Cyber insurance explained

Cyber insurance helps protect businesses from the financial impact of cyber incidents. It covers costs that other business insurance typically doesn’t – from breach response to business interruption.

What it is and why it matters

Cyber insurance is designed to cover losses from cyber incidents – ransomware, data breaches, business email compromise, and more.

It typically covers two types of loss:

First-party losses: Your direct costs – business interruption, data recovery, forensic investigation, crisis management.

Third-party claims: Claims made against you by customers, partners, or regulators following a breach.

What does a cyber insurance policy from Datasurance cover?

Breach Response Services Access to legal counsel, IT forensics, PR support, and crisis management. Available 24/7 when you need it most.

Business Interruption Coverage for lost income when cyber incidents halt your operations. Includes both security breaches and system failures.

Data & Network Liability Defence costs and damages for claims arising from data breaches or network security failures.

Cyber Extortion Support for ransomware incidents, including negotiation expertise and associated costs.

Regulatory Defence & Penalties Coverage for regulatory investigations, defence costs, and insurable penalties.

E-Crime Protection against social engineering fraud, funds transfer fraud, and telephone fraud.

Data Recovery Costs to restore or recreate data damaged or lost in a cyber incident.

What happens when Datasurance policy holders need to make a claim?

When a cyber incident occurs, speed matters. Most cyber policies provide 24/7 access to incident response teams.
Report immediately
Contact the claims hotline as soon as you suspect an incident. Early reporting can significantly reduce impact.
Preserve evidence
Don’t attempt cleanup until directed by the response team. Evidence preservation is critical.
Expert support
The insurer coordinates legal, forensic, and PR resources. You’re not managing this alone.

For Datasurance policyholders: Contact Beazley’s 24/7 claims hotline on 020 3514 2434 or email BBRUK@beazley.com

Cyber insurance is a form of cover designed to protect your business from threats in the digital age, such as data breaches or malicious cyber hacks.

Response services – Access to services from renowned experts after an incident, for example: Legal advice, IT investigation, public relations and crisis management assistance, Notification & monitoring clients impacted by the incident.

Policyholder’s liability – Loss of income caused by: Cyber security breach, data recovery costs, cyber extortion – payments associated with ‘ransomware attack’, unintentional and unplanned interruption of computer system.

Policyholder’s liability to others – Damages, penalties and claims expenses resulting from cyber incidents, including Data breach liability, Regulatory penalty payments, Payment card liabilities and costs, Media liability.

E-Crime – These can be commonly referred to as ‘social engineering’: fraudulent instruction, funds transfer fraud, loss of funds due to the tricking of a policyholder or financial institution by a criminal pretending to be a stakeholder to transfer funds to the criminal’s account.

Breach Response – GBP 100,000 Legal, Forensic & Public Relations/Crisis Management each loss.

Number of records – 50,000 Number of notified individuals each loss.

The Breach Response Limits above are in addition to the single Loss Limit of Liability.

Policy Limit of Liability – GBP 250,000 Single Loss Limit of Liability.

Additional Breach Response Limit – GBP 250,000 Additional Breach Response Limit.

First Party Loss  

Business Interruption Loss

GBP 250,000 resulting from a Security Breach each loss during the policy period.

GBP 250,000 resulting from a System Failure each loss during the policy period.

Dependant Business Interruption Loss – GBP 100,000 resulting from a Dependant Security Breach each loss during the policy period.

The limit of liability for Dependant Business Interruption Loss is part of and not in addition to the Business Interruption loss limit listed above.

Cyber Extortion Loss – GBP 250,000 each loss during the policy period.

Data Recovery costs – GBP 250,000 each loss during the policy period.

Liability  

Data & Network Liability – GBP 250,000 each loss during the policy period.

Regulatory Defence & Penalties – GBP 250,000 each loss during the policy period.

PCI Fines, Costs & Expenses – GBP 250,000 each loss during the policy period.

Media Liability – GBP 250,000 each loss during the policy period.

E-Crime

Fraudulent Instruction – GBP 50,000 each loss during the policy period.

Funds Transfer Fraud – GBP 50,000 each loss during the policy period. 

Telephone Fraud – GBP 50,000 each loss during the policy period.

Criminal Reward

Criminal Rewards FundsGBP 50,000 each loss during the policy period.

Breach Response

Nil – Forensic & Public Relations/Crisis Management

But

Nil – for legal costs

50 – Notified Individuals Threshold

First Party Loss  

Business Interruption Loss

GBP 1,000 resulting from a security breach & system failure each incident

GBP 1,000 Dependent Business Interruption Loss resulting from a dependent security breach and dependent system failure

GBP 1,000 each incident 

Waiting period – 8 hours 

Extortion Loss – GBP 1,000 each incident 

Data Recovery – GBP 1,000 each incident 

Liability  

Data & Network Liability – GBP 1,000 each claim

Regulatory Defence and Penalties – GBP 1,000 each claim 

Payment Card Liabilities & Cost Retention – GBP 1,000 each claim 

Media Liability – GBP 1,000 each claim 

E-Crime  

Fraudulent Instruction – GBP 1,000 each incident 

Fund Transfer Fraud – GBP 1,000 each incident 

Telephone Fraud – GBP 1,000 each incident 

Please note, above retention limits for First Party Loss, Liability & E-Crime increase to £5,000 each claim/incident for companies with turnover over £10 million

For full details, please check the document – Cyber Insurance Policy coverage details document and policy wordings

Multi Factor Authentication uses a second piece of information to authenticate access, such as a text to your mobile phone, so more than just a password.

Passwords alone no longer provide enough security, especially for services accessible from the Internet (e.g., Microsoft 365, Google Workspace, etc).

Phishing attacks – Cybercriminals use deceptive emails and websites to trick employees into clicking on malicious links, and divulging sensitive information such as login credentials, financial details or personal data.

Ransomware – In these attacks malware encrypts a company’s data and attackers demand a ransom for the decryption key which would allow the targeted company to re-access their systems.

Insider Threats – whether malicious or accidental, pose a significant risk. Employees, contractors or business partners with access to sensitive information can inadvertently or intentionally cause data breaches.

Malware and Viruses – Malware and viruses can infiltrate business systems through various vectors, including email attachments, visiting malicious websites, and opening or downloading compromised software.

Weak passwords and authentication – weak, reused or shared passwords are a common vulnerability that cybercriminals exploit to gain unauthorised access to systems and data.

YES – Cyber Dependent Business Interruption will be triggered if the technology provider or any other critical provider has a network security event or an unplanned outage.  This amount of cover is often more than you can recover under your commercial contract with the technology provider

Don’t think of a Cyber Insurance Policy covering  losses associated with technology only. Personal data can be electronic or paper.

Personal data is widely defined, for example: social media posts, photographs, lifestyle preferences, transaction histories, or IP addresses.

Almost everyone is a realistic target for ransomware. If you inadvertently install ransomware, it may limit access to your system and display a pop-up message threatening the user to pay the ransom to access their information.

Everyday payment processing activities are a realistic target for fraudulent transfer requests. An apparent authentic request for payment online could infact be a criminal. Targets include every type of business, including : lawyers, accountants, construction, schools, charities, councils, manufacturers, and estate agents.

Some cyber exposures do not involve personal data.

  • If your network was unavailable, would you potentially lose revenue?
  • You could lose corporate data.
  • A hacker compromising your network could allow access to your clients’ data.
  • Data breaches are common among smaller businesses. Some 58% of small businesses have experienced a data breach.

  • Data held by small businesses is low hanging fruit – hackers know these enterprises may lack the security and resources of their larger counterparts. In the first nine months of 2018, 71% of ransomware incidents impacted small and medium-sized businesses.

  • Hackers often use automated scripts to find weaknesses so do not know who you are.

  • Many incidents are non-malicious, for example:
    – Inadvertently sending an email with attachments to the wrong person.
    – Incorrectly disposing of paper.
    – Hackers may not be targeting you, rather targeting your clients.

  • You may download a virus.

  • Hacking isn’t your only exposure, or even your primary one. Human errors and systems glitches caused nearly two-thirds of data breaches in a recent survey.

In case of a claim, please contact your insurer, Beazley Insurance DAC.

EmailBBRUK@beazley.com
Phone+44 (0)20 3514 2434 (24 hours)

We do not recommend you cancel any existing cover, without seeking advice from an insurance professional. If you already have Cyber Liability Insurance, please refer to the insurance broker who provided this cover for their professional advice on whether you should continue with the policy they arranged. There might be additional cancellation terms and conditions, please check with your insurer.

Don't see the answer you need?

If you have any questions that are not listed here, please reach out to us below.

Get cyber insurance cover today