When an organisation with a annual turnover of less than £20 million achieves self-assessed certification covering their whole organisation, either to the basic level of Cyber Essentials or to the IASME Standard, the business is automatically awarded Cyber Liability Insurance.
The cover, underwritten by AIG and brokered through Sutcliffe & Co, can be briefly described as follows:
£25,000 limit of indemnity covering:
Event Management
Costs to engage Legal, IT Forensics, Data Restoration, Reputational Protection, Notification Costs and Credit and ID Monitoring services following an actual or suspected breach of personal or corporate information, an IT security or system failure.
Insurers will pay:
Defence costs in respect of a regulatory investigation, and;
Any lawfully insurable data protection fines that the Company is legally liable to pay in respect of any regulatory investigation with regards to a breach of the Data Protection legislation
Liability to others affected
Damages and defence costs arising from:
An actual or alleged breach of data
An actual or alleged security failure
The failure to notify a Data Subject and/or any Regulator of a breach of personal information in accordance with the requirements of Data Protection Legislation
An actual or alleged breach of duty by the Information Holder in respect of the processing information (for which the Company is responsible) on behalf of the Company
A major breach may well require more than the £25,000 cover. Higher limits of indemnity and extensions to the cover are available on request.