Data Breach and Cyber

Call us on 0203 058 3733 or This email address is being protected from spambots. You need JavaScript enabled to view it. to discuss your Data Breach and Cyber Insurance needs

The proposal form is the biggest hurdle in buying data breach and cyber insurance. This blog post on "Is a data breach in your future? Tips on data security" can help you to get started.

True to the MRSL Enterprise Core Value that an informed, empowered buyer of insurance will value the product, the firm has teamed up with Olive Media to provide companies training on data breach and cyber security.

Data Breach Indemnity Insurance consists of a package of covers that protect a business against the costs that follow from a data breach.

There are three major forms of data breach:

  1. Sending information to the wrong place. Usually this is caused by a member of the business attaching the wrong data to an email or sending an email to the wrong recipient(s).
  2. External loss of data. Often caused by leaving a laptop or mobile device on a train.
  3. A breach of the company systems through hacking or malware.

The losses are also numerous and include:

  1. The costs of identifying and reporting a data breach.
  2. Ransom costs and other extortion.
  3. Notification costs to those whose data has been affected.
  4. Fines and penalties.
  5. PR to mitigate reputational damage.
  6. Data and systems recovery.
  7. Business interruption and loss of revenue.

Data breach insurance as a product has a number of components to its cover designed to address specific risks identified above. A comprehensive list of these covers is given below.

A Data Breach Indemnity Insurance is a collection of the covers below chosen to suit the circumstances of a particular business with limits of indemnity set from a scenario analysis of the potential scale of losses for that business.

1: Extortion

Covers ransom or extortion costs arising from either ransomware blocking a user accessing a computer or from demands made to recover data on the computer systems of the business that were obtained through unauthorised access.

2: Denial of Access

Covers losses that arise from request flooding type of attacks that swamp websites and systems rendering them unavailable and often causing them to crash. Businesses that rely on a web portal or online sales are particularly vulnerable to this type of attack. Classic attacks styles are Distributed Denial of Service (DDoS) and Network Data Flooding.

3: Digital System Interruption

Failure of a component of the company’s computer or network system. This is not a data breach cover, but an important component of any broad insurance package.

4: Crisis Management

Public Relations, response consultants and press management services following a significant data breach or systems failure issue. Management of the public response to an issue like the Talk Talk data breach or the RBS system failure that impacted access to bank accounts.

5: Fines and Penalties

Covers and fines or penalties such as a fine by the Information Commissioner’s Office (ICO) following a breach of General Data Protection Rules (GDPR) or a breach related to card transaction regulations.

6: Legal Defence

Covers the cost of legal support through an investigation by a regulator or the legal costs of defending a third party claim relating to a data breach.

7: Digital Forensic Support

Covers the costs of technical specialists to investigate and remedy a systems breach that leads to data loss and identify the data impacted. Most good insurers provide not only the financial cover, but arrange for their own retained experts to undertake this work. Access to the appropriate skills is a significant issue for smaller businesses.

8: Notification Costs

The costs of notifying the individuals whose data has been affected following a data breach. Most data regulators, including the ICO, have notification standards. The cost of notifying a large number of people and advising them how to protect themselves following a data breach can be very large.

9: Social Media Liability

Covers the costs of claims arising from the company’s own Social Media postings. Claims can arise from liable, infringement of intellectual property, breach of confidentiality or right to privacy, and breach of comparative advertising regulations. 

10: Payment Card Data Security Compliance

Covers the cost of reinstating a payment service if it is withdrawn, including the cost of any additional security required.

11: Reinstatement of Data

Covers the costs to recover or reinstate data that has been lost damaged or corrupted.

12: Infection

Covers the cost of recovering computers from a malware or virus attack as well as the cost of claims from parties that claim that their systems were infected by malware and viruses originating in the company.

Is Data Breach and Cyber Insurance required by law?

There is no legal requirement to buy Data Breach and Cyber Insurance.

Who should buy Data Breach and Cyber Insurance?

Everyone, from individuals to sole traders and micro businesses through to major international firms are a target for hacking and computer crime. Every business should consider buying data breach and cyber insurance. MRSL Enterprise will give impartial advice on this and we have recommended that a local food manufacturer did not buy cyber insurance on the basis that their actual exposure was low and as a successful, profitable business it had the resource to deal with issues if they arose. Every business should assess their ability to sustain the business through a significant hack or attack on their computer systems, including their GDPR oblications to detect, report and investigate a data breach. If this would cause significant strain on the busness, it should consider purchasing data breach and cyber insurance.

How much does Data Breach and Cyber Insurance cost?

Some enhanced cyber cover can be added to Professional Indemnity insurances for aorund £100. These, however are not true data breach and cyber covers.

The minimum cost of a true data breach and cyber cover at a minimum is £900. The type of package the MRSL Enterprise would recommend for a private medical business is around £5,000.

Cost aside the most significan issue that small business wil lface is getting insurance at all. Insurers will require current computer security good practices in place. The National Cyber Security Centre's Cyber Essentials certificate is a great place to start.

MRSL Enterprise is providing a package of training and insurance to help small businesses understand, mitigate and insure their data breach and cyber risk. This is described on our Services page.