Incorporating Hargreaves Perkins Insurance Brokers
British Insurance Brokers' Association | Member

Cyber Liability Insurance

Cyber liability insurance shields businesses from financial and reputational harm caused by cyber incidents like data breaches and ransomware attacks. It covers costs such as data recovery and legal fees, offering essential protection tailored to each business’s specific cyber risks.

Get in touch

Cyber Liability Insurance for e-commerce and email

What is Cyber Liability Insurance?

Cyber Liability Insurance covers the risks associated with online business, internet use, network operations, and data assets. Businesses are increasingly recognising the substantial risks of liability and disruptions these activities can pose.

This type of insurance safeguards against issues arising from online activities, including breaches of privacy, violations of intellectual property rights, the spread of viruses, and other serious problems that can be transmitted from one party to another over the internet.

Who buys Cyber Liability?

Today, we all use the internet and electronic forms of communication in both our personal and professional lives. Indeed, it is difficult to
recall how we were ever able to manage without such technologies and the benefits they bring. However, our familiarity with such technologies can lead to a blase approach to the risks associated with their usage.

Anyone, but particularly firms using email, are exposed to risks. A firm with a web site now has the legal liabilities of a publisher. The Internet has spun a whole new ‘web’ of liability exposures. Cyber risks are faced not just by e-commerce companies and those doing transactions over the internet. Any organisation reliant on computer or telephone networks, digital information or the internet faces these exposures; this means just about every business in the world today.

In summary, you should seriously consider cyber liability insurance if you’re one of the following: engaged in e-commerce; reliant on computer connectivity for transactions or data exchange; stores information that can be accessed over the internet or intranet; are an online media company or publisher; you are heavily reliant on email usage.

E-Commerce Companies

These companies can be traditional companies, mail order companies or dotcoms, and tend to be within certain verticals where goods or services are most likely to be purchased online. Examples are…

  • Music
  • Books
  • Toys, games and gadgets
  • Gifts
  • Clothing
  • Wines and spirits
  • Dating agencies
  • Gambling/gaming services
  • Garden centres
  • Sports equipment
  • Travel agents
  • Vehicle sales
  • Property sales
  • Computers
  • Home appliances

Other Transactional Websites

Other transactional websites include client interactive areas, supplier interactive areas, bulletin boards, discussion forums, downloadable files, email subscription services, sales support, etc. Examples are…

  • Hotels
  • Charities
  • Cinemas
  • Theatres
  • Shows and Box Offices
  • Trade Associations
  • Logistics
  • Travel Agents

Companies who store sensitive or critical data

Examples are…

  • Lawyers
  • Accountants
  • Insurance Brokers
  • Hotels
  • Surveyors
  • Architects
  • Housing Associations
  • Local Authorities
  • Security/Alarm Companies
  • Sporting Sectors
  • Recruitment Consultants

Companies with a large amount of information on their websites

Examples are…

  • Online Content Publishers
  • Local Newspapers
  • Content Aggregators
  • Radio / TV
  • Magazine internet ‘news’ site

When should I consider Cyber Insurance?

Creating a website is simple. The exposures that come with it are not. Privately owned companies that venture onto the web face liability exposures that are emerging, evolving, and complex.

Commercial companies that disseminate information to the public via web sites face the same legal exposures as publishers, yet most have little or no concept of their resulting legal responsibilities. Moreover, new legislation continues to create potential liabilities, particularly in the areas of user privacy and domain name infringement.

Why do I need Cyber Insurance Cover?

Traditional liability products do not address Internet exposures and the risks involved in Internet business have blossomed with the worldwide web itself. It is thought a third of UK businesses believe that their general insurance policies provide full cover for damage arising from security breaches or data loss, and another third admit that they do not know. Only one in six businesses correctly believes that there is no cover.

By disseminating information to the public via a website, commercial businesses now have some of the same exposures as publishers. These include conventional publishing exposures such as copyright infringement, defamation and invasion of privacy, as well as emerging exposures related to operating on the Web.

The universe of potential plaintiffs is staggering, given the number of people and organizations that are currently surfing the Net. A potential legal action from just one of them could be costly. In one case, a company improperly used a sports celebrity’s name and photograph on its web site, and the celebrity sued for the “fair market value” of his name, plus additional damages of $750,000. Clearly, the potential liability associated with web site content is already great, still growing, and rapidly evolving.

For a company operating in today’s high tech world, your computer network will more than likely provide internal and external email. You will probably have your own web site providing information about your company, its products and services with many companies now offering e-commerce facilities.

Information Security must be seen as a management and business challenge, not simply a technical issue to be handed over to the experts. To keep your business secure you must understand both the problems and solutions. Since Information Security relies as much on policies and a procedure as it does on IT defences it is clearly a top-level management issue. The Turnbull Report also imposes duties on public company directors to identify, manage and take an informed opinion on the transfer of these risks.

Coverage

Defence costs and legal liability due to:

  • Defamation, breaches of privacy, breaches of intellectual property rights or the breach of any statutory duty as a result of any electronic communications.
  • Third parties’ financial losses as a result of a hacking attack or virus that emanated from the insured’s computer systems or due to their inability to access the insured’s computer system.
  • Damage to computer systems as a result of a virus or hack attack.
  • Business Interruption (loss of revenue) as a result of a virus or hack attack.
  • Ransom demands or threats to introduce a virus or hack into the insured’s computer systems.
  • Legal expenses incurred in the enforcement of intellectual property rights on the internet.
  • The costs of a public relations consultant to mitigate reputational damage as a result of any loss that is covered under the policy.

Do you require cover? What is the exposure?

Do you have a website?

  • Breach of intellectual property rights
  • Libel and slander
  • Misleading advertising/pricing

Do you hold HR/payroll data on your network?

  • Breach of employees’ privacy rights

Do you allow staff to use email and the internet?

  • Libel and slander
  • Damage to your systems due to a virus or hacking attack
  • Damage to third parties’ systems by you forwarding a virus
  • Employees creating or sending a virus to your business contacts
  • Employees hacking activities
  • Employee claims for an inappropriate workplace
  • Breach of Data Protection Act

Do you allow suppliers to access your network?

  • Damage to your computer systems due to a virus or hacking attack
  • Consequential loss to your business due to downtime

Do you operate a bulletin board, blog, discussion forum or chat room?

  • Libel and slander
  • Breach of intellectual property rights or confidentiality

Do you have sensitive data accessible through your web server?

  • Libel and slander
  • Breach of intellectual property rights or confidentiality
  • Breach of Data Protection Act

Do you transact business via your website or rely heavily on email?

  • Damage to your systems due to a virus or hacking attack
  • Your lost revenue due to a virus or hacking attack
  • Breaches of statutory duties regarding the advertising or sale of goods or services by e-commerce.

Do you hold/obtain customers’ credit card details and personal details on your network?

  • Breach of Data Protection Act
  • Third parties’ financial loss due to dishonesty of your Employees

Claim Examples

THIRD PARTY CLAIMS
Claims made against you for internet or email libelNorwich Union paid Western Provident £450,000 in order to settle an action that an email at Norwich Union incorrectly alleged that Western provident was about to be investigated by the DTI.
Claims made against you for breaches of intellectual property rightsEasy Group sought compensation from sixty separate companies who had the word “easy” in their registered internet domain name. In one specific case Easy Group took legal action against easypeople.co.uk and demanded that they pay the fee of £100,000 for its legal costs in pursuing the matter.
Claims made against you for breaches of confidentiality or rights of privacy (for example, a breach of the Data Protection Act)A list of more than 1,800 web users and their personal details has been left at http://www.ukshops.co.uk/, an online shopping mall that directs buyers to well-known names such as Boots, Comet, Debenhams and Interflora. On display were users’ names, email addresses, postal addresses, gender and age group. Following the press’s investigation, the UK information Commissioner’s Office agreed to act on behalf of the thousands of consumers who had their details exposed.
Claims made against you for misleading pricingKodak mis-priced a top quality digital camera at £100 instead of £329. Not surprisingly they received over 10,000 orders in a very short space of time. Following press coverage and the threat of legal action, Kodak honoured the contracts which cost them over £2.3m.
Claims made against you for jurisdictional issuesYahoo’s litigation with the French courts over the availability of Nazi memorabilia on Yahoo’s sites has lasted for over four years now.
Claims made against you for any errors or omissions in the provision of technology services to your clients (coverage only offered if applicable)Client held software consultant accountable for failure of bespoke accounting system to work. Total loss exceeded £500,000.
Claims made by your employees for an inappropriate workplace (for example for sexual harassment)Claims made by your employees for an inappropriate workplace (for example for sexual harassment)
Claims made by your employees for breaches of confidentiality due to you misusing their date.British Gas was forced to pay over £200,000 to an ex-employee arising from the comments circulated via the internet that breached his privacy.
FIRST PARTY CLAIMS
The costs incurred in repairing the damage caused to your computer systems and finding, replacing or restoring your computer records as a result of a hack attack or virus.A computer engineer who had been employed to update the computer system of a sheet metal company was fired due to incompetence. When the company refused to pay the engineer, he hacked into its computer system and deleted their files. It cost the company over £70,000 to rectify the damage.
Reinstatement of your lost revenue due to your inability to conduct trade electronically as a result of a hack attack or virus.

In an October 2004 UK court judgement, it was deemed that there was no cover for Tektrol’s business interruption loss under their all risks policy, due to the ‘erasure of information on computer systems’ exclusion. Tektrol’s loss was due to the combination of a burglary and a virus.

Uninsured losses do not tend to be reported, but the 2004 DTI Information Security Breaches Survey found that 1% of security breaches disrupted the company for more than a week and a further 1% for over a month.

Your losses as a result of third parties using your computer systems to steal your money.Citibank lost £6.25m to a hacker using an old computer in an accountancy office in St Petersburg, USA. He was arrested in the UK and extradited to the US where he is now serving a prison sentence. The FBI has still not recovered £250,000 of the funds.
Ransom demands or threats to introduce a virus or hack into your computer systems, or to disseminate the data you hold on your computer systems.A dismissed IT department employee encrypted the entire database of his previous company and then demanded £1m in ransom. The company were preparing to call his bluff, when it found out that not only had he actually succeeded, but that it would cost at least £5m in computer and employee time to undo the damage.
Your legal expenses incurred in the enforcement of your intellectual property rights on the internet.Road Tech Computer Systems found that a competitor, Mandata, had been using Road Tech Computer System’s registered trademarks as metatags on their web site. By doing this, Mandata had ensured that internet traffic was diverted to them. Road tech Computer Systems sued Mandata successfully and received £80,000 in compensation.

Quotations

Rowlands & Hames would be delighted to obtain a Cyber Liability quotation on your behalf. The information provided in this Technical Bulletin has been kindly provided by CFC Underwriting and we gratefully acknowledge their assistance in preparing this document.

CFC Underwriting and its award- winning Cyber Liability Policy is Rowlands & Hames’ preferred underwriter and policy wording. The detail of cover provided above is based upon this specific contract. Rowlands & Hames have access to other underwriters and policies should our preferred policy not be suitable.

Premiums start from as little as £250 plus insurance premium tax for simple email and internet insurance for a basic website.

Insurance policies tend to have certain subjectivities and exclusions. Our preferred policy relies on just two major subjectivities and exclusions relating to ‘back-up’ procedures and ‘obscenity controls’.

Policy limits and exclusions may apply, please see policy wording for full terms and conditions.

Contact the Team

Mike Watkinson Dip CII | Account Manager
Mike Watkinson Dip CII
web-five

Testimonials

Scroll to Top
Broker Banner
This element will fade in after scrolling 20% of the page length.