Cyber and Data Insurance

Cyber & Data Insurance For Your Business

What is cyber and data risks insurance

Cyber and data risks insurance is designed to support and protect your business if it experiences a data breach or is the subject of an attack by a malicious hacker that affects its computer systems.

Is your business at risk?

Does your business:

  • hold sensitive customer details? Such as name, address, date of birth or bank account details.
  • use computer systems to conduct your business?
  • have a website?
  • use online payment and/or is subject to a payment card industry (PCI) merchant services agreement?

If you answered yes to 1 or more of the above questions then your business could be vulnerable to a data breech or loss of vital business services.

What types of protection to my business does a Cyber and Data insurance policy provide?

Listed below are some of the costs/benefits this policy could protect your business against:

  • Ransomware - Cyber extortion
    Protection if a hacker tries to hold your business to ransom by covering the ransom you have paid, as well as the services of a leading risk consultancy firm to help manage the situation.

  • Breach costs
    If you suffer a data breach (electronic or otherwise) the policy will offer practical support including forensic investigations, legal advice, notifying customers or regulators, and offering support such as credit monitoring to affected customers.

  • Crisis containment
    If you suffer a data breach, prompt, confident communication is critical to help minimise the damage caused to your businesses reputation. In our cyber and data insurance policy we include cover crisis containment cover with a leading public relations firm who can provide expert support, in terms of developing communication strategies to running a 24/7 crisis press office.

  • Cyber business interruption
    Provides compensation for loss of income (including where caused by damage to your reputation), if a hacker targets your system and prevents your business from earning.

  • Hacker damage
    Provides cover for the reimbursement of costs of repair, restoration or replacement if a hacker causes damage to your company website(s), programmes or electronic data.

  • Privacy protection
    The policy will offer cover to defend and settle claims made against your business for failing to keep customers personal data secure. This includes the costs associated with regulatory investigations and settling of civil penalties levied by the regulators where allowed.

  • Multimedia liability
    If you mistakenly infringe someones copyright by using a picture online - for example you inadvertently libel a 3rd party in an email or other electronic communication. The policy will provide protection against this.

Optional Covers

  • Cyber crime
    Cover for direct financial loss (theft of money, property or digital assets) following an external hack into your businesses computer network.

  • Telephone hacking
    Covers the cost of unauthorised calls made by an external hacker following a breach of your company's computer network - Online calls VoiP, Skype etc or traditional fixed lines.

Examples From The News

HSBC has said some of its US customers' bank accounts were hacked in October.

HSBC has said some of its US customers' bank accounts were hacked in October.

The lender said that the perpetrators may have accessed information including account numbers and balances, statement and transaction histories and payee details, as well as users' names, addresses and dates of birth.

Source: BBC News — 6 November 2018.

Carphone Warehouse has been fined £400,000

Carphone Warehouse has been fined £400,000 by the Information Commissioner's Office (ICO) after a data breach in 2015.

Hackers gained unauthorised access to the personal data of more than three million customers and 1,000 employees during a cyber-attack.

Source: BBC News — 10 January 2018.

Morrisons has been found liable for the actions of a former member of its staff

Morrisons has been found liable for the actions of a former member of its staff who stole the data of thousands of employees and posted it online.

Workers brought a claim against the company after employee Andrew Skelton stole the data, including salary and bank details, of nearly 100,000 staff.

The High Court ruling now allows those affected to claim compensation for the "upset and distress" caused.
The case is the first data leak class action in the UK.

Source: BBC News — 1 December 2017.


  • I outsource my payment and card processing. Do I have payment card exposures?
    • Yes, according to the Payment Card Industry (PCI) Compliance Guide. PCI compliance applies to all businesses that accept, transmit, or store any cardholder data, regardless of their size, or number of transactions. By using a third-party company for payments, it may cut down on your risk exposure and consequently reduce the effort to validate compliance but it doesn’t mean you can ignore PCI compliance.
  • What types of business need this cover?

    All businesses that:
    • Hold sensitive customer data. For example, you keep a record of names, addresses or banking information.
    • Are reliant on computer systems.
    • Have a website.
    • Use an online payment facility.
    The most common businesses that we see taking out this cover are:
    Advertising and marketing
  • I have passwords, is that the same as encryption?
    • No, encryption scrambles the data on a hard disk so it is unusable, unless it is opened with a decryption key. If you only password protect your data a hacker could bypass the password to access the information that has not been encrypted.
  • Why do I need to buy "Cyber and Data Insurance" for my business?
    • There is a black market for the buying and selling of data. Hackers are getting more and more shrewd in the ways that they hack data. In 2014 The Department for Business, Innovation and Skills reported that 74% of small businesses and 90% of large organisations had suffered a data breach.
  • My data is stored in the cloud - does the liability not rest with the cloud company?
    • You would need to check the contracts with your legal team. As the liability may still fall to you. The risk may have been reduced by using this service but in general you can outsource the service but not the responsibility.
  • My IT team is confident we are secure do I still need a policy?
    • Yes, many large companies that have separate departments  for IT security have still suffered data breaches - examples of this would be Yahoo, Talk Talk, Uber and the NHS.
    • A simple oversight like not updating software, losing an unencrypted laptop, or a rogue employee with malicious intent can all lead to breach.