When a UK-domiciled organisation with a turnover under £20m achieves self-assessed certification covering their whole organisation to either the basic level of Cyber Essentials or the IASME Standard, they are entitled to Cyber Liability Insurance, terms apply.

Frequently asked questions and answers about the insurance can be seen here.

The cover is underwritten by AXA XL, a division of AXA, and administered via Sutcliffe & Co Insurance Brokers.

It can be briefly described as follows:

£25,000 TOTAL LIMIT
OF INDEMNITY:

24hr helpline to report a cyber incident, which will provide crisis management and incident response to the total liability limit of £25,000.

WHAT’S COVERED

Liability: claims made against you arising out of media activities and privacy and security wrongful acts.

Event Management: costs, including emergency costs, following a data breach, including the costs of notifying data subjects. These might typically include payment for Legal, IT, Forensic & PR specialists.

Extortion Demands: ransoms and other cyber extortion.

Regulatory Investigations: defence costs & regulatory fines (where insurable by law).

Business Interruption: Loss of profit and / or operational expenses caused by a network compromise.

Loss of Electronic Data: costs of remedying the issue that allowed the loss or damage to your data and costs to replace, restore or update your data.

[To the limit of the policy liability]

WHAT’S NOT COVERED

Money stolen by electronic means or cyber fraud.

Excesses apply: see FAQ

The £25,000 limit of indemnity might be sufficient for a small breach or incident but inadequate for a serious problem or more than one incident. Higher limits of indemnity are available.

FOR CERTIFICATIONS ON OR AFTER 24/07/19

Do I qualify for the Cyber Insurance?

Organisations that achieve Cyber Essentials certification via The IASME Consortium or any of their approved certification providers will receive Cyber Insurance if they fulfil the following criteria:

• The entire organisation is Certified
• The organisation is domiciled in the UK
• The organisation’s annual turnover is under £20m
• The organisation opts-in to the insurance.

Why do I need Cyber Insurance?

Being compliant to Cyber Essentials has been shown to significantly reduce the likelihood and severity of a data breach. However, the risk still remain, especially if there is human error, a malicious insider or a concerted external attack. The presence of cyber insurance will
provide vital incident response services and cover your costs in your hour of need. The insurance provided with certification gives you £25,000 limit of indemnity so you may want to purchase a higher limit of cover in case you suffer a severe breach.

How do I make a claim?

If you suffer a data breach, hack or other cyber incident you should immediately contact the 24 hour helpline using the Crawford’s Response Hotline 0800 2798 073 and your policy number provided on your insurance documents. If you have a policy starting on or after the 1st June 2020 please call Accenture 24 hour response hotline on 0800 085 9483. The policy will provide crisis management and incident response services appropriate to your circumstances. Do not delay in reporting the incident as this could jeopardise your claim. Remember to keep a paper copy of your insurance schedule as you may not be able to access an electronic copy in the event of a data incident.

Who is the insurer?

The insurance is provided by AXA XL, a division of AXA. In the event of a claim they will appoint their specialist consultants to assist and advise you and your IT team.

Who is insured?

The name of the insured is on your insurance schedule and should correspond with the organisation that has successfully been certified.

What is covered and what services are provided?

Your policy provides the following up to a total limit of indemnity of £25,000:

Liability: claims made against you arising out of media activities and privacy and security wrongful acts.

Event Management: costs, including emergency costs, following a data breach, including the costs of notifying data subjects. These might typically include payment for Legal, IT, Forensic & PR specialists.

Extortion Demands: ransoms and other cyber extortion.

Regulatory Investigations: defence costs & regulatory fines (where insurable by law)

Business Interruption: Loss of profit and / or operational expenses caused by a network compromise.

Loss of Electronic Data: costs of remedying the issue that allowed the loss or damage to your data and costs to replace, restore or update your data.

What is not covered?

There is a £1,000 excess (increasing to £5,000 for claims emanating from activities in the USA or Canada) and a six hour Business Interruption excess. Full details of what is and is not covered can be found in your Policy wording, or in brief in the Policy Summary. Your policy does not cover you for money that may be stolen via electronic means or cyber fraud. If you would like insurance to cover these aspects please contact [email protected] or call 01905 21681.

What security precautions must be maintained?

You are required to install & maintain automatically provided updates from your software provider for critical business software. If you have passed Cyber Essentials this process should already be in place but you should make sure it is maintained to ensure that the insurance
remains in force.

What limit of cover is provided?

The insurance provided with certification gives you a £25,000 limit of indemnity. This might be sufficient for a small breach or incident but will be inadequate if you suffer a serious problem or more than one incident. If you require a higher limit contact [email protected] or call 01905 21681.

What does it cost to get additional cover?

The cost of additional covers will depend upon the limit of indemnity you require and the nature of your organisation. To increase the limit of liability, annual costs (including 12% IPT) are:

•    £50,000 limit of liability = £56.00
•    £100,000 limit of liability = £112.00
•    £250,000 limit of liability = £224.00

To discuss options contact [email protected] or call 01905 21681

What if I already have Cyber Insurance?

If you already have cyber insurance the policy provided by us with your certification becomes inoperative. There is no refund or discount.

What if my turnover is more than £20m?

Companies with a turnover above £20m are not eligible for this insurance. If you would like to discuss options or would like a quote please contact [email protected] or call 01905 21681.

What if I am not domiciled in the UK?

Only companies domiciled in the UK are eligible for the insurance. UK subsidiaries may be considered, contact [email protected] or call 01905 21681.

How long does the policy last?

The policy starts from your certification and lasts 12 months; the exact dates will be on your insurance schedule. If you wish to maintain your insurance beyond that date you will need to renew your Cyber Essentials certification with IASME or one of their approved consultants. If you do not renew your certification then you may
purchase Cyber Insurance from your insurance broker or Sutcliffe & Co: contact [email protected] or call 01905 21681.

How do I renew the policy?

The policy is connected to your Cyber Essentials Certification and cannot be renewed on its own. To maintain cover, you will need to renew your Certification or take a separate stand-alone cyber insurance policy.

What if I don’t want insurance?

When you complete the Cyber Essentials assessment there is an option to opt out of the insurance. This does not change the cost of your certification.

How do I get more information on the Insurance?

Contact [email protected] or call 01905 21681.

Insurance for certifications before 24/07/19

Your insurance was provided by AIG and your emergency helpline is 01273 730992

Your policy number is on the documents previously supplied to you. For any questions please contact Sutcliffe & Co [email protected] or call 01905 21681.

Find Out More

Have a look at our Frequently Asked Questions or speak to our team