When an organisation certifies to Cyber Essentials, they are entitled to £25,000 worth of cyber insurance cover, provided they meet the following eligibility criteria:
- The organisation must have a turnover under £20 million.
- It must be domiciled in the UK or Crown Dependencies.
- The certification must cover the entire organisation.
- The organisation must opt-in for the insurance during the application process.
In event of a cyber or data incident, this insurance will provide support to identify the problem, stop the issue, and restore systems and data. A crucial and potentially game changing feature of the policy is the access to a 24-hour incident response emergency helpline, giving organisations immediate access to technical, legal, and crisis management services to help them navigate the chaos of a cyber crisis.
In this blog, we walk through the process of dealing with a cyber incident and emphasise the value of effective incident response for continued business operation.
Step 1: Immediate action – the 24-hour emergency helpline
When a cyber or data incident occurs, time is of the essence. The first step for policyholders is to contact the 24-hour emergency helpline provided by their cyber insurance policy. This helpline connects policyholders to a multidisciplinary team of crisis management experts, including technical specialists, legal advisors, public relations consultants, and financial experts. Their immediate goal is to assess the situation, contain the damage, and initiate a coordinated response.
Step 2: Coordinated crisis response – what happens next?
Once the helpline is contacted, the insurer’s crisis management procedure is activated. The coordinated response unfolds across several key areas:
- Technical and forensic response: Specialists work to identify the source of the problem, stop the attack, restore systems, and recover compromised data.
- Legal response: Legal experts address compliance issues (e.g., GDPR), manage communication with regulators, and handle any litigation or contractual disputes.
- Public relations response: PR consultants manage communications with affected parties, notify impacted individuals, and mitigate reputational damage.
Step 3: Ongoing support and recovery
After the initial crisis is contained, the focus shifts to stabilising operations and ensuring a full recovery. The crisis management team continues to provide support in the following areas:
- Technical support: Securing systems, monitoring for further threats, and implementing preventive measures.
- Legal support: Representing the organisation in any ongoing legal or regulatory proceedings.
- PR support: Rebuilding trust with stakeholders and managing long-term reputational recovery.
- Financial support: Covering business interruption losses, and, where legally permissible, fines, penalties and ransom payments.
Escalating costs
Rest assured, if you experience a breach that exceeds the liability cover included with your Cyber Essentials certification, the incident response team will prioritise addressing the most urgent issues to minimise immediate damage and disruption, while providing clear guidance on the additional steps you’ll need to take once their support concludes.
Consider upgrading your cover?
The £25,000 limit of indemnity included with Cyber Essentials is a great starting point, particularly for small organisations. However, the financial impact of a cyber incident can quickly grow, especially for larger breaches or ransomware attacks. For example, a small breach might cost between £10,000 and £30,000, but larger breaches can easily exceed £60,000 or more.
For an annual premium, organisations can increase their cover to provide significantly more protection and peace of mind.
The Insurance Brokers who administer the Cyber Essentials insurance are Sutcliffe & Co, you can contact them to discuss your level of cover on 01905 21681 or [email protected]
Why incident response is critical
Despite the best cyber security efforts, there is no such thing as a completely secure system. Prompt incident response is critical to business continuity and organisational resilience.
Without cyber insurance, responding to a cyber incident can be an overwhelming and costly process. Hiring the necessary specialists—technical, legal, and PR—can cost upwards of £500 per hour per expert. Add to this the potential for prolonged downtime, reputational harm, and regulatory fines, and the financial impact can be catastrophic.
Cyber insurance not only provides access to these experts but also ensures that their services are coordinated and effective. This can make the difference between a swift recovery and a prolonged crisis.
Rest assured, if you experience a breach that exceeds the liability cover included with your Cyber Essentials certification, the incident response team will prioritise addressing the most urgent issues to minimise immediate damage and disruption, while providing clear guidance on the additional steps you’ll need to take once their support concludes.
Cyber insurance is one of the fastest-growing classes of insurance for a reason: it provides businesses with the tools and resources they need to respond effectively when things go wrong. From crisis management to financial compensation, a good policy ensures that your organisation can weather the storm and emerge stronger on the other side.
Find out more about the included cyber insurance.