When a UK-domiciled organisation with a turnover under £20m achieves verified self-assessed Cyber Essentials certification covering their whole organisation, they are entitled to opt in for free £25,000 liability limit cyber insurance. 

CyberSmart customers are currently offered this cover from our insurance partner, Superscript.

What does Superscript’s CyberSmart cover include?

As standard, a £25,000 limit, or as part of the CyberSmart bundle, a £100,000 limit to cover:

Cyber and privacy liability*

Cover for damages you are legally obliged to pay and defence costs due to a:

  • Data breach
  • Security breach
  • Failure to disclose a security breach or data breach
  • Failure to comply with a privacy policy. 

Note that this also covers you if you are in violation of your own privacy policies.

Media and advertising liability*

Cover for damages you are legally obliged to pay and defence costs because of any defamation, libel, slander, infliction of emotional distress or harm to reputation arising out of the performance of professional services by you or anyone on your behalf. 

Superscript’s policies specify coverage for the use of media, including plagiarism, piracy, misappropriation of ideas and infringement of domain name, trademark, trade name, trade dress, logo, title, metatag, slogan, service mark or service name. They also cover Unfair Competition claims in relation to media acts infringing copyrights.

Finally, claims arising from your infringement of physical property rights, including trespassing, wrongful entry or eviction. false arrest, detention and imprisonment are included within the cover.

Regulatory defence and penalties*

Regulatory penalties and defence costs because of a regulatory proceeding for a data breach or a security breach.

Breach response services*

Most importantly, Superscript’s cyber cover gives you access to the industry-leading breach response service, providing you with 24-hour support from cyber security, legal and cyber event handling experts.

In the event of an insured data breach or cyber event, the following services are provided for up to 5,000 notified individuals per year:

  • The cost of a PCI forensic investigator to investigate a known or reasonably suspected data breach involving credit or debit card data.
  • The cost of a qualified security assessor to certify and assist in attesting to your PCI compliance, as required by a merchant services agreement.
  • For a lawyer to provide necessary legal advice to evaluate your obligations in terms of breach notice laws or a merchant services agreement.
  • For a computer security expert to determine the existence, cause and scope of an actual or reasonably suspected data breach – and if the breach is actively in progress on your computer systems, to assist in containing it.
  • Notification of individuals whose personal information was potentially impacted by a data breach.
  • A call centre to respond to your customer inquiries about a data breach.
  • Credit monitoring, identity monitoring to individuals whose personal information was potentially impacted by a data breach.
  • Public relations and crisis management costs to mitigate reputational harm to your organisation.

Website recovery services*

This cover provides costs for dosarrest.com to remedy a slow down or failure of your websites as a result of a denial of service attack.

Data recovery costs*

Costs to regain access to, replace, or restore data that you incur as a result of a security breach. 

Optional covers

Once you have opted into the free cyber insurance, you will have the option to pay for higher limits of the cover directly with Superscript (up to £2 million).


  • Jurisdictional limit excluding USA and CAN 
  • Extortion threat exclusion – No payment made arising out of a extortion threat 

What is not covered

  • Cybercrime: Fraudulent instruction, Funds transfer fraud, telephone hacking, botnet attacks, cryptojacking
  • Payment card liabilities and costs 
  • Cyber business interruption 
  • Cyber Extortion loss 

Why would you change your limit? 

Below, we’ve listed the key risks that a higher limit of cyber cover with Superscript can cover: 

Cyber business interruption costs*

Reimbursement for business interruption costs incurred directly or as a result of a security breach or a system failure of your systems, or of a dependent business that you rely on for critical services. This option covers an interruption period of up to 180 days.

It also provides cover for ‘dependent business interruption, which protects the insured against interruption arising from downtime of a supplier’s computer systems extending cover security breaches or computer failures within the supply chain. 

Cyber extortion costs*

Extortion payments incurred by the policyholder as well as reasonable expenses to respond to or prevent an extortion threat will be covered. This may include the cost of expert negotiators and cyber security experts who are capable of guiding the insured through an extortion demand. 

These services are effective in reducing the overall loss and disruption an extortion demand can cause, even paying ransoms in fiat or cryptocurrency on the policyholder’s behalf, where appropriate. 

Payment card liabilities and costs*

A brand new addition to the policy coverage: Payment Card Industry (PCI) fines, expenses and legal costs due to a data breach or a security breach that involves credit or debit card numbers.


We believe cybercrime coverage to be an important insurance addition for businesses, which are heavily targeted by social engineering and malicious software attacks.

For an additional premium, we can now reimburse policyholders for financial loss sustained due to:

  • Loss of money paid or transferred by you or your bank as a result of fraudulent email or telephone instruction (social engineering)
  • A hacker accessing your VoIP phone system and making unauthorised calls
  • A hacker accessing your computer system and launching a denial of service attack or hacking attack against a third-party (botnet attack)
  • A hacker accessing your computer system and using it for the purpose of mining cryptocurrency (cryptojacking)

Excesses and other important information

A £500 excess applies to each loss and a 12-hour waiting period applies for cyber business interruption. 

Note that although the £25,000 limit of indemnity offered by the free cover may be sufficient for a small breach or incident, it may be inadequate for a serious problem or more than one incident. Higher limits of indemnity are available.

Enro Ltd t/a Superscript are authorised and regulated by the Financial Conduct Authority

*Terms, conditions and exclusions apply