When a UK-domiciled organisation with a turnover under £20m achieves verified self-assessed Cyber Essentials certification covering their whole organisation, they are entitled to opt-in for £25,000 liability limit cyber insurance, terms apply.
The cover is delivered by our partner Superscript.
If you have achieved Cyber Essentials via IASME directly, or before March 31st 2021 with CyberSmart, please see this page which details your cover underwritten by AXA XL.
What does it include?
A brief summary of the cover:
- Our new insurance product has a broader approach to media liabilities and the level of coverage available to policyholders. Superscript specifies coverage for the use of all media, including words, sounds, numbers and graphics. Superscript also covers Unfair Competition claims in relation to media acts infringing copyrights.
- Claims arising from your infringement of physical property rights, including trespassing, wrongful entry or eviction, false arrest, detention and imprisonment will all be covered under our new policy.
- Superscript’s cyber cover also gives you access to the industry leading breach response service.
- The addition of website recovery services (via dosarrest.com) to remedy a slow down or failure of your websites as a result of a denial of service attack.
- Costs to regain access to, replace, or restore data that you incur as a result of a security breach. Our previous cyber policy only covered data recovery costs if backups had also been affected by the breach.
What does the free cover include?
A £25,000 limit to cover:
Cyber and privacy liability
Cover for damages you are legally obliged to pay and defence costs due to a:
- Data breach
- Security breach
- Failure to disclose a security breach or data breach
Note that this also covers you if you are in violation of your own privacy policies.
Media and advertising liability
Cover for damages you are legally obliged to pay and defence costs because of any defamation, libel, slander, infliction of emotional distress or harm to reputation arising out of the performance of professional services by you or anyone on your behalf.
Our new insurance product has a broader approach to media liabilities and the level of coverage available to policyholders. Superscript specifies coverage for the use of all media, including words, sounds, numbers and graphics. Superscript also covers Unfair Competition claims in relation to media acts infringing copyrights.
Finally, claims arising from your infringement of physical property rights, including trespassing, wrongful entry or eviction. false arrest, detention and imprisonment will all be covered under our new policy.
Regulatory defence and penalties
Our previous regulatory penalties and defence costs coverage is matched under our new insurance policy.
Breach response services
Most importantly, Superscript’s cyber cover gives you access to the industry-leading breach response service, providing you with 24-hour support from cybersecurity and legal experts.
Importantly, ‘breach response services’ costs do not count towards your £25,000 limit, meaning you can rest assured that your clients are being taken care of whilst your £25,000 limit is used to fix the situation.
In the event of an insured data breach or cyber event, the following services are provided for up to 5,000 notified individuals per year:
- For a lawyer to provide necessary legal advice to evaluate your obligations in terms of breach notice laws or a merchant services agreement.
- For a computer security expert to determine the existence, cause and scope of an actual or reasonably suspected data breach – and if the breach is actively in progress on your computer systems, to assist in containing it.
- Notification of individuals whose personal information was potentially impacted by a data breach.
- A call centre to respond to your customer inquiries about a data breach.
- Credit monitoring, identity monitoring to individuals whose personal information was potentially impacted by a data breach.
- Public relations and crisis management costs to mitigate reputational harm to your organisation.
Website recovery services
This cover explicitly provides costs for dosarrest.com to remedy a slow down or failure of your websites as a result of a denial of service attack.
Data recovery costs
Costs to regain access to, replace, or restore data that you incur as a result of a security breach. The previous cyber policy offered by CyberSmart only covered data recovery costs if backups had also been affected by the breach.
Cyber business interruption costs
Reimbursement for business interruption costs incurred directly or as a result of a security breach or a system failure of your systems, or of a dependent business that you rely on for critical services. This policy now covers an interruption period of up to 180 days, double that of our previous policy.
It also provides cover for ‘dependent business interruption’, which protects the insured against interruption arising from downtime of a supplier’s computer systems extending cover security breaches or computer failures within the supply chain.
Once you have opted in to the free cyber insurance, you will have the option to pay for higher limits of cover (up to £5 million) and/or the following optional covers:
Cyber extortion costs
Our previous cyber ‘extortion demands’ coverage would reimburse the policyholder for ransoms paid after a credible extortion demand regarding the insured’s computer systems as standard. Although this coverage was previously included at no extra cost, we believe that this new ‘cyber extortion costs’ offering is a far more effective and cost efficient option for our partners.
At a very reasonable additional premium, extortion payments incurred by the policyholder as well as reasonable expenses to respond to or prevent an extortion threat will be covered. This may include the cost of expert negotiators and cyber security experts who are capable of guiding the insured through an extortion demand.
These services are effective in reducing the overall loss and disruption an extortion demand can cause, even paying ransoms in fiat or cryptocurrency on the policyholder’s behalf, where appropriate.
We believe cybercrime coverage to be an important insurance addition for modern technology businesses, who are heavily targeted by social engineering and malicious software attacks.
Our previous policy offered no explicit coverage for cybercrime. For a small additional premium, we can now reimburse policyholders for financial loss sustained because of:
- Loss of money paid or transferred by you or your bank as a result of fraudulent email or telephone instructions (social engineering)
- A hacker accessing your VoIP phone system and making unauthorised calls
- A hacker accessing your computer system and launching a denial of service attack or hacking attack against a third-party (botnet attack)
- A hacker accessing your computer system and using it for the purpose of mining cryptocurrency (cryptojacking)
Payment card liabilities and costs
A brand new addition to the policy coverage: Payment Card Industry (PCI) fines, expenses and legal costs due to a data breach or a security breach that involves credit or debit card numbers.
What’s not covered
- Unless you increase your cover limit to at least £250,000, costs related to cyber extortion (e.g. a ransomware attack).
- Unless you have opted to include cybercrime cover, costs resulting from a cybercrime event.
For full details of what’s covered and what’s not covered, see the policy wording.
A £1,000 excess applies to each loss and a 12-hour waiting period applies for cyber business interruption.
Note that although the £25,000 limit of indemnity offered by the free cover may be sufficient for a small breach or incident, it may be inadequate for a serious problem or more than one incident. Higher limits of indemnity are available.