed scheme launched by the UK government in 2014. It is primarily aimed at small and medium-sized enterprises (SMEs).
The cover will protect against third-parties seeking compensation by paying for a legal defence and damages awarded by a court. Cyber liability claims arising from a network, information or privacy breach can be very expensive if you are found to be fault.
Crime insurance offers financial protection from a criminal or fraudulent taking, obtaining or appropriation of money, securities or property
Effective cybersecurity risk management is no longer optional, but essential for maintaining business continuity