Cyber Liability Insurance – Included with Cyber Essentials Certification
UK-domiciled organisations with a turnover under £20 million that achieve self-assessed Cyber Essentials certification covering their whole organisation may be entitled to Cyber Liability Insurance at no additional cost.
The cover is underwritten by American International Group UK Limited (AIG) and administered by Sutcliffe & Co Insurance Brokers.
Cover summary – £25,000 total limit of indemnity
Certified organisations have access to a 24-hour helpline to report a cyber incident, providing crisis management and incident response support up to the total liability limit of £25,000.
Cover includes:
- Liability: Claims arising out of Digital Media Activities and Security and Privacy Liability
- Event Management: Reasonable and necessary legal, IT, data recovery, reputation protection, notification, credit and ID monitoring, and first response expenses
- Extortion Threat
- Regulatory Investigations: Defence costs and regulatory fines (where insurable by law)
- Business Interruption: Loss of profit and/or operational expenses caused by a network compromise
- Network Interruption: Reasonable and necessary costs to minimise or reduce the impact of a material network interruption
Exclusions and retentions
A £1,000 excess applies to claims, increasing to £5,000 for claims arising from activities in the USA or Canada. A six-hour Network Interruption retention also applies. Money stolen via electronic means or cyber fraud is not covered under this policy.
The £25,000 limit of indemnity may be sufficient for a small incident but may not be adequate for a serious or complex event, or for multiple incidents. Higher limits may be available upon request.
Full details of what is and is not covered are set out in the policy wording provided upon certification. Organisations are advised to seek guidance from their own insurance broker to confirm that this coverage meets their specific needs.