Cyber Liability Insurance cover is automatically awarded to organisations when they achieve the basic level of Cyber Essentials certification or the IASME Information Governance standard across their entire organisation; provided that they are domiciled in the UK and have a turnover under £20,000,000.

The policy is underwritten by AIG and brokered through Sutcliffe & Co. It provides £25,000 limit of indemnity covering:

Event Management

Costs to engage Legal, IT Forensics, Data Restoration, Reputational Protection, Notification Costs and Credit and ID Monitoring services following an actual or suspected breach of personal or corporate information, an IT security or system failure.

Data Protection Obligations

Insurers will pay:

  • Defence Costs in respect of a Regulatory Investigation, and;
  • Any lawfully insurable Data Protection Fines that the Company is legally liable to pay in respect of such Regulatory Investigation with regards to a breach of Data Protection Legislation


Damages and Defence Costs arising from:

  • An actual or alleged breach of data
  • An actual or alleged security failure
  • The failure to notify a Data Subject and/or any Regulator of a breach of personal information in accordance with the requirements of Data Protection Legislation
  • An actual or alleged breach of duty by the Information Holder in respect of the processing information (for which the Company is responsible) on behalf of the Company


Frequently Asked Questions

How do I make a claim?

If you suffer a data breach, hack or other cyber incident you should immediately contact the 24 hour helpline listed on your insurance schedule. The policy will provide crisis management and incident response services appropriate to your circumstances. Do not delay in reporting the incident as this could jeopardise the claim. Remember to keep a paper copy of your insurance schedule as you may not be able to access an electronic copy in the event of a data incident.

Who is the insurer? 

The insurance is provided by AIG. In the event of a claim they will appoint their specialist consultants to assist and advise you.

Who is insured?

The name of the company insured is on your insurance schedule and should correspond with the company that has successfully been certified.

What limit of cover is provided?

The insurance provided with certification gives you a £25,000 limit of indemnity. You may well require a higher level of indemnity.  If this is the case, please contact [email protected] or call 01905 21681.

How can I get additional cover?

For additional cover or higher limits of indemnity contact [email protected] or call 01905 21681. Additional options include payment of ransoms / extortion, business interruption / loss of revenue, phone phreaking, social media, outsourced service providers and invoice fraud.

What does it cost to get additional cover?

The cost of additional covers will depend upon what cover you want, the limit of indemnity you require and the nature of your business. To discuss options contact [email protected] or call 01905 21681.

What is not covered?

Full details of what is and is not covered can be found in your policy wording. Some of the things that are not covered include: Business Interruption, Phone Phreaking, Outsourced Service Providers, Social Media, Ransoms and money that may have been stolen from you or defrauded from you. If you would like insurance to cover these aspects please contact [email protected] or call 01905 21681.

What if I already have Cyber Insurance?

If you already have cyber insurance the policy provided with your certification becomes inoperative. There is no refund or discount.

What if my turnover is more than £20m?

Companies with a turnover above £20m are not eligible for the automatic insurance. If you would like to discuss options or would like a quote please contact [email protected] or call 01905 21681.

What if I am not domiciled in the UK?

Only companies domiciled in the UK are eligible for the insurance. UK subsidiaries may be considered, contact [email protected] or call 01905 21681.

How long does the policy last?

The policy starts from your certification and lasts 12 months, the exact dates will be on your insurance schedule. If you wish to maintain your insurance beyond that date you will need to renew your Cyber Essentials certification with IASME or one of their CBs. If you do not renew your certification then you may purchase Cyber Insurance from your insurance broker or Sutcliffe & Co; contact [email protected] or call 01905 21681.

How do I renew the policy?

The policy is connected to your Certification and cannot be renewed on its own. To maintain cover you will need to renew your Certification or take a separate stand-alone cyber insurance policy.

What if I don’t want insurance?

When you complete the Cyber Essentials assessment there is an option to opt out of the insurance. This does not affect the cost.

How do I get more information on the Insurance?

Contact [email protected] or call 01905 21681.

Why do I need Cyber Insurance?

Being compliant to Cyber Essentials has been shown to significantly reduce the likelihood and severity of a data breach however, the risk still remains, especially if there is an accidental or deliberate internal breach or a concerted external attack. The presence of cyber insurance will provide vital incident response services and costs in your hour of need. The insurance provided with certification gives you £25,000 limit of indemnity so you may want to purchase a higher limit of cover in case you suffer a severe breach.