Login Book a call
Search
Clear search icon

Table of contents

Insurance Cover

Sutcliffe Insurance Brokers Ltd trading as Sutcliffe & Co is authorised and regulated by the Financial Conduct Authority, Number 306068. Individual cover purchased online is offered on a standardised and non-advised basis. Terms, conditions and coverage limits are predetermined by the Underwriter. If you require bespoke coverage offered on an advised basis, please contact Sutcliffe & Co directly at enquiries@sutcliffeinsurance.co.uk

What is the inclusive £25k Cyber Insurance

When a UK-domiciled organisation with a turnover under £20m achieves self-assessed certification covering their whole organisation to Cyber Essentials, they are entitled to £25,000 Cyber Liability Insurance.

The cover is underwritten by American International Group (AIG) UK Limited, and administered via Sutcliffe & Co Insurance Brokers.

The £25,000 insurance provides a 24-hour helpline to report a cyber incident, which will provide crisis management and incident response to the total liability limit of £25,000 for customers that have completed Cyber Essentials and have opted-in to the free cyber liability cover.

What is covered in the £25k policy?

  • Liability: claims made against you arising out of Digital Media Activities and Security and Privacy Liability.
  • Event Management: The reasonable and necessary fees, costs and expenses of: Legal Expenses; IT Expenses; Data Recovery Expenses; Reputation Protection Expenses; Notification Expenses; Credit Monitoring and ID Monitoring Expenses; and First Response Expenses.
  • Extortion Threat.
  • Regulatory Investigations: (defence costs) & regulatory fines (where insurable by law).
  • Business Interruption: Loss of profit and / or operational expenses caused by a network compromise.
  • Network Interruption: The reasonable and necessary costs and expenses that a Company incurs to minimise the Network Loss, or reduce the impact of a Material Interruption; provided however that the amount of Network Loss prevented or reduced would be greater than the costs and expenses incurred.

To the limit of £25,000

What is not covered in the £25k policy?

  • Money stolen by electronic means or cyber fraud.
  • Retentions apply: (see ‘What is not covered’ in the FAQ)
  • The £25,000 limit of indemnity might be sufficient for a small breach or incident but inadequate for a serious problem or more than one incident. There are two flexible upgrade paths available through Sutcliffe & Co Insurance Brokers:
    • Simple uplift - Increase your inclusive £25,000 Cyber Essentials cover to higher limits of £100,000 or £250,000 for a fixed annual cost.
    • Bespoke discounted cover - Access a panel of specialist insurers, compare options online or speak directly with an FCA-regulated advisor.

How long does the policy last?

The policy starts from your certification and lasts 12 months; the exact dates will be on the Evidence of Insurance issued with your Cyber Essentials Certificate.

How do I make a claim?

If you suffer a Breach of Confidential Information or Security Failure you should immediately contact AIG’s First Response Service on +44 (0) 1273 730992 detailing your Cyber Essentials Certificate Number (as detailed in your Evidence of Insurance).   

Remember to keep a paper copy of your Evidence of Insurance as you may not be able to access an electronic copy in the event of a data incident.

What if I have a complaint?

For claims related complaints: 

Online: https://www.aig.co.uk/home/contact-aig-uk/complaints-and-feedback
Call: +44 (0) 20 7063 5418
Email: claims.pi@aig.com

All other complaints: 

Call: 0800 012 1301
Email: uk.customer.relations@aig.com

____________________________________________________

What is the uplifted £100k & £250k Cyber Insurance

When a UK-domiciled organisation with a turnover under £20m achieves self-assessed certification covering their whole organisation to Cyber Essentials, they are entitled to £25,000 Cyber Liability Insurance.  They can choose to uplift this inclusive £25,000 Cyber Essentials cover to higher limits of £100,000 or £250,000, via Sutcliffe & Co Insurance Brokers.

The uplifted cover is underwritten by American International Group (AIG) UK Limited, and administered via Sutcliffe & Co Insurance Brokers.

From 1st January 2026

Customers can pay a fixed annual cost to increase their automatic £25,000 Cyber Essentials cover to £100,000 or £250,000 directly through Sutcliffe & Co Insurance Brokers at the following fixed annual premiums (including Insurance Premium Tax):

Client Turnover£100k Limit£250k Limit
£0 – £10m£305.76£546.56
£10m – £20m£1,347.36£1,678.88

Prior to 31st December 2025

Customers that purchased the CyberSmart Core package had the option to opt-in to £100,000 cyber insurance following completion of their Cyber Essentials certification.

Customers that purchased the CyberSmart Complete package had the option to opt-in to £250,000 cyber insurance following completion of their Cyber Essentials certification.

What is covered in the £100k and £250k policies? 

  • Liability: claims made against you arising out of Digital Media Activities and Security and Privacy Liability.
  • Event Management: The reasonable and necessary fees, costs and expenses of: Legal Expenses; IT Expenses; Data Recovery Expenses; Reputation Protection Expenses; Notification Expenses; Credit Monitoring and ID Monitoring Expenses; and First Response Expenses.
  • Extortion Threat.
  • Regulatory Investigations: (defence costs) & regulatory fines (where insurable by law).
  • Business Interruption: Loss of profit and / or operational expenses caused by a network compromise.
  • Network Interruption: The reasonable and necessary costs and expenses that a Company incurs to minimise the Network Loss, or reduce the impact of a Material Interruption; provided however that the amount of Network Loss prevented or reduced would be greater than the costs and expenses incurred.

To the limit of the policy liability.

What is not covered in £100k or £250k policies?

  • Money stolen by electronic means or cyber fraud.
  • Retentions apply: (see ‘What is not covered’ in the FAQ)
  • The £25,000, £100,000 or £250,000 limit of indemnity might be sufficient for a small breach or incident but inadequate for a serious problem or more than one incident. Higher limits of indemnity or bespoke cover are available through our enhanced insurance offering.

How long does the policy last?

The policy starts from your certification and lasts 12 months; the exact dates will be on the Evidence of Insurance issued with your Cyber Essentials Certificate.

How do I make a claim?

If you suffer a Breach of Confidential Information or Security Failure you should immediately contact AIG’s First Response Service on +44 (0) 1273 730992 detailing your Cyber Essentials Certificate Number (as detailed in your Evidence of Insurance).   

Remember to keep a paper copy of your Evidence of Insurance as you may not be able to access an electronic copy in the event of a data incident.

What if I have a complaint?

For claims related complaints: 

Online: https://www.aig.co.uk/home/contact-aig-uk/complaints-and-feedback
Call: +44 (0) 20 7063 5418
Email: claims.pi@aig.com

All other complaints: 

Call: 0800 012 1301
Email: uk.customer.relations@aig.com

____________________________________________________

What is the enhanced cyber insurance?

Cyber Essentials-certified organisations have the option to access higher-limit or bespoke cover through our FCA-regulated broker, Sutcliffe & Co Insurance Brokers. 

Customers can explore discounted policies from a panel of specialist cyber insurers - all through a quick, streamlined application process.  These policies are fully flexible, giving you the cover that fits your needs and budget, with discounted premiums applied due to your CyberSmart certification. 

What cover is available through the enhanced insurance? 

Limits up to £5 million are available online. 

For cover above £5 million, customers can contact Sutcliffe & Co Insurance Brokers directly.  

Details of what is covered and the services provided can be found in the quote and policy documents.

Who is the insurer?

The enhanced insurance is provided by a number of specialist cyber insurers who will provide you with bespoke cover to meet your needs.  The panel includes:

  • Beazley
  • CFC
  • Coalition
  • Cowbell

Your insurer details will be included within your policy documents.

____________________________________________________

Frequently Asked Questions

Do I qualify for the free £25k Cyber Insurance?

Organisations that achieve Cyber Essentials certification via CyberSmart will receive Cyber Insurance if they fulfil the following criteria:

• The entire organisation is Certified
• The organisation is domiciled in the UK or Crown Dependencies
• The organisation’s annual turnover is under £20m
• The organisation opts in to the insurance.

Why do I need Cyber Insurance?

Being compliant to Cyber Essentials has been shown to significantly reduce the likelihood and severity of a data breach. However, some risk still remains, especially if there is human error, a malicious insider or a concerted external attack. The presence of cyber insurance will provide vital incident response services and cover your costs in your hour of need. The insurance provided with certification gives you £25,000 limit of indemnity so you may want to purchase a bespoke policy with a higher limit of cover in case you suffer a severe breach.  Higher policy limits are available through our enhanced insurance journey, offering bespoke, discounted policies through an easy, streamlined process.

How do I make a claim?

If you suffer a Breach of Confidential Information or Security Failure you should immediately contact your insurer on the contact details provided within your policy documentation.

You will need your Cyber Essentials Certificate Number (as detailed in your Evidence of Insurance).   

Remember to keep a paper copy of your Evidence of Insurance as you may not be able to access an electronic copy in the event of a data incident.

It is also advisable that you inform Sutcliffe & Co Insurance Brokers that you have made a claim.

Who is insured?

The name of the insured is on your Evidence of Insurance and should correspond with the organisation that has successfully been certified to Cyber Essentials.

What security precautions must be maintained?

You are required to install & maintain automatically provided updates from your software provider for critical business software. If you have passed Cyber Essentials, this process should already be in place, but you should make sure it is maintained to ensure that the insurance remains valid. 

What if I already have cyber insurance?

You can’t claim on two policies. If you are satisfied your existing policy gives you the cover you require, then you can opt out of the cover that comes with Cyber Essentials. If you have two policies in force at the time of a claim you will need to notify both insurers.

What if my turnover is more than £20m?

Companies with a turnover above £20m are not eligible for the inclusive £25k insurance.  You can apply for bespoke cover online through our enhanced insurance journey or you can get in touch with Sutcliffe & Co. Insurance Brokers. You can email cyberessentials@sutcliffeinsurance.co.uk, call 01905 21681 or visit the website at www.sutcliffeinsurance.co.uk

What if I am not domiciled in the UK?

Only companies domiciled in the UK or Crown Dependencies are eligible for the inclusive £25k insurance.

If you require cyber insurance and you are not domiciled in the UK you can contact Sutcliffe & Co Insurance Brokers directly and they will be able to provide you with bespoke cover.

Email cybersmart@sutcliffeinsurance.co.uk, call 01905 21681 or visit the website at www.sutcliffeinsurance.co.uk. 

How do I renew the policy?

The policy is connected to your Cyber Essentials Certification and cannot be renewed on its own. To maintain cover, you will need to renew your Certification or take a separate stand-alone cyber insurance policy.

What if I don’t want insurance?

When completing the Cyber Essentials assessment, those eligible for the inclusive insurance will be asked to opt-in only if they want the cover. The cost of the Certification remains the same whether or not you opt-in. 

The enhanced insurance offering is optional and provided as a benefit of completing your Cyber Essentials certification through CyberSmart.

How do I get more information on my insurance?

Full details of your insurance policy can be found in your Evidence of Insurance. 

Remember to keep a paper copy of your Evidence of Insurance as you may not be able to access an electronic copy in the event of a data incident.

Email Sutcliffe & Co. who administer the policy, at cybersmart@sutcliffeinsurance.co.uk or call them on 01905 21681 if you need further information.