Cymraeg

Cyber Liability Insurance

Insurance has long been used by businesses as part of their risk management and disaster recovery plans and there are plenty of statistics that demonstrate that inadequately insured businesses are unlikely to survive major incidents. Until recently most businesses have insured only computers and mobile devices against physical risks such as damage, theft or loss, with electronic equipment being insured on the same basis as their furniture and with no cover for lost, stolen or disrupted data. Some organisations may have wider policies that also include cover for equipment breakdown and limited expenses for reinstatement of data … but most cyber risks are excluded. Insurers and businesses have recognised that traditional insurance is inadequate and there is a need for cyber liability insurance to cover events such as lost data, viruses, hacking and data protection breaches. As well as covering the risks of financial losses, having cyber liability insurance is increasingly becoming a condition of conducting business.

Risks insured against

Cyber liability insurance is still a relatively new service and the levels of cover can vary immensely between different insurance companies, however a good cyber liability policy can cover the following:

  • Loss, damage or distortion of own data
  • Loss, damage or distortion of third party (including customer or supplier) data
  • Contamination of third party (including customer or supplier) systems with malware
  • Forensic costs
  • Technical support to restore systems & data
  • Legal support
  • Crisis management and PR support
  • Payment of fines and penalties
  • Reduced income / business interruption
  • Payment of ransoms
  • Social media embarrassments
  • Breach of copyright
  • Loss of data stored in the cloud
  • Notification of data subjects
  • Credit monitoring for data subjects
  • Physical damage caused by a data breach
  • Accidental and malicious acts

Any organisation that relies upon data, handles sensitive or confidential information, communicates electronically or controls systems and processes electronically should consider protecting their business with cyber liability insurance. You should look at your own risk profile and purchase cover to suit your own vulnerabilities and risks. The cyber liability needs of an online retailer are very different to those of a solicitor, precision engineer, doctor’s surgery or school and the number of employees is also relevant.

Costs

Cyber liability insurance premiums have dropped dramatically in recent years but is determined by the size and activities of the business requiring insurance. As is to be expected, insurers look favourably on businesses that have good cyber risk management. For example, organisations which achieve standards such as Cyber Essentials or IASME will often achieve premium discounts or even free insurance, subject to conditions. Alternatively, businesses who do not have adequate security may find it difficult to obtain cover.

Due to the complexity, we recommend that you obtain cover from an independent insurance broker which has a specialism in cyber insurance. They will be able to advise you and assist you in obtaining the appropriate cover for your business.

This page has been compiled with the kind assistance of Sutcliffe and Co Insurance Brokers

In partnership with

Jargon Buster

A Glossary of terms used in this article:

Profile

A list of personal details revealed by users of social networking, gaming, dating and other websites. Profiles may normally be configured to be public or private.