Below we take a closer look at the top cyber insurance companies* in the UK. Operating as an insurance broker we work with a wide range of cyber insurance providers but have given special mention to the below in our review of the market.
* Please note you should always consider the recommendations provided by your cyber insurance broker, which are specific to your cyber risk profile, business activities, and specific needs. The below is general information about the products offered from the top cyber insurance providers in alphabetical order.
AIG’s CyberEdge policies provide cover for a multitude of threats. Their cyber insurance policy provide access to a 24/7 global hotline, which sets into motion a sequence of events aimed at minimising the risks associated with a cyber attack or data breach.
Their event management processes then bring in legal response advisors, PR advisors and IT specialists where appropriate. Notification costs and data restoration are then covered where applicable. While the security and privacy liability module responds to third-party cyber liabilities resulting from breaches and attacks, such as investigations, fines and liability claims.
The
cyber extortion module provides an extensive range of specialist services to combat ransomware. These covers cover a range of extortion related costs, such as ransom payments, containment and investigation costs. Wheras, the network interruption module covers loss of income, mitigation expenses and forensic accountant costs to quantify losses when business operations are halted by system failure, cyber breach or containment shutdown.
The digital media liability cover under a cyber insurance policy provides cover against inadvertent trademark infringement, misappropriate creative material or inadequately checked facts. This protects against costs relating to defamation and infringement cases. The telephone hacking coverage applies cover to any charge relating to unauthorised access to a business’ telephone system. This can refer to an unauthorised party running up extensive charges without the knowledge of the policyholder.
Fund transfer fraud remains an important consideration and is a form of cybercrime where criminals use details obtained from a data breach to access funds from a financial institution’s account. The computer crime module from AIG covers this direct loss of funds, as well as impersonation fraud. AIG can also cover a criminal reward fund whereby a reward can be provided for any information leading to an arrest or conviction of those who have attempted to commit an act of cybercrime.
Beazley offers cyber insurance policies to businesses of all sizes, boasting two decades of cyber
risk management. Their market-leading 'Beazley Breach Response product helps detect emerging threats before they can cause damage to UK policyholders.
Their breach response coverage stretches across many facets. These include legal services, computer forensic services and notification services, ensuring businesses can notify their customers of a data breach as soon as possible. Call centre services, credit monitoring and public relations and crisis management expenses can also be covered to ensure a swift response in the instance of a cyber attack or data breach.
Their approach to first-party cover stretches across multiple risks. Business interruption and an ensuing loss as the result of a security breach or system failure. Cyber extortion loss is also covered, which can arise when a ransom is demanded to decrypt or return sensitive data to a business or individual. Another side to this is data recovery losses, which are the costs incurred by a business to retrieve or re-write data that has been destroyed or compromised during a cyber incident.
Beazley’s third-party cover insures against regulatory defence and penalties in the event of litigation resulting for a cyber attack or data breach. Data and network liability comes as part of the policy as well as payment card and liability costs associated with payment features. Full media liability cover also comes as part of a Beazley cyber policy.
Cybercrime features prominently in Beazley cyber insurance policies, with fraudulent instruction covered. This refers to someone taking monies under false pretences, i.e. pretending to be a senior figure in a company demanding a funds transfer. It's important to read the statement of fact document and ensure the minimum
cyber insurance requirements are adhered to.
CFC is a specialist insurer in the cyber market, providing top levels of expertise on all subjects relating to cyber. They offer a comprehensive cybercrime cover, extending to social engineering scams, invoice fraud and ransomware. They offer a separate limit for
cyber incident response costs, meaning that these costs sit separately to policy. This acts like two policy limits on each claim in the sense that the incident response costs are not eating into the overall policy limit. This can be very important in the instance of cybercrime where losses can be great.
CFC cyber insurance provide a 12-month indemnity period for business interruption costs, which is extensive compared to many other providers. This means they will reimburse costs relating to business interruption such as loss of net profit for as long as a year after the cyber incident. This is a particularly long window, removing some of the pressure in the event of a cyber attack or data breach.
In-house experts are made available 24/7 by CFC to help businesses in the immediate aftermath of a cyber attack or data breach. These experts are typically able to advise on the next steps following an incident, potentially saving both time and money for the business involved. This expert access is available with cyber policies at no extra cost.
Unlimited reinstatements on third-party cover mean that businesses are offered a new limit on each claim, even in the event of multiple claims within a single policy period. In a time of ever-increasing cybercrime incidents this can provide piece of mind that businesses are covered in the event of a repeat incident. Like the other insurers mentioned, CFC will cover the costs associated with data recovery and recreation. This might entail hiring extra contract staff or paying overtime to re-build following a cyber attack or data breach. It's worth noting, that if you're a technology business, CFC's combined cyber and technology E&O is one of the best products available in the market.
Chubb has underwritten cyber exposures for policyholders for over 20 years. They take pride in offering innovative, customisable risk solutions to address clients’ needs, regardless of size. They operate without a minimum premium, enabling scaling for all industries. They take a three-pronged approach to cyber insurance.
The first of these is loss mitigation services, which provide access to tools and resources to minimise the risk of losses relating to cyber incidents. The second is incident response, which refers to access to experts in legal matters, computer forensics, notification, call centres, credit monitoring and identity restoration. The third is risk transfer, which refers to the cover provided by Chubb, considered to be both broad and sustainable.
Their first-party coverage begins with incident response, such as data forensics teams and notification costs. These can be expensive in the aftermath of a cyber event, and minimise damage and affected parties. Business interruption costs are also covered through loss of business expenses and profits. Chubb also add contingent business interruption, which covers losses from the interruption of others’ systems. Digital data recovery covers the costs of replacing lost or damaged data and software. Telephone toll fraud is covered, as well as network extortion, which refers to a ransom payment to prevent the destruction of networks.
Third-party liability coverage includes several covers with Chubb. Cyber, privacy and network security liability covers the insured against failure to protect third-parties’ confidential information, or failure to prevent a cyber incident. Regulatory proceedings are covered with reference to defences required for regulatory actions and coverage for fines and penalties, where insurable by law.
Coalition
Coalition is relatively new in the UK (but with a significant presence in the US), and is having a large impact with it's new active cyber insurance offering. The direct (first-party) costs to respond to can involve incident response, legal services, forensic investigations, facilitating a ransom payment and many more. Coalition can cover breach response costs, including the notification of customers, credit monitoring and legal costs as well as Incident response services. Their crisis management cover will extend to public relations experts, media purchases and voluntary notification costs. Ransomware and
cyber extortion cover will cover the costs involved in an extortion incident, even a potential ransom payment.
The liability to others can be problematic in the incident of a cyber attack or data breach, quickly leading to large losses. Coalition offers network and information security liability, which covers the legal costs that arise from a loss by third-party because of your organisation’s breach. This can extend to unauthorised access, virus transmission, failure to provide notice or blocked access. Regulatory defence and penalties cover will reimburse for claims, expenses, fines and penalties that become a legal obligation to the insured organisation as a result of a security or data breach.
Business interruption is one of the main problems arising from cyber events, potentially leading to extreme losses in a short timeframe. Business interruption and extra expense cover will insure against losses resulting from an inability to operate, as well as the necessary expenses to get an organisation back up and running. Reputational harm loss cover reimburses businesses for lost net profit, or increased net loss, resulting from negative media exposure post-incident.
There are many ways in which a business can suffer losses resulting to cybercrime. Coalition covers many of these through their cyber policies. For example, funds transfer fraud is covered in the event someone in the business falls victim to social engineering scams, or there is a security lapse. Invoice manipulation is also covered, as well as phishing and impersonation scams.
The recovery and restoration processes involved in a cyber attack can be costly. It’s distinctly possible that technology, data and equipment can all be damaged, with mounting costs to replace. Coalition will cover computer replacement in the event malware has permanently altered their integrity. Digital asset restoration is also covered, relating to the costs involved in restoring any data, software or security measures damaged in an attack.
Lloyd's of London
Lloyd’s of London operates differently to most insurance providers, behaving as a marketplace in itself. They can provide access to 77 expert cyber risk insurers in a single place, meaning that it’s easy to tailor policies to the needs of an individual organisation. The diversity in its own insurance market sets Lloyd’s apart from typical insurers.
They offer coverages aimed at having effective breach response mechanisms. Data breaches can have serious consequences to both operations and reputation where businesses are concerned. Lloyd’s data breach response policies aim to provide services which help organisations manage the aftermath of a breach on top of the covers mentioned above. These include notification costs, forensic investigation costs, credit monitoring, legal costs and public relations services.
Cyber insurance claims stemming from a data breach is a source of great expense for organisations. Lloyd’s policies typically provide cover for third-party claims and any defence costs that come from a data breach or cyber attack. The regulatory fines and penalties that arise from increasingly strict regulation can be insured by Lloyd’s syndicates, while also providing defence costs associated with investigations.
Extortion cover is relatively standard across Lloyd’s syndicates, with ransom payment cover, as well as coverage for all costs relating to the restoration of the organisation’s affected systems. This goes hand in hand with business interruption cover, also offered by Lloyd’s, to aid with all costs relating to business outages resulting from cyber attacks and data breaches.
How to compare cyber insurance companies?
There are a range of factors involved in selecting the right cyber insurance provider for your business. These can range from coverage options to the reputation and financial stability of providers.
Coverage options – Evaluate the range of cover provided by each insurer, looking for elements such as data breach liability, business interruption, data restoration, cyber extortion cover and legal cost cover. Ensure that the coverage aligns with your specific business needs.
Policy Limits – Compare policy limits. Higher limits provide more extensive cover, but premiums may be higher. Assess these to ensure they are manageable for your business.
Exclusions and Limitations – Carefully review exclusions and limitations in the policies. Some providers may exclude certain types of cyber incidents or have limitations on specific coverages.
Claims Process – Investigate the claims process for each provider. Look for reviews or testimonials about their responsiveness and support during the claims process. Efficient claims handling can be crucial during a cyber incident.
Cost – Compare the premiums of different providers. Consider the value of the coverage relative to the cost. Cheaper policies may not offer comprehensive coverage.
Reputation and Financial Stability – Research the reputation and financial stability of the insurance providers. A provider with strong reputation and solid financial standing is more likely to be reliable in the case of a large-scale cyber incident.
Additional Services – Some providers offer additional services such as risk assessments, cybersecurity training, and incident response support. These services can be valuable in preventing and mitigating cyber incidents.
Customisation – Check if the providers offer customisable policies tailored to your industry and specific risk profile. Customisation ensures that the coverage fits your unique business requirements.
