When a UK-domiciled organisation with a turnover under £20m achieves self-assessed certification covering their whole organisation to either the basic level of Cyber Essentials or the IASME Standard, they are entitled to Cyber Liability Insurance, terms apply.

Frequently asked questions and answers about the insurance can be seen here.

The cover is underwritten by AXA XL, a division of AXA, and administered via Sutcliffe & Co Insurance Brokers.

It can be briefly described as follows:

£25,000 TOTAL LIMIT
OF INDEMNITY:

24hr helpline to report a cyber incident, which will provide crisis management and incident response to the total liability limit of £25,000.

WHAT’S COVERED

Liability: claims made against you arising out of media activities and privacy and security wrongful acts.
Event Management: costs, including emergency costs, following a data breach, including the costs of notifying data subjects. These might typically include payment for Legal, IT, Forensic & PR specialists.
Extortion Demands: ransoms and other cyber extortion.
Regulatory Investigations: defence costs & regulatory fines (where insurable by law).
Business Interruption: Loss of profit and / or operational expenses caused by a network compromise.
Loss of Electronic Data: costs of remedying the issue that allowed the loss or damage to your data and costs to replace, restore or update your data.

[To the limit of the policy liability]

WHAT’S NOT COVERED

Money stolen by electronic means or cyber fraud.
Excesses apply: see FAQ
The £25,000 limit of indemnity might be sufficient for a small breach or incident but inadequate for a serious problem or more than one incident. Higher limits of indemnity are available.
FOR CERTIFICATIONS ON OR AFTER 24/07/19

Do I qualify for the Cyber Insurance?

Organisations that achieve Cyber Essentials certification via The IASME Consortium or any of their approved certification providers will receive Cyber Insurance if they fulfil the following criteria:

• The entire organisation is Certified
• The organisation is domiciled in the UK
• The organisation’s annual turnover is under £20m
• The organisation opts-in to the insurance.

Why do I need Cyber Insurance?

Being compliant to Cyber Essentials has been shown to significantly reduce the likelihood and severity of a data breach. However, some risk still remains, especially if there is human error, a malicious insider or a concerted external attack. The presence of cyber insurance will
provide vital incident response services and cover your costs in your hour of need. The insurance provided with certification gives you £25,000 limit of indemnity so you may want to purchase a higher limit of cover in case you suffer a severe breach.

How do I make a claim?

If you suffer a data breach, hack or other cyber incident you should immediately contact the 24 hour helpline using Accenture’s 24 hour response hotline on 0800 085 9483. The policy will provide crisis management and incident response services appropriate to your circumstances. Do not delay in reporting the incident as this could jeopardise your claim. Remember to keep a paper copy of your Evidence of Insurance as you may not be able to access an electronic copy in the event of a data incident.

Who is the insurer?

The insurance is provided by AXA XL, a division of AXA. In the event of a claim they will appoint their specialist consultants to assist and advise you and your IT team.

Who is insured?

The name of the insured is on your Evidence of Insurance and should correspond with the organisation that has successfully been certified.

What is covered and what services are provided?

Your policy provides the following up to a total limit of indemnity of £25,000:

  • Liability: claims made against you arising out of media activities and privacy and security wrongful acts.
  • Event Management: costs, including emergency costs, following a data breach, including the costs of notifying data subjects. These might typically include payment for Legal, IT, Forensic & PR specialists.
  • Extortion Demands: ransoms and other cyber extortion.
  • Regulatory Investigations: defence costs & regulatory fines (where insurable by law)
  • Business Interruption: Loss of profit and / or operational expenses caused by a network compromise.
  • Loss of Electronic Data: costs of remedying the issue that allowed the loss or damage to your data and costs to replace, restore or update your data.

What is not covered?

There is a £1,000 excess (increasing to £5,000 for claims emanating from activities in the USA or Canada) and a six hour Business Interruption excess. Your policy does not cover you for money that may be stolen via electronic means or cyber fraud. Full details of what is and is not covered can be found in your Policy wording.

What security precautions must be maintained?

You are required to install & maintain automatically provided updates from your software provider for critical business software. If you have passed Cyber Essentials this process should already be in place but you should make sure it is maintained to ensure that the insurance remains in force.

What limit of cover is provided?

The insurance provided with certification gives you a £25,000 limit of indemnity. This might be sufficient for a small breach or incident but will be inadequate if you suffer a serious problem or more than one incident.
For wider cover or a higher limit of indemnity, then you will require a more tailored cyber insurance policy. You may want to speak to your broker, or you can get in touch with Sutcliffe & Co. Insurance Brokers who administer the AXA XL policy. You can email [email protected], call 01905 21681 or visit the website at www.sutcliffeinsurance.co.uk. This also applies if you are not eligible for the automatic insurance, for example if your turnover is more than £20m.

What security precautions must be maintained?

You are required to install & maintain automatically provided updates from your software provider for critical business software. If you have passed Cyber Essentials, this process should already be in place, but you should make sure it is maintained to ensure that the insurance remains valid.

What if I already have Cyber Insurance?

You can’t claim on two policies. If you are satisfied your existing policy gives you the cover you require, then you can opt out of the cover that comes with Cyber Essentials. If you have two policies in force at the time of a claim you will need to notify both insurers.

What if my turnover is more than £20m?

Companies with a turnover above £20m are not eligible for the automatic insurance.

What if I am not domiciled in the UK?

Only companies domiciled in the UK are eligible for the insurance.

How long does the policy last?

The policy starts from your certification and lasts 12 months; the exact dates will be on the Evidence of Insurance issued with your Cyber Essentials Certificate.

How do I renew the policy?

The policy is connected to your Cyber Essentials Certification and cannot be renewed on its own. To maintain cover, you will need to renew your Certification or take a separate stand-alone cyber insurance policy.

What if I don’t want insurance?

When completing the Cyber Essentials assessment, those eligible for the insurance will be asked to opt-in only if they want the cover. The cost of the Certification remains the same whether or not you opt-in.

How do I get more information on the Insurance?

Email Sutcliffe & Co. who administer the policy, at [email protected] or call them on 01905 21681.

Find Out More

Have a look at our Frequently Asked Questions or speak to our team