Cyber Liability Insurance

It's free if you do Cyber Essentials.

Edit: misread title lol

I feel that Cyber (I avoid including liability, as it's not necessarily cover for your liability), whilst certainly a useful cover for some and not necessarily missold as such, is being sold on the immaturity of the product, people identifying another area of insurance to discuss and possibly up/cross sell and the scaremongering surrounding GDPR etc.

It's worth asking your broker who it is that they'd be providing their policy through. After all, in the event of an incident, your cover is only as good as the support behind it and in this kind of area, you'd be worthwhile engaging an insurer who provides dedicated claims support (rather than providing the costs associated with a claim) so that you can be back up and running soonest. There are some particularly good insurers out there but it's worth bearing in mind that with the product itself being so young, covers can vary and it's not as "like for like" as some general commercial insurances are.

To give you an idea of the variances:

Some insurers are claiming they will pay fines/penalties - but this cannot necessarily occur as fines/penalties are not meant to be insurable
Some insurers provide cover for you losing third party monies due to you being duped - this is quite rare
Some insurers provide "cyber crime" but all may have their own definition of what the cyber event in question is

From your post, it seems as if you're concerned about hitting an attachment, which is malicious, which then effects your own systems? Do you rely on your systems to work, will it cause an interruption and possible loss of income/profit? Are you concerned about ransomware infecting your system through an attachment? All of these are very much "first party" i.e. issues that would affect you and is normally covered under a cyber policy.

If I were you, I'd be discussing real world examples with your broker and identifying if the insurer they're putting forward (bear in mind a lot of insurers are now attempting to jump on the bandwagon for this type of cover and offering bolt-on policies to existing general commercial policies) can meet your expectations.

Good luck, a bit of a minefield but an interesting one to keep up with!

Forgot to add, worth speaking to insurance_jon on here, believe his offices are local to you, too.

Some good advice although on the Cyber Essentials I would be looking at a much higher limit than £25k, the costs can quickly rack up if a claim/assistance was required. I'd suggest keeping an eye on your broker suggesting CFC as they seem to be ahead of the game for the wording and covers, Hiscox are good having recently updated the offering and also provide online courses if this appeals.

I work in the PI side of insurance and the Cyber/Crime side of things has grown considerably over the past few years....still trying to get my head around it!

Aren't we all!

Agreed re: CFC - up until very recently I would only offer CFC as an option in respect of Cyber. I will say the product Angel released at the back end of last year strikes me as a good cheaper alternative now though.

I arranged some cover for an IT Consultant last month with CFC - he's got the £25k AIG policy because he's done Cyber Essentials but didn't feel that was enough. Plus, for him, he was worried about a third party claim - that AIG policy only covers first-party losses iirc.

if you go the cyber essentials route and want a free tool to help with going through the process - https://www.titania.com/customers/bonus-tools/risk...

note: i'm bias, but we created the tool in collaboration with UK Gov back in 2016. Hope it helps!