Data breaches are costly.
Cyber incidents now happen very often to all businesses and will only increase. The coverage we provide works to maximise your data protection and business security.

Fact
Almost 9 in 10 SMEs say their cyber insurance covered the cyber security incidents they suffered in 2018.

What businesses should buy data insurance?

In truth, no organisation is immune from the potentially devastating financial impacts of a cyber loss. Any business that relies upon technology to acquire or engage with customers, processes or stores customer data could seriously suffer as a result of data loss or theft.

Cyber insurance helps protect your business and customers digital data

From 25th May 2018 the EU General Data Protection Regulations came into force, dramatically changing the compliance requirements on all businesses in the UK. In Summary, the new rules:

• Introduce a mandatory notification period following a data breach of 72 hours.
• Greatly increase the potential penalties for non-compliance to 4 of global turnover of EUR 20 million, whichever is greater.
• Clearly defines the rights of individuals over the personal data held on them by all organizations.

PII stands for Personal Identifiable Information and refers to a type of data that identifies the unique identity of an individual. It provides the most basic forms of personal information and can include an individual’s name, gender, address, telephone, email address. The amount PII records stored on an organizations IT network can impact upon the premium calculation, with the higher the number of records the greater the risk due to regulatory requirements such as mandatory notification in the event of a cyber breach.

• Systems shut down.
• Loss of business data via hardware. ie server, laptop or device.
• Cyber attack or network breach
• Malicious misuse of your business data

• GDPR costs incurred to the business
• Breach notifications
• Breach mitigation
• Data restoration
• Business income
• Extra expenses protection
• Theft of monies or securities digitally
• Third-party coverage for a privacy breach or data event
• Coverage for regulatory fines
• Legal and defense expenses
• Coverage for PCI DSS fines

• Legal cost exposures to the business.
• True impact for the business is the cost in notifying, complying and defending any data breach within the new GDP regulations.
• Notifying subjects is expensive.
• Management of any data liability
• System failures and the impact to any business
• Online shut down costs to your business.
• Hacking or stealing of your client data – cost and impact to the business.
• Complete shut down of your systems – cost and implications to your financial cost and commitments.
• A breach to an associated supplier.

• Think that data breaches and cyber attacks only happen to the largest of companies? Think again. While large companies make the headlines, the reality is 1 in 3 documented data breaches occur in businesses with less than 100 employees. What’s more, 60% of small businesses close their doors within 6 months following a cyber attack.

  If your business handles customer data or processes payment transactions, you’re at risk of a cyber attack. Expenses associated with a data breach can quickly add up for a small business when the average cost of each compromised record is £200. Whether you have 300 customer records or 3,000, your bottom line could be impacted by legal defense costs, settlements, lost business, notification costs, and more.

Cyber Business Interruption cover means that in the event of a cyber-attack or, for example a ransomware attack that forces you to cease or restrict normal business operations, any income lost as a result of such an interruption would be reimbursed through your policy. This would occur after 12 hours of network downtime.

Traditional insurance policies such as general liability, property and professional indemnity policies will usually explicitly exclude damage to digital assets or losses arising as a result of a Cyber attack. Even for those that remain silent on the subject of cyber and insured may face a hard legal battle to be indemnified without a standalone cyber policy.