What is cyber insurance?

What is Cyber Insurance and do you need the cover?

Written by Simon Taylor


What is cyber insurance?

Cyber insurance, also known as cyber liability insurance, is a type of business insurance designed to help companies or organisations manage the risk of cyber-related security breaches and events. A cyber insurance policy an provide financial protection and proactive tools to help guard against the consequences of cyber attacks, data breaches, and other malicious online threats.

Traditionally a cyber insurance policy will cover a variety of financial loss and expenses, including network security liability, privacy liability, data restoration, loss of business income due to downtime, legal fees, ransom demands, forensic analysis, and regulatory fines. Many policies today also include services that help the insured respond to an incident. This can involve access to cybersecurity experts who can remedy the breach and manage getting your systems up and running, legal teams to address compliance issues, breach notification services, and public relations professionals to handle any communications.

Applying for cyber insurance often forces companies to evaluate and improve their existing cyber security controls, as insurers will typically have minimum cyber insurance requirements to be in place before providing cover. This can lead to stronger security protocols and a reduced risk of cyber incidents. Some insurers can even assist with cyber risk assessment tools as part of the application process. Non-invasive penetration testing of public websites and portals can identify open ports and weaknesses that malicious actors or cyber criminals can take advantage.

Cyber insurance is increasingly viewed as an essential component of a company or organisation’s risk management strategy, especially given the frequency and severity of cyber events and information breaches continue to rise. It’s important to note that policies can be tailored to fit the specific cyber needs of a business or organisation, dependent upon their industry, size, exposure to different cyber risks, amount of personally identifiable information, and sensitivity of that personal information. Therefore, it’s worth engaging with a cyber insurance broker such as us about your requirements.

What does cyber insurance cover?

Ccoverage can vary widely depending on the cyber insurer and the specific policy, but generally, it can be broken down into several key areas:

First-Party Coverage:

This part of the cyber insurance policy covers the direct costs that a business or organisation incurs because of a cyber attack or data breach. This typically includes:

Incident Response: the costs for hiring specialists to manage the aftermath of a breach, including IT forensics, public relations efforts, and legal expertise.

Data Restoration: Costs associated with recovering or replacing damaged or lost data in the event computer systems are damage from an attack.

Business Interruption: Compensation for lost income and operating expenses if business operations are disrupted due to a cyber event.

Cyber Extortion: Coverage for costs associated with ransomware attacks, including ransom payments if deemed necessary and covered under the policy.

Cyber Fraud: Coverage for losses from cyber crime, such as phishing or social engineering attacks that lead to the unauthorised transfer of funds.

Social Engineering Coverage: Social engineering fraud is the act of influencing a person, which typically results in a voluntary payment to the fraudster.

Third-Party Coverage

Otherwise known as cyber liability insurance, protects against compensation claims and regulatory investigations made by others resulting from a cyber incident. This includes:

Network Security Liability: Coverage for breaches resulting from cyber security failures that lead to data theft, data loss, or denial of service attacks.

Privacy Liability: Protection in case of violations of data protection laws or regulations, including unauthorised access or use of personal information.

Media Liability: Coverage for intellectual property infringements, defamation, libel, or slander, resulting from your electronic content.

Regulatory Fines: Coverage for fines or penalties that may be imposed by regulatory bodies following a data breach or cyber incident.

Cyber liability insurance will provide for a legal costs, settlements, judgements, and damages, if you face legal disputes or regulatory actions due to a data breach or cyber event. The specifics of what cyber insurance covers can differ significantly between policies, so it's crucial to carefully review the terms and ensure you understand what is and isn't covered. It's also important to align coverage with your specific risks and needs.

Do you need cyber insurance?

Any entity that depends on digital technologies for storing data or conducting business operations, faces potential cyber risks, and should consider the protections provided under a cyber insurance as part of a comprehensive risk management plan. The coverage can be beneficial for a wide range of entities, from small businesses to large corporations, and non-profit organisations. Essentially, any person that uses technology to conduct its operations can benefit from cyber insurance.

What is Cyber Essentials?

Cyber Essential is a government-backed cyber scheme launched by the UK government in 2014. It is primarily aimed at small and medium-sized enterprises (SMEs). The scheme focuses on basic cyber hygiene measures to help reduce a company's vulnerability.

The cover provided is typically deemed insufficient for most businesses and non-profit organisations, given the size of the limits available and scope of the cover. Alternative, cyber insurance products are available that provide greater security at a more cost-effective premium.

What cyber threats can insurance protect against?

Cyber cover is designed to protect against a wide range of cyber threats and incidents, which can significantly impact your financial health, operations, and reputation. Some of the key threats covered by cyber insurance typically include:

Data Breaches: Unauthorised access to or theft of data, including sensitive customer information like payment card numbers, passport information, or health records.

Ransomware Attacks: Malicious software that encrypts data and demands a ransom for the decryption key. Coverage can include the ransom payment, as well as costs associated with recovery.

Social Engineering: Fraudulent schemes that often involve email phishing attacks aiming to trick employees into transferring money or sensitive information to attackers.

Denial of Service (DoS): These threats designed to overwhelm systems, networks, or applications to make them unavailable to intended users. Cyber insurance can cover business interruption losses and the cost of mitigating the attack.

Malware and Viruses: Software designed to damage or gain unauthorised access to computer systems. Insurance can cover the costs related to eliminating the malware and restoring systems to normal.

Data Loss: This includes data destroyed by cyber attacks or accidentally deleted or corrupted by employees. Coverage often includes the cost of restoring or recreating data.

Legal Action and Regulatory Fines: Costs arising from legal actions taken against an organization for failing to protect data or for violating privacy laws, along with potential regulatory fines.

Reputational Damage: Costs associated with managing and mitigating damage to your reputation following a cyber event, including crisis management and public relations.

Given the increasing frequency, sophistication, and impact of cyber threats, cyber insurance plays a vital role in helping manage these risks effectively. It acts not just as a financial safety net, but also as a comprehensive support system in the face of new cyber challenges.

Why do you need cyber insurance if you have cyber security?

While cyber security measures are crucial for protecting against a cyber threat, they cannot guarantee complete immunity from the impact of such an event. Cybersecurity insurance plays a critical role in the overall risk management strategy by providing financial protection and expert assistance in the event of a cyber attack occurring. The protection provided acts as a comprehensive approach to managing cyber risks in conjunction with cyber security efforts.

Why cyber hygiene is important when applying for insurance?

Cyber hygiene is an important consideration during the business insurance application process and commonly a prerequisite to obtaining the required coverage. It refers to the internal practices and features applied to help maintain a minimum level of security to guard against cyber risk. Effective cyber hygiene involves a variety of regular activities such as:

Regular Software Updates: Keeping all software up to date, including operating systems, applications, and security software, to patch security vulnerabilities.

Use of Strong Passwords: Creating and using strong, unique passwords for all accounts and using a password manager to keep track of them.

Multi Factor Authentication: Enhancing security by adding a second layer of protection to account logins, such as a text message code or an authentication app, to email account and your back-end software.

Regular Backups: Performing regular backups of important data to prevent data loss in the event of a cyber attack or hardware failure.

Secure Network Connections: Using secure, encrypted connections to access the internet, avoiding public Wi-Fi without a virtual private network (VPN), and ensuring that home and business networks are secured.

Anti-Virus and Anti-Malware Protection: Installing and maintaining anti-virus software to detect and remove malicious software.

Education and Training: Keeping oneself and employees trained on the latest cybersecurity threats and how to avoid them, such as recognizing phishing emails and malicious websites.

Limiting User Access: Restricting user access to the information necessary for their work duties to minimise the cyber risk of insider threats or accidental data exposure.

Read about other small business insurance products

What is professional indemnity insurance?

What is cyber liability?

Cyber liability refers to the legal responsibilities and potential liabilities that a company, person or non-profit organisation could face because of activities performed over the internet, with electronic devices, or over public networks and information systems.

Cyber liability insurance can protect against a wide range of cyber risks associated with data breaches, cyber attacks, unauthorised data access, loss of sensitive information, and other forms of malicious or accidental incidents. If sensitive or confidential information is disclosed without permission, the entity responsible for securing that information may face significant financial liabilities for failing to protect it. This can include damages awarded for financial losses arising from fraud, identify theft, and emotional distress.

It is common for businesses to have contractual obligations related to cyber liability insurance. Failure to meet these obligations can lead to breaches of contract and associated liabilities, such as breaches of confidentiality. Cyber liability insurance is often used to mitigate these risks by providing coverage for various expenses and legal costs associated with these liabilities. It helps address the financial repercussions of cyber incidents and supports them in navigating the complex landscape of cyber risks and regulations.

Who needs professional indemnity insurance?

National cyber security centre


About the author

Simon Taylor is a respected senior industry professional and a Chartered Insurance Broker with over 20 years’ of experience in the commercial insurance sector as an underwriter, broker and director.