Insurance with Cyber Essentials – Frequently Asked Questions for certifications on or after 24/07/19
Organisations that achieve Cyber Essentials certification via The IASME Consortium or any of their approved certification providers will receive Cyber Insurance if they fulfil the following criteria:
- The entire organisation is Certified
- The organisation is domiciled in the UK
- The organisation’s annual turnover is under £20m
- The organisation opts-in to the insurance.
Why do I need Cyber Insurance?
Being compliant to Cyber Essentials has been shown to significantly reduce the likelihood and severity of a data breach. However, the risk still remain, especially if there is human error, a malicious insider or a concerted external attack. The presence of cyber insurance will provide vital incident response services and cover your costs in your hour of need. The insurance provided with certification gives you £25,000 limit of indemnity so you may want to purchase a higher limit of cover in case you suffer a severe breach.
How do I make a claim?
If you suffer a data breach, hack or other cyber incident you should immediately contact the 24 hour helpline using the Crawford’s Response Hotline 0800 2798 073 and your policy number provided on your insurance documents. The policy will provide crisis management and incident response services appropriate to your circumstances. Do not delay in reporting the incident as this could jeopardise your claim. Remember to keep a paper copy of your insurance schedule as you may not be able to access an electronic copy in the event of a data incident.
Who is the insurer?
The insurance is provided by AXA XL (formerly XL Catlin), a division of AXA. In the event of a claim they will appoint their specialist consultants to assist and advise you and your IT team.
Who is insured?
The name of the insured is on your insurance schedule and should correspond with the organisation that has successfully been certified.
What is covered and what services are provided?
Your policy provides the following up to a limit of indemnity of £25,000:
- Liability:claims made against you arising out of media activities and privacy and security wrongful acts.
- Event Management:costs, including emergency costs, following a data breach, including the costs of notifying data subjects. These might typically include payment for Legal, IT, Forensic & PR specialists.
- Extortion Demands:ransoms and other cyber extortion.
- Regulatory Investigations:defence costs & regulatory fines (where insurable by law)
- Business Interruption:Loss of profit and / or operational expenses caused by a network compromise.
- Loss of Electronic Data:costs of remedying the issue that allowed the loss or damage to your data and costs to replace, restore or update your data.
What is not covered?
There is a £1,000 excess (increasing to £5,000 for claims emanating from activities in the USA or Canada) and a six hour Business Interruption excess. Full details of what is and is not covered can be found in your Policy wording, or in brief in the Policy Summary. Your policy does not cover you for money that may be stolen via electronic means or cyber fraud. If you would like insurance to cover these aspects please contact [email protected]or call 01905 21681.
What security precautions must be maintained?
You are required to install & maintain automatically provided updates from your software provider for critical business software. If you have passed Cyber Essentials this process should already be in place but you should make sure it is maintained to ensure that the insurance remains in force.
What limit of cover is provided?
The insurance provided with certification gives you a £25,000 limit of indemnity. This might be sufficient for a small breach or incident but will be inadequate if you suffer a serious problem or more than one incident. If you require a higher limit contact [email protected]or call 01905 21681.
What does it cost to get additional cover?
The cost of additional covers will depend upon the limit of indemnity you require and the nature of your organisation. To discuss options contact [email protected]or call 01905 21681.
What if I already have Cyber Insurance?
If you already have cyber insurance the policy provided by us with your certification becomes inoperative. There is no refund or discount.
What if my turnover is more than £20m?
Companies with a turnover above £20m are not eligible for the automatic insurance. If you would like to discuss options or would like a quote please contact [email protected]or call 01905 21681.
What if I am not domiciled in the UK?
Only companies domiciled in the UK are eligible for the insurance. UK subsidiaries may be considered, contact [email protected]or call 01905 21681.
How long does the policy last?
The policy starts from your certification and lasts 12 months; the exact dates will be on your insurance schedule. If you wish to maintain your insurance beyond that date you will need to renew your Cyber Essentials certification with IASME or one of their approved consultants. If you do not renew your certification then you may purchase Cyber Insurance from your insurance broker or Sutcliffe & Co: contact [email protected] or call 01905 21681.
How do I renew the policy?
The policy is connected to your Cyber Essentials Certification and cannot be renewed on its own. To maintain cover, you will need to renew your Certification or take a separate stand-alone cyber insurance policy.
What if I don’t want insurance?
When you complete the Cyber Essentials assessment there is an option to opt out of the insurance. This does not change the cost of your certification.
How do I get more information on the Insurance?
Contact [email protected] or call 01905 21681.
Insurance for certifications before 24/07/19
Your insurance was provided by AIG and your emergency helpline is 01273 730992
Your policy number is on the documents previously supplied to you. For any questions please contact Sutcliffe & Co [email protected] or call 01905 21681.