What's covered
A comprehensive cyber policy provides a joined-up response across the full range of risks your business faces — from the first moment of a breach through to recovery and regulatory response.
Data Breach Response
When a breach occurs, the clock is ticking. Cyber insurance covers the immediate response costs that can mount up fast — forensic investigation to understand what happened and how, legal advice, regulatory notification costs, and credit monitoring for affected individuals. It also covers the reputational management costs of communicating professionally with clients and the media.
Cover includes
- Forensic investigation and IT remediation
- Legal advice and notification costs
- Credit monitoring for affected individuals
- PR and crisis communications support
Business Interruption
A cyber attack can bring your business to a standstill. Business interruption cover compensates for the income you lose while your systems are unavailable — including the additional costs of operating in a degraded state while recovery is underway. Cover applies to both attacks on your own systems and to service failures at third-party providers you depend on.
Cover includes
- Lost revenue during system downtime
- Extra costs of working in a degraded state
- Third-party cloud or service provider outages
- System recovery and restoration costs
Cyber Extortion & Ransomware
Ransomware attacks have become the most common and disruptive type of cyber incident. Cover provides specialist negotiators, ransom payment (where permitted) and the costs of responding to extortion threats. It also includes the IT forensics needed to safely restore your systems and verify that malware has been fully removed.
Cover includes
- Specialist ransomware negotiators
- Ransom payment (subject to legal and regulatory position)
- Post-incident IT forensics and restoration
- Extortion threat response costs
Third-party Liability
If a cyber incident at your business results in loss or harm to a client, supplier, or other third party — for example, their data is exposed through your systems — they may bring a claim against you. Cyber liability cover pays your defence costs and any damages awarded, including claims arising from failure to protect personal data under GDPR.
Cover includes
- Defence costs and damages for third-party claims
- GDPR and data protection liability
- Media liability for online content
- Errors and omissions related to cyber incidents
Regulatory Fines & Penalties
Data protection regulators — including the ICO in the UK — can impose significant fines for breaches of GDPR or the Data Protection Act. Where insurable under applicable law, cyber policies can cover regulatory fines and the legal costs of responding to regulatory investigations. We'll advise you clearly on the extent of cover available in your specific circumstances.
Cover includes
- ICO investigation costs and defence
- Legal costs in regulatory proceedings
- Regulatory fines where insurable under law
- PCI DSS fines (where applicable)
SME or mid-market?
The right cyber policy looks different depending on the size and complexity of your business. SMEs typically need a policy that's straightforward to bind and covers the core risks — data breach, ransomware, business interruption. Mid-market and larger businesses often require bespoke wordings, higher limits, and more nuanced coverage for supply chain and third-party exposures.
We work across both segments. Our advisors will help you identify the limits, sub-limits, and endorsements that actually matter for your specific risk profile — without over-engineering a policy you don't need.
Want to discuss your cover options?
Every business's cyber risk is different. Talk to one of our specialists to find out what level of cover makes sense for yours.
Talk to a specialist