Legal notices

Cyber Insurance Policy

Last updated: November 2025

This document provides a summary of the cover, exclusions and restrictions. The full terms and conditions of this insurance, including the general policy limits, can be found in the policy document.

What is this type of insurance?

This is a cyber insurance policy that covers financial losses suffered by the insured and its liability for damages caused to third parties as a result of cyber attacks or network security malfunctions. The policy also provides breach response service. This insurance product is aimed at small/medium-sized companies and freelancers.

What is insured?

Breach Response Services: provision of services to the Insured Organisation because of a Data Breach or Security Breach first discovered during the Policy Period.

Business Interruption Loss: Business Interruption Loss that the Insured Organisation sustains as a result of a Security Breach or System Failure that the Insured first discovers during the Policy Period.

Dependent Business Interruption Loss: Dependent Business Loss that the Insured Organisation sustains as a result of a Dependent Security Breach or a Dependent System Failure that the Insured first discovers during the Policy Period.

Cyber Extortion Loss: Cyber Extortion Loss that the Insured Organisation incurs as a result of an Extortion Threat first made against the Insured Organisation during the Policy Period.

Data Recovery Costs: Data Recovery Costs that the Insured Organisation incurs as a direct result of a Security Breach that the Insured first discovers during the Policy Period.

Data & Network Liability: Damages and Claims Expenses because of any Claim first made against any Insured during the Policy Period for:
1. a Data Breach;
2. a Security Breach;
3. the Insured Organisation’s failure to timely disclose a Data Breach or Security Breach;
4. failure by the Insured to comply with an applicable Privacy Policy.

Regulatory Defence & Penalties: Penalties and Claims Expenses, because of a Regulatory Proceeding first made against any Insured during the Policy Period for a Data Breach or a Security Breach.

Payment Card Liabilities & Costs: Reimburse the Insured Organisation for PCI Fines, Expenses and Costs because of a Claim first made against any Insured during the Policy Period.

Media Liability: Damages and Claims Expenses, because of any Claim for Media Liability.

eCrime: indemnity against loss due to specific fraud.

Criminal Reward: indemnity cover for Criminal Reward Funds.

What is not insured?

The coverage under this Policy will not apply to any loss arising out of:

Bodily Injury or Property Damage;

Unfair Trade Practices and Antitrust Violation;

Unlawful collection or retention of Personally Identifiable Information or other personal information;

Distribution of unsolicited communications;

Prior known acts & prior noticed claims;

Racketeering, benefit plans, employment liability & discrimination;

Sale or ownership of securities & violation of securities laws;

Criminal, intentional or fraudulent acts;

Patent, software copyright, misappropriation of information;

Governmental actions (claims brought by or on behalf of any national, local or foreign governmental entity, in such entity’s regulatory or official capacity);

Other insureds & related enterprise;

Trading losses, loss of money & discounts;

War and Civil War;

Professional services;

This Beazley Breach Response cyber insurance also contains exclusions specific for Media-Related Exposures and for First Party Loss.

Are there any restrictions on cover?

This policy’s liability insuring agreements provide coverage on a claims made and reported basis and apply only to claims FIRST MADE AGAINST THE INSURED DURING THE POLICY PERIOD or the optional extension period (if applicable) and reported to the underwriters in accordance with the terms of this policy.

The Underwriters will pay up to the Policy Limit of Liability listed in the policy schedule subject to the terms, conditions and exclusions of this Policy.

The limit of liability payable under each insuring agreement will be an amount equal to the Policy Limit of Liability unless another amount is listed in the Schedule. Such amount is the amount payable under this Policy pursuant to such insuring agreement and is part of, and not in addition to, the Policy Limit of Liability.

The Named Insured must pay the relevant Retention/Excess listed in the policy schedule, which applies separately to each incident, event or related incidents or events giving rise to a Claim or Loss.

The payment of the applicable Retention/Excess is a condition precedent to the payment of any Loss under this Policy, and the Underwriters will be liable only for the amounts in excess of such Retention/Excess.

Specific exclusions apply to the Media Liability and the First Party Loss insuring agreements.

Specific endorsements may apply to your policy.

Where am I covered?

The Insured is covered anywhere in the world excluding USA & Canada.

What are my obligations?

In the event of any actual or suspected Data Breach or Security Breach, please contact the Breach Response Services Team via the contacts listed in the Schedule.

Notify the Underwriters of any Claim, or any Circumstance that can give rise to a Claim, as soon as reasonably practicable, and in any event no later than 60 days after the end of the Policy Period or the end of any applicable Optional Extension Period, through the contacts listed in the Policy.

The Insured will cooperate with and assist the Underwriters in all investigations, including investigations regarding coverage under this Policy, this includes the Insured executing or causing to be executed all papers as is requested by the Underwriters.

The Insured agrees not to take any action which in any way increases the Underwriters’ exposure under this Policy.

The Insured shall not admit liability, make payment, assume any obligation, incur any expenses, enter into any settlement, consent to any judgment or award or dispose of any claim in excess of the Retention, unless it is a Claim where the Damages, Penalties, PCI Fines, Expenses and Costs and Claims Expenses do not exceed the Retention, provided that the entire Claim is resolved and the Insured obtains a full release on behalf of all Insureds from all claimants.

Who pays the premium?

Premium for the Datasurance provided Cyber Insurance policy is paid by Datasurance.

When does the cover start and end?

Cover starts on the inception date and expires on the expiry date as specified in the Schedule unless terminated earlier.

How do I make changes/cancel the insurance policy?

If at any time, you wish to make changes, update, amend or cancel your policy to meet your changing needs please contact the Datasurance service team at Marsh Commercial who will be able to guide you through the process.

IMPORTANT: If the changes fall outside of the parameters for the Datasurance provided Cyber Insurance policy, this policy will be cancelled, Marsh Commercial can help you with the placement of a bespoke policy. Please note the premium for a bespoke policy will be payable by you.

If you decide to cancel the insurance policy, any refund will be payable to us (Datasurance).