Cyber insurance

Cyber insurance

Essential protection and recovery from a cyber attack

A cyber insurance policy is also known as cyber security or cyber liability insurance. It helps your business to recover losses and associated costs resulting from large-scale breaches, business interruption, ransomware and other types of cyberattacks.

Combatting cybercriminal activity with Eric Alter

Eric Alter, Risk Management Leader, Marsh, explores the cyber risk landscape and how UK businesses can combat cybercriminal activity.

Cyber liability insurance can cover:

  • business interruption and lost revenue
  • cyber extortion
  • data and hardware restoration and repair
  • data breach notification services
  • employee training
  • first and third-party costs
  • forensic services
  • fraudulent representation and legal fees
  • incident preparation and response support
  • regulatory defence and penalties

Why do I need cyber insurance cover?

Whatever the size of your company, you probably depend on electronic systems to help run your business. It might be selling online, using office applications and email or in some cases, your whole business might be IT systems driven.

The myth that only big businesses suffer cyber-attacks is simply not true. In reality, businesses of all sizes are being targeted. Four in ten businesses (39%) and a quarter of charities (26%) report having cyber security breaches or attacks in the last 12 months.1 With the average cost of a cyber incident totalling £2,670.2 However, this cost becomes greater as the size of a business increases. So, no matter what size you are, it’s likely you’ll need a cyber insurance policy in place.

Some businesses believe that the data they hold isn’t worth stealing and that they’re unlikely to need protection. But, think what information you hold. Business details? Postal addresses? Named individuals and email addresses? Invoicing details? Supplier details? Employee data such as payroll and other HR records? 

The truth is that this data is gold to cyber criminals and could be used for fraudulent activity. It's also easy to think that the only risk you face is from hackers. In reality, human error – such as losing a laptop or a mobile loaded with client data and passwords can result in public exposure. This can be just as destructive to your business. You might think your IT technicians are ultimately accountable, but everyone in your business has a responsibility to protect your business’s core assets.

Fortunately, cyber insurance cover and data protection can ensure you’re covered for more than just incidents caused by external forces. Your customers, your data, and even your reputation can also be covered for a range of internal as well as external eventualities.


As with all insurance policies, terms and conditions apply. Contact the cyber team for more information.

Not sure what to do next?

Many of our clients didn’t know where to start either. We work with our insurer partners to arrange a cyber insurance policy that is truly right for you. Simply call us or get in touch and we’ll call you.

Cyber controls to help strengthen your cyber security

Six controls to help strengthen your cybersecurity

Did you know there are six things you can set up right now to improve your cyber security?

What to do if your business is hacked

What you should do if your business is hacked

Discover the steps on how to respond to a hack or data breach so you can help lessen the impact to your business.

An employee speaking to their cyber insurer following a data security breach.

Common data security breaches caused by employees

Here are some of the most frequent, unintentional human errors that lead to data breaches.

Cyber insurance FAQs

Unfortunately, small businesses can be easy targets for cyber-criminals. The more sensitive the information held in your system - the more likely you will be targeted. Cyber-crime is more sophisticated than ever.

Cyber liability insurance not only covers your liabilities following an attack, it also springs into action as soon as the incident occurs, helping you to reduce the damage.

The principal risks to your business can include:

  • Spearfishing – fraudulent emails either aping staff through similar looking email accounts or by actually hacking in and impersonating people.
  • Account interception/invoice fraud – transfer of funds into fraudster’s bank account/diversion of funds for legitimately purchased products/services.
  • Contingent/third-party exposures – third-party system failure/third-party system compromise.
  • Ransomware/political activism – lockdown of system until ransom is paid with significant system damage.
  • Database theft – theft of client details/financial data.
  • System disruption - leading to an inability to carry out core functions

Human error also caused 90% of cyber data breaches in 2019.1 Find out about the common employee mistakes that could result in a data breach.


1 Infosecurity Magazine

If your business was to experience a cyber incident, either malicious or accidental, there will be an impact and consequences to your business. The impact could include:

  • Non-physical – confidentiality issues/integrity issues/availability issues
  • Physical – property damage/bodily injury.

Leading to the following consequences:

  • Loss of income
  • First-party costs
  • Third-party liability
  • Fines and penalties
  • Extortion demands
  • Negligence in services
  • Shareholder litigation.
We work with our insurer partners to arrange a cyber insurance policy that is truly right for you. In addition to comprehensive cover, it will also feature access to a team of breach specialists that can help you address risks and issues at pace. How much your cyber insurance costs will depend on several factors including the nature of your business, your annual revenue and the types of data that you hold. As insurers take a more cautious position to cyber-related insurance claims, they may require you to adopt certain risk controls. Our colleagues in Marsh explore twelve key controls to strengthen your security in their guide.

Statistically speaking, being hacked is more an issue of ‘when’ and not ‘if’. If you’re unfortunate enough to find your business on the receiving end of a hack or data breach, it can be easy to panic.

Be prepared and it will be much easier to navigate. Implementing the following steps could help lessen the impact on your business:

  1. Recognise and respond
  2. Data breach notification
  3. Make a claim
  4. Investigate your hack
  5. Protect against future cyberattacks

Find out more about what to do at each step.