A guide to Cyber Liability and Data insurance

Making sense of Cyber Insurance and how it can protect your business


Cyber Insurance can protect your business against wide range of problems such as the financial losses caused by breaches of your network security, infringements of data protection laws, employee abuse of email or libellous content on your website.

With such a wide scope of cover it can be confusing for small business owners and startups to take out the correct type and level of cover. Considering the potential risk of cyber-attacks this isn't great which is why we've written this guide to help them understand the different policies and cover options.

What can Cyber Insurance cover?

The scope of cyber coverage available in the insurance marketplace can generally be broken down into either first or third party insurance:

First Party Coverage elements

Breach response costs
This usually covers the costs of breach notification, including the hiring of outside law firms and public relations consultants, forensic costs, credit monitoring / protection, notification hot-line / call centre, identity theft resources if available

Network business interruption
Covers the loss of income and extra expense due to network security failure 

Dependent business interruption
Reimburses the insured for actual lost net income and extra expense incurred when the insured’s service provider’s computer system is interrupted / suspended due to a failure of network security

System failure
Coverage for business interruption due to an unintentional or unplanned system failure not caused by a failure of network security

Data restoration
Costs to restore / recreate data / software resulting from network security failure 

Cyber extortion
Reimburses the insured for expenses incurred in the investigation of a threat and any extortion payments made to prevent or resolve the threat

Third Party Coverage elements

Security and privacy
Defence costs and damages suffered by others resulting from a failure of computer security, including liability caused by theft or wrongful disclosure of confidential information, unauthorized access, denial of service attack or transmission of a computer virus

Regulatory defence and fines
Defence costs for proceedings brought by a governmental agency in connection with a failure to protect private information and / or a failure of network security, to the extent that this can be insured against by law

Media liability
Defence costs and damages suffered by others for content-based injuries such as libel, slander, defamation, copyright infringement, trademark infringement, or invasion of privacy

PCI fines and assessments
Defence costs for investigations brought by the Payment Card Industry (PCI) in connection with a failure to protect private information and / or network security 

Failure to supply
The inability of the insured to provide power to customers to whom the insured has an obligation to provide such due to a cyber event 

As you can see Cyber Insurance can be very complex and they don't cover specific types of cyber-attacks but instead the cause and effect of the issue which means it can sometimes overlap with other policies such as crime and professional indemnity. One of the most common complex problems when it comes to Cyber Insurance is it role when a business is the victim of social engineering as it has the potential to cause different types of losses. For a detailed examination of how Cyber Insurance can cover social engineering scams read our article: Cyber Insurance and phishing - what it covers and what it might not? 

Would I benefit from Cyber Insurance?

  • Do you run a business which relies on computers or the internet?
  • Are you involved in e-commerce?
  • Do you use email – for example, to send invoices?
  • Do you download documents from the web?
  • Do you have a website or send out e-newsletters?
  • Does your business hold personal or sensitive electronic data?

If you answer ‘yes’ to any of these questions, then you might consider taking out cyber liability insurance.

Frequently asked questions

What are the benefits of Cyber liability and data insurance?

Cyber Liability insurance can protect your business against the financial losses caused by breaches of your network security, infringements of data protection laws, employee abuse of email or libellous content on your website. These losses might be revenue losses or they might be fines. Viruses, malware and identity theft are common causes of electronic damage. Cyber Liability insurance can protect your business not just against external attacks, but also against unintentional damage caused to third parties by your own electronic communications.Cyber Liability insurance can also cover the costs of data restoration, reputation management and crisis management in the wake of an incident.

Can you give me an example?

If you are a Financial Adviser and your computer were attacked by a virus, corrupting valuable customer data and disabling your email, your business would suffer from the downtime incurred and the costs involved in repairing the damage. Or if you are a Portrait Photographer and an employee were to circulate a picture of a client, you could be liable for a privacy claim.

Did you know?

93% of large corporations and 87% of small businesses reported a cyber-security breach in 2012. The cost of such a breach for large corporations is £450,000 to £850,000, while for small businesses it is £35,000 to £65,000*.*Source: Cabinet Office

What do I need to consider?

  • Assessing the risks associated with your IT system
  • Regular monitoring of network security
  • Managing user privileges and establishing a policy for mobile working
  • Whether you need a cover limit above the usual £1million to £5 million range

For more information on the issues covered by this article visit our Cyber Insurance hub.

Whilst care has been taken in the production of this article and the information contained within it has been obtained from sources that Aon UK Limited believes to be reliable, Aon UK Limited does not warrant, represent or guarantee the accuracy, adequacy, completeness or fitness for any purpose of the article or any part of it and can accept no liability for any loss incurred in any way whatsoever by any person who may rely on it. In any case any recipient shall be entirely responsible for the use to which it puts this article. This article has been compiled using information available to us up to 05/11/18.

Share this post