Cyber and data insurance

Covers you against the cost of:

  • expert consultants, including IT forensics, legal and PR required to investigate and respond to a cyber attack or data breach
  • responding to claims and investigations alleging a breach of GDPR
  • fraudulent transactions made to criminals following a phishing attack
  • lost revenue suffered because of a range of cyber threats, including where caused by damage to your reputation
  • losses suffered by directors of the business in their personal capacity

You may face additional risks if:

  • you hold sensitive customer data, such as banking information
  • you are reliant on computer systems to run your business
  • you connect with your customers online
     


Policy documents

Policy summary - Cyber and data insurance

A summary of the key features and limitations of your policy

Policy wording - Cyber and data insurance

For the terms and conditions of your policy

What's covered

We will pay for losses incurred by you if you suffer:

  • the unauthorised acquisition, access, use or disclosure of personal data or confidential corporate information;
  • a failure by you, or others on your behalf, to secure your computer system against unauthorised access or use;
  • a threat to damage your systems or disseminate sensitive information, following unauthorised access to your systems;

If you suffer any of the above, we will pay:

  • the costs of computer forensic analysis to confirm a data breach;
  • legal costs incurred to manage a data breach;
  • costs incurred in notifying data subjects and any regulatory body, and providing credit monitoring services;
  • the cost of a ransom demand and specialists to handle ransom negotiations;
  • costs to regain access to or restore your data assets from back-ups or other sources;
  • the costs to appoint a public relations consultant to protect your reputation and manage your media; and
  • the costs to engage a consultant to manage your response to the incident.

We will also cover you if:

  • a claim is made against you for breach of confidence, personal data, sensitive commercial information or any contractual duty of confidentiality;
  • an investigation is commenced arising from the unauthorised acquisition, access, use or disclosure of data, or breach of a law governing the handling of personal data, including GDPR investigations;
  • a claim is brought against you for breach of PCI-DSS;
  • a claim is brought against you for infringement of intellectual property rights, defamation or breach of licence arising from your email, website or social media accounts; or
  • a claim is brought against you for transmission of a virus, or prevention of authorised access to a computer system or data.

Cyber Business Interruption cover

If you include Cyber Business Interruption cover, we will pay for losses incurred by you if you suffer:

  • a digital attack designed to disrupt access to or the operation of your computer system;

If you include Cyber Business Interruption cover, we will pay for losses incurred by you if you suffer:

  • additional business expenses caused directly by a cyber attack;
  • your loss of income and additional costs of working if your business suffers an interruption or if your reputation is damaged;

Financial crime cover

If you select to include financial crime cover, we will pay for your losses if you discover a loss from:

  • electronic theft of money, securities or property;
  • criminal use of your telephone lines;
  • you transferring money, securities or property in direct response to a social engineering communication;
  • a client transferring money, securities or property in response to a social engineering communication following a breach of your network;
  • the fraudulent or dishonest use of your electronic identity.

We will also:

  • pay the lesser of 10% of the amount of the claim, loss or liability or £10,000, to upgrade existing hardware and software and to obtain risk management advice to prevent or minimise a recurrence of certain claims or losses;
  • cover your statutory directors, partners or officers if they suffer a loss or a claim is brought against them in their personal capacity which would have been covered under the policy if suffered by, or brought against, you; and
  • pay court attendance compensation.

You'll also get access to the Hiscox Risk Academy, an online cyber security training platform for you and your employees. If 80% of your employees successfully complete the training, then your excess will be reduced by £2,500 (or waived if the excess is below £2,500)

For full details of what's covered, see your policy documents.

What's not covered

We do not pay for any claims, losses, breaches, privacy investigations or threats due to:

  • the provision of professional advice or services;
  • breach of intellectual property rights, other than where arising due to a data breach by a third party, a security failure, or any claim under the Online liability section;
  • a hack by a partner or director of yours;
  • bodily injury (other than for mental anguish or distress following a claim for defamation or breach of privacy) or damage to tangible property;
  • degradation or deterioration of your computer system;
  • the use of any outdated or unsupported software or systems;
  • anything you knew or ought reasonably to have known about before the policy started;
  • any acts or omissions you deliberately or recklessly commit, condone or ignore;
  • any personal social media posts;
  • online liability claims brought by your current or former employees; or
  • any criminal, civil or regulatory fines, other than PCI charges and regulatory awards where legally insurable.

For full details of what's covered, see your policy documents.

 

 

 

What do you mean by personal data?

For the purpose of this policy, personal data is any information you hold relating to a living person that could identify that person either by itself or alongside other information you hold or could hold in the future. This could be, for example, personal information such as a phone number, email address or home address. This also includes credit card numbers of customers.

Does CyberClear insurance protect me if one of my employees hacks my computer system?

Yes, we will cover you if an employee maliciously targets you and gains unauthorised access to your computer system. However, independent contractors, if you use them, and any partners in your business would not fall within the definition of a hacker, and so misuse of your computer systems by them would not be covered.

Does CyberClear insurance only cover my digital data?

No, non-electronic data is also covered, so you will also be protected if, for example, a briefcase containing sensitive paperwork is left on a train or stolen.

I store my data in the cloud; is this cover relevant for me?

Yes. Although the storage of the data has been outsourced, as a data controller, you are still ultimately responsible for it. Our policy specifically responds to breaches of data held on your behalf by third parties.