What do the UK's top cyber insurers cover?

Firms step up to deliver the right protection

What do the UK's top cyber insurers cover?

Cyber

By Mark Rosanes

The disruption caused by the pandemic has prompted many businesses to expand their digital footprint, giving cybercriminals a wider opportunity to wage an attack. This was evident last year when one in 10 UK firms admitted to being a victim of cybercrime, according to a recent survey conducted by the British Chamber of Commerce (BCC) and information technology company Cisco.

The study revealed that the number went up to one in seven for businesses with at least 50 employees. More than half of the 1,000 respondents also believe that their risk exposure has increased due to work-from-home arrangements. But one of the most concerning findings of the research was that only one in five firms have cybersecurity accreditation in place, leaving most businesses highly vulnerable to attacks.

This situation has driven many insurance companies to step up efforts to deliver the coverage that UK businesses need – endeavours which Insurance Business recognised with the release of the 2022 Insurance Business UK (IBUK) 5-star Cyber Report.

To determine the best cyber insurers in the UK, Insurance Business enlisted the help of some of the industry's top experts. For 15 weeks, the IBUK research team conducted one-on-one interviews with specialist brokers and surveyed more within the magazine’s network to gain a keen understanding of what insurance professionals think of current market offerings.

As part of the selection process, brokers were quizzed on what features they thought were most important in a cyber insurance policy and then asked how the insurers they dealt with rated those attributes. Afterwards, insurers were measured on the strength of their relationships with brokers, their ability to handle claims, underwriting expertise and, most importantly, the strength of their individual products.

QBE, one of this year’s top insurers, said that the nation’s cyber threat landscape has changed significantly since the onset of the pandemic, pushing the company to utilise its knowledge and expertise to assist its clients.

“As a result of emerging claims trends, QBE has implemented minimum risk controls for all customers in order to ensure the long-term sustainability of our portfolio,” said David Warr, the company’s portfolio manager, cyber & TMT. “It is important to understand that many customers are at different stages of their IT security improvement plan, and we have worked with existing customers to explain these changes in a timely manner and provide our own evidence from claims we have received as to why they are so important to protecting against malicious threat actors.”

These are the insurance companies that stood out, based on IBUK’s research, along with the coverages each firm offers. The complete list of five-star cyber insurers, along with the full version of the 2022 cyber report, can be viewed here.

Insurer/Policy

Coverage and benefits

QBE Cyber Insurance

Coverage:

  • Cyber liability
  • Online media liability
  • Data breach legal costs
  • Forensics
  • Public relations expenses
  • Credit monitoring and identity theft costs
  • Regulatory defence and penalty costs
  • Payment Card Industry (PCI) data security
  • Standards costs
  • Data restoration
  • Cyber business interruption
  • Full media liability (optional)
  • Cybercrime costs (sub-limited, optional)

 

Benefits:

  • 24-hour support services
  • Free access to the QBE Cyber Risk Management Portal

AIG CyberEdge Cyber Liability

Coverage:

  • Security and privacy liability, including data protection investigation and data protection fines, and cyber liability
  • Network interruption, including network interruption losses, interruption and mitigation costs, and loss preparation expenses
  • Event management, including legal, IT, data recovery, reputation protection, notification, credit monitoring and ID monitoring, and first response expenses
  • Cyber extortion

 

Benefits:

  • Expert IT and legal response with no retention for 48 or 72 hours
  • Access to complimentary cyber loss control services
  • Access to CyberEdge video cover summary library

Aviva Cyber Insurance

Coverage for organisations’s assets:

  • Breach response, including forensic experts, legal advice, notifying affected customers and offering credit or identity fraud monitoring services
  • Damage to data, websites, and software
  • Loss of revenue due to a malicious attack, extortion or a data breach company’s IT systems or outsourced IT or data provider
  • Additional expenses to reduce revenue loss such as hiring extra staff or equipment
  • Extortion, including recovery costs or ransom payment
  • Costs of notifying customers of a data breach
  • Loss of the business money due to an external hack or by social engineering fraud
  • Cost of unauthorised telephone calls and charges made by an external hacker
  • Protection against a breach of Data Protection Regulation where insurable by law, including defence costs and regulatory fines

 

Third-party liability covers compensation and defence cost if a claim is made against the company for:

  • Negligently transmitting a virus to a third party
  • Data privacy and confidentiality liability
  • Financial loss resulting from the loss, disclosure, or destruction of third-party confidential commercial information
  • Costs resulting from non-compliance with payment card industry data security standards, including fines, charges, and recertification costs
  • Multimedia liability, including copyright or trademark infringement from use of online media

Brit Cyber Attack Plus (BCAP)

First and third-party coverage for:

  • Physical damage and bodily injury
  • Business interruption from property damage (PD) events
  • Mitigation
  • Enhanced legal liability resulting from a cyberattack
  • Privacy and security liability
  • Regulatory fines and penalties
  • Breach response costs
  • PCI coverage
  • Cyber extortion
  • Business interruption
  • Data restoration

Celerity Pro Cyber Liability

  • Blanket additional insured status where required by contract
  • Data breach first responder paid at first dollar
  • 24/7 data breach hotline
  • Affirmative regulatory coverage in absence of a security breach
  • Unintentional wrongful collection covered
  • Forensic accounting costs covered at full limits
  • Coverage for PCI fines and assessments
  • Up to US$5 million (about 3.8 million) aggregate limit
  • Up to US$250 million (about £189.7 million) revenue
  • Worldwide coverage

 

Optional coverages:

  • Cybercrime endorsement, including social engineering and invoice manipulation
  • Dependent business interruption, system failure, and dependent system failure
  • Reputational harm
  • Preventative shutdown
  • Betterment
  • Bricking

CFC Underwriting Cyber Large Corporates

  • Nil deductible for incident response costs
  • Senior officer liability for cyber events
  • Technology supply chain failure
  • Cover for operational IT risk
  • System repair costs
  • Full retroactive cover
  • Contractual liability

Chubb Cyber Enterprise Risk Management Insurance

  • Business interruption loss due to a network security failure or attack, human errors, or programming errors
  • Data loss and restoration including decontamination and recovery
  • Incident response and investigation costs, supported by a 24-hour multilingual incident reporting hotline and on-demand vendors
  • Delay, disruption, and acceleration costs from a business interruption event
  • Legal costs, including exercising contractual indemnity
  • Crisis communications and reputational mitigation expenses
  • Liability arising from failure to maintain confidentiality of data
  • Liability arising from unauthorised use of company’s network
  • Network or data extortion, or blackmail (where insurable)
  • Online media liability
  • Regulatory investigations expenses

CNA NetProtect 360

  • Media liability
  • Network security, privacy, and regulatory proceedings, including fines
  • Privacy event expenses
  • Extortion
  • Privacy regulation investigation
  • Crisis response
  • Business interruption and extra expenses
  • Network restoration
  • Bricking

 

Via endorsement:

  • PCI loss
  • Dependent business interruption and extra expenses
  • Reputational harm
  • Network failure
  • Dependent network failure
  • Voluntary shutdown
  • E-theft, social engineering, and telephone fraud

DUAL Corporate Risks Cyber

  • Security and privacy liability
  • Business interruption
  • Crisis management
  • Notification costs
  • Cyber extortion

HSB Cyber Suite

First-party coverages:

  • Data compromise response
  • Computer attack
  • Cyber extortion
  • Misdirected payment fraud
  • Computer fraud
  • Telecommunications fraud coverage
  • Identity recovery

 

Third-party coverages:

  • Privacy incident liability
  • Network security liability
  • Electronic media liability

 

Benefits:

  • Access to Cyber Safety risk management tools
  • Access to eRisk Hub website

Hiscox Cyber Insurance

  • Protection against GDPR non-compliance claims
  • Compensation for loss of income due to a data breach
  • Recovery from reputational damage
  • Forensic investigations to aid data recovery, plus legal advice
  • Help to notify regulators after an attack
  • Repair or replacement if cyber events damage company’s equipment
  • Indemnity for losses incurred if company’s supplier faces a breach
  • Consultancy support
  • Liability support if a third-party alleges the company transmitted a virus

Markel Direct Cyber Insurance

  • Costs of restoring data and equipment
  • Informing clients of a data breach
  • Meeting ransom demands
  • Loss of net profit
  • Legal defence costs and damages the company is legally liable to pay to other parties

MPR Underwriting Cyber Incident Response and Insurance

  • Cyber incident response and expenses
  • Privacy regulatory actions
  • PCI loss
  • Business interruption
  • Contingent business interruption
  • Cyber extortion threat, cybercrime and crime expenses
  • Privacy and network security liability
  • Media liability
  • Reward expenses
  • Court attendance costs

NMU CyberSafe

First-party coverage key features:

  • Cyber response
  • Cyber restoration
  • Cyber expense
  • Cyber extortion
  • Business interruption
  • Cybercrime, including customer payment fraud, social engineering fraud, telephone hacking and theft of money, goods, property, and services

 

Third-party coverage key features:

  • Cyber liability
  • Network liability
  • Media liability
  • PCI liability (optional)

 

Benefits:

  • Full access to broker-administered step-by-step quote and bind e-trade platform
  • Immediate issuance of full contract certain quotations and policy documentation
  • No statement of fact/preconditions
  • 24/7 integrated breach response

Paragon Cyber, Technology Errors & Omission Insurance

  • Network security and privacy liability
  • Privacy breach expenses, including forensics, incident response costs, legal, and PR
  • Regulatory investigations
  • Business interruption, including loss of income and extra expense
  • Reputational business interruption
  • Cyber extortion
  • Social engineering and invoice manipulation
  • Technology errors and omissions

Pen Underwriting Cyber Insurance

  • Breach costs
  • Costs for damage to data or programs
  • Insured’s network failure, including income loss and extra expense
  • Cyber extortion and ransomware
  • Network security, privacy, and confidentiality liability
  • Network security, privacy liability (regulatory)
  • Multimedia liability
  • Cyber terrorism
  • PCI data security standard (DDS), including fines, penalties, and assessments

 

Extensions:

  • Outsource service provider or cloud service provider failure, including income loss and extra expense
  • E-theft

RSA Cyber Risk Insurance

  • Data liability
  • Network security
  • Remediation costs
  • Cyber business interruption

 

Extensions:

  • Multimedia activities
  • PCI data security standard
  • Compensation for court attendance
  • Withdrawal of content
  • Cyber extortion

Zurich Insurance Cyber

  • Flexible aggregate limit of indemnity up to £2,000,000
  • Business income loss and increased cost of working
  • Privacy breach and reputational rebuild costs
  • Security and privacy liability
  • Regulatory proceeding defence costs
  • PCI-DSS payments
  • Emergency costs
  • Digital asset replacement expenses
  • Cyber extortion threat and reward payments
  • Cyber terrorism
  • Internet media liability
  • Computer hardware damage costs
  • Crisis management (provided when buying a policy limit of £100,000)
  • Civil fines and penalties

Related Stories

Keep up with the latest news and events

Join our mailing list, it’s free!