Cyber and Data Insurance

Is your business at risk?

Your business could be vulnerable to a data breach or loss of vital business services if you:

  • hold sensitive customer details such as names and addresses or banking information
  • are reliant on computer systems to conduct your business
  • have a website
  • are subject to a payment card industry (PCI) merchant services agreement.

 

We can offer comprehensive protection for your computer systems and data (electronic or non-electronic), all available in a single insurance policy and the price may just surprise you!

For example, if your business has an annual income of less than £250,000, a 12 month insurance policy could be available for less than £320*, offering the following covers:

  • Breach costs                                  Covered
  • Cyber business interruption     Covered
  • Hacker damage                            Covered
  • Cyber extortion                            Covered
  • Privacy protection                       Covered
  • Media liability                               Covered
  • Regulatory awards                      up to £500,000
  • PCI charges                                   up to £500,000 

 

*The Premium is subject to completion of the proposal form attached, and being able to comply fully with the statements of fact contained within.

 

What is your exposure?

As businesses become ever more reliant on technology and hold more and more data, the risks from suffering a loss related to problems with their computer systems or from holding sensitive customer data like bank account information or other personal/sensitive details, continue to grow. This can lead to costs from handling a data breach, lost revenue, a damaged reputation, and legal and regulatory costs, not to mention the associated business disruption.

 

What’s the definition of a ‘record’?

For the purpose of cyber and data, we define a ‘record’ as the details of an individual that a company processes, regardless of how many times that information is handled. For example, if you buy goods from an online retailer five times in one year, it would count as one record. Our experience shows that there is a direct relationship between the number of data subjects affected by a data breach and the costs of the breach. The volume of records therefore provides the best guide to the likely cost of a cyber and data claim.

 

I’m a small company, why do I need to buy insurance?

There’s a black market where records are sold and bought, and hackers are only getting savvier. The Department for Business, Innovation and Skills reported that 74% of small businesses and 90% of large organisations suffered a data breach in 2014 and it is becoming increasingly common.

 

My IT department is confident we are secure, do I need a policy?

Carphone Warehouse, TalkTalk and many other large corporations like them have entire departments devoted to IT security, and they still suffered a data breach. A simple oversight like not updating software, not setting appropriate user authentication procedures for third party vendors, losing an unencrypted laptop, or a rogue employee with malicious intent, can all lead to a breach.

 

I outsource my payment and card processing. I don’t have payment card exposures do I?

According to the PCI Compliance Guide, PCI compliance applies to all organisations or merchants that accept, transmit, or store any cardholder data, regardless of their size, or number of transactions. Merely using a third party company does not exclude a company from PCI compliance. It may cut down on the risk exposure and consequently reduce the effort to validate compliance but it doesn’t mean a merchant can ignore PCI compliance.

 

My data is stored in the cloud, so liability rests with them?

Not exactly. It would be in your best interest to carefully review your cloud contracts with legal counsel. Even if the risk is reduced, the liability may still fall on the shoulders of the insured. You can outsource the service but not the responsibility. Does the Hiscox policy cover offline and online exposures? Yes. The policy is triggered by the breach of electronic and non-electronic data that includes theft and loss. So you have insurance for a sophisticated hack but also for leaving a paper file on a train or sending information by email to the wrong person.

 

What is encryption?

It’s the process of encoding information so that only authorised parties can read it. Encryption is important in evaluating a company’s risk and exposure, since a breach of encrypted data is significantly less costly than a breach of unencrypted data. Encryption is a risk control measure viewed favourably by regulators including the Information Commissioner’s Office (the office responsible for the enforcement of various data regulations in the UK). Many of the fines they have levied have involved the loss of unencrypted data by organisations.

 

I have a password, is that the same as encryption?

No. Encryption is the process of scrambling the data on a hard disk so it is unusable unless accessed with a decryption key. Only using password protection means that a hacker could bypass the password to access intact data that hasn’t been encrypted.

If, having read the above, you would like a quotation for Cyber and Data insurance, we have paired up with Fusion Insurance to offer clients a policy backed by Hiscox Insurance, and by clicking below, you can download the pre-priced proposal form, complete it and send it to us and we will look after the rest.

Why delay any longer.

Find the Proposal Form here.

Powered by Drupal

Get a Quote

Get an Insurance Quote for your needs. 

Get a Quote

Call Us on 01604 823530