Business Insurance have peace of mind

Compare business insurance quotes online
and purchase in minutes

Click here to instant quotes

Click here to download proposal forms

The best Cyber Libility Insurance in UK

Cyber Liability Insurance

Current Risk Landscape

Cyber related incidents have dominated the headlines over the last few years and they are now cited as a 'top three' global threat.

Although the majority of the headlines involve hacks against the blue-chip corporations and major public bodies, like the NHS hack (caused by the Wannacry cyber-attack), small businesses are being constantly targeted as they are often easy pickings for the cyber criminals.

Unlike the big corporations such as Talk Talk, who have large capital reserves, if small businesses are attacked it can often lead to their company going bust as the recovery bills are too commercially unviable.

A huge risk facing small businesses at the moment is cyber-crime. You may be aware of how easy it is for criminals to impersonate business owners and steal funds/confidential information and this is cited as the highest risk area facing us all in the UK. Criminals can purchase malicious software packs from the dark web and subsequently target businesses with mass spam attacks, resulting in funds being stolen, computer systems being destroyed and businesses then being left to try and restore their operations and reputation.

In addition, and looking ahead at changes in the law, you may have seen the news articles linked to a change in data protection legislation. On the 25th May 2018, the new modernised data protection laws will come into force and if you experience a cyber security breach whereby confidential information (this could be employee or client personal information, bank records etc.) is compromised, the maximum fine has been increased from £500,000 to €20m and you will have to report a breach to the ICO within 72 hours, or face further fines!!

Alongside insurance, it would be recommended to seek the expertise of an information security specialist to help make sure that you are compliant with the law and that your systems are as robust as possible.

Insurance coverage

The Cyber Liability Insurance market for SME's is still in its infancy, but having upskilled ourselves in cyber liability insurance over the last few years, we have access to the majority of the key Insurers in this field.

Prices for basic policies currently start at £250.00 + IPT for £100,000 worth of cover, with a more comprehensive policy starting at around the £1,000.00 + IPT mark for £250,000 worth of cover.

At the present time, there is still no standardised wordings/definitions (due to the infancy of the product and lack of claims data) and therefore coverage can vary quite a bit between different Insurers. However, a comprehensive cyber policy should include the following:

a) Cyber Incident Response:

If you are victim of a cyber event, without insurance in place it is often difficult for you to access the relevant expertise quick enough to help mitigate the damage caused to your business as a result of the hack.

In the event of a hack, you will need access to specialist expertise; Incident response teams, Lawyers, IT forensics, Public Relations Experts, who will be perfectly placed to make sure you fix the situation as quickly as possible and help to reduce any possible fines and reputational damage.

b) Cyber Crime:

This is a massive risk exposure for UK companies in particular and regardless of which fraudulent tactic is used by the cyber-criminal, the damaging effects can often be unrepairable without insurance. Some common claims examples are shown below:

Cyber-criminal conducts social engineering against a company. The criminal impersonates the CEO by using a very similar email address and targets the accounts staff, asking for money to be sent to a designated account. To an untrained eye (which is the majority of staff) the email looks legitimate and the member of staff sends the money to the account. The fraud is detected too late and the money is lost. CFC saw a real life claim similar to this whereby £200,000 was wired to the criminal, who got away undetected, which is often the case due to it being difficult to track cyber-crime.

Other examples include criminals hacking your systems and then once in, locking you out of your system and demanding a ransom for the safe release of information/unlocking of your system, and/or hacking your telephone lines and racking up expensive bills, of which you would be liable to pay.

c) System Damage and Business Interruption:

If you are a victim of a cyber event, the actions of the hackers are likely to damage your computer systems (sometime beyond repair) and whilst you are either locked out of your system (after extortion/ransom attack), or working to set up a new computer system, you may be unable to trade, which is likely to result in losses of income and consequential reputational harm. This clause is designed to reimburse you for such losses.

d) Network Security & Privacy Liability:

The effects of a cyber-attack may not just result in your company suffering harm, it could also result in your clients/employees suffering harm too. This clause is designed to cover the costs associated with you being sued by a third party for their losses which arise due to the cyber-attack you suffered.

Examples of this could include, employee or client suing you as their personal information was stolen from your systems, which resulted in their identities being illegally used by the criminals to take out loans etc. Or, as a result of the hack you may have transmitted a virus on to a third party whose systems are ruined as a result of this. In addition, in the event of a security breach, the Information Commissioners Office are likely to investigate and can impose fines on you if your systems were not up to standard.

e) Media Liability:

Once inside your computer systems, hackers could post illegal content on your websites/social media feeds. You will be responsible for this and if this was to occur, you are likely to be open to third parties suing you for any losses incurred as a result of the illegal content uploaded and also your reputation will take a hit too.

To bring some context to this with an example, a hacker breaches your system and defames your competitors on social media feeds. They suffer reputational damage from the comments and sue you for the losses.

Some guidance on where to start:

We believe that a good first step is to consider the following:

The effects on your business if you were completely knocked offline as a result of a hack. Could you still operate profitably?

How would you respond if your data and programmes were destroyed or you were held to ransom for their return? How secure are your confidential records?

The effects of several thousands of pounds being illegally transferred from your accounts after a social engineering hack attack?

It is crucial for companies to keep their computer systems up to date to help prevent security breaches, but it is also important to remember to have defences in place to cover the costings of a security breach.

It is crucial for companies to keep their computer systems up to date to help prevent security breaches, but it is also important to remember to have defences in place to cover the costings of a security breach.

An example of a security breach can be a malicious link in an unwanted email that is opened or an employee entering a virus onto the network in the office through a USB drive or other means.

Contact one of our experienced brokers on +44 (0) 1323 648000 or e-mail us at

Get a quote onlineDownload proposal form