Cyber Liability

Insurance from Rowlands & Hames.

Cyber Liability Insurance for e-commerce and email

What is Cyber Liability Insurance?

Cyber Liability Insurance addresses the first-party and third-party risks associated with e-business, the internet, networks and information assets. Companies are increasingly understanding the huge potential for business liability and operational losses.

Cyber Liability Insurance coverage offers protection against exposures arising out of internet communications including privacy issues, the infringement of intellectual property, virus transmission, or any other serious trouble that may be passed from the first to the third parties via the web.

Who buys Cyber Liability?

Today, we all use the internet and electronic forms of communication in both our personal and professional lives. Indeed, it is difficult to
recall how we were ever able to manage without such technologies and the benefits they bring. However, our familiarity with such technologies can lead to a blase approach to the risks associated with their usage.

Anyone, but particularly firms using email, are exposed to risks. A firm with a web site now has the legal liabilities of a publisher. The Internet has spun a whole new ‘web’ of liability exposures. Cyber risks are faced not just by e-commerce companies and those doing transactions over the internet. Any organisation reliant on computer or telephone networks, digital information or the internet faces these exposures; this means just about every business in the world today.

In summary, you should seriously consider cyber liability insurance if you’re one of the following: engaged in e-commerce; reliant on computer connectivity for transactions or data exchange; stores information that can be accessed over the internet or intranet; are an online media company or publisher; you are heavily reliant on email usage.

E-Commerce Companies

These companies can be traditional companies, mail order companies or dotcoms, and tend to be within certain verticals where goods or services are most likely to be purchased online. Examples are…

  • Music
  • Books
  • Toys, games and gadgets
  • Gifts
  • Clothing
  • Wines and spirits
  • Dating agencies
  • Gambling/gaming services
  • Garden centres
  • Sports equipment
  • Travel agents
  • Vehicle sales
  • Property sales
  • Computers
  • Home appliances

Other Transactional Websites

Other transactional websites include client interactive areas, supplier interactive areas, bulletin boards, discussion forums, downloadable files, email subscription services, sales support, etc. Examples are…

  • Hotels
  • Charities
  • Cinemas
  • Theatres
  • Shows and Box Offices
  • Trade Associations
  • Logistics
  • Travel Agents

Companies who store sensitive or critical data

Examples are…

  • Lawyers
  • Accountants
  • Insurance Brokers
  • Hotels
  • Surveyors
  • Architects
  • Housing Associations
  • Local Authorities
  • Security/Alarm Companies
  • Sporting Sectors
  • Recruitment Consultants

Companies with a large amount of information on their websites

Examples are…

  • Online Content Publishers
  • Local Newspapers
  • Content Aggregators
  • Radio / TV
  • Magazine internet ‘news’ site

When should I consider Cyber Liability Insurance?

Creating a website is simple. The exposures that come with it are not. Privately owned companies that venture onto the web face liability exposures that are emerging, evolving, and complex.

Commercial companies that disseminate information to the public via web sites face the same legal exposures as publishers, yet most have little or no concept of their resulting legal responsibilities. Moreover, new legislation continues to create potential liabilities, particularly in the areas of user privacy and domain name infringement.

Why do I need Cyber Liability Insurance?

Traditional liability products do not address Internet exposures and the risks involved in Internet business have blossomed with the worldwide web itself. It is thought a third of UK businesses believe that their general insurance policies provide full cover for damage arising from security breaches or data loss, and another third admit that they do not know. Only one in six businesses correctly believes that there is no cover.

By disseminating information to the public via a website, commercial businesses now have some of the same exposures as publishers. These include conventional publishing exposures such as copyright infringement, defamation and invasion of privacy, as well as emerging exposures related to operating on the Web.

The universe of potential plaintiffs is staggering, given the number of people and organizations that are currently surfing the Net. A potential legal action from just one of them could be costly. In one case, a company improperly used a sports celebrity’s name and photograph on its web site, and the celebrity sued for the “fair market value” of his name, plus additional damages of $750,000. Clearly, the potential liability associated with web site content is already great, still growing, and rapidly evolving.

For a company operating in today’s high tech world, your computer network will more than likely provide internal and external email. You will probably have your own web site providing information about your company, its products and services with many companies now offering e-commerce facilities.

Information Security must be seen as a management and business challenge, not simply a technical issue to be handed over to the experts. To keep your business secure you must understand both the problems and solutions. Since Information Security relies as much on policies and a procedure as it does on IT defences it is clearly a top-level management issue. The Turnbull Report also imposes duties on public company directors to identify, manage and take an informed opinion on the transfer of these risks.


Defence costs and legal liability due to:

  • Defamation, breaches of privacy, breaches of intellectual property rights or the breach of any statutory duty as a result of any electronic communications.
  • Third parties’ financial losses as a result of a hacking attack or virus that emanated from the insured’s computer systems or due to their inability to access the insured’s computer system.
  • Damage to computer systems as a result of a virus or hack attack.
  • Business Interruption (loss of revenue) as a result of a virus or hack attack.
  • Ransom demands or threats to introduce a virus or hack into the insured’s computer systems.
  • Legal expenses incurred in the enforcement of intellectual property rights on the internet.
  • The costs of a public relations consultant to mitigate reputational damage as a result of any loss that is covered under the policy.

Do you require cover? What is the exposure?

Do you have a website?

  • Breach of intellectual property rights
  • Libel and slander
  • Misleading advertising/pricing

Do you hold HR/payroll data on your network?

  • Breach of employees’ privacy rights

Do you allow staff to use email and the internet?

  • Libel and slander
  • Damage to your systems due to a virus or hacking attack
  • Damage to third parties’ systems by you forwarding a virus
  • Employees creating or sending a virus to your business contacts
  • Employees hacking activities
  • Employee claims for an inappropriate workplace
  • Breach of Data Protection Act

Do you allow suppliers to access your network?

  • Damage to your computer systems due to a virus or hacking attack
  • Consequential loss to your business due to downtime

Do you operate a bulletin board, blog, discussion forum or chat room?

  • Libel and slander
  • Breach of intellectual property rights or confidentiality

Do you have sensitive data accessible through your web server?

  • Libel and slander
  • Breach of intellectual property rights or confidentiality
  • Breach of Data Protection Act

Do you transact business via your website or rely heavily on email?

  • Damage to your systems due to a virus or hacking attack
  • Your lost revenue due to a virus or hacking attack
  • Breaches of statutory duties regarding the advertising or sale of goods or services by e-commerce.

Do you hold/obtain customers’ credit card details and personal details on your network?

  • Breach of Data Protection Act
  • Third parties’ financial loss due to dishonesty of your Employees

Claim Examples

Claims made against you for internet or email libel Norwich Union paid Western Provident £450,000 in order to settle an action that an email at Norwich Union incorrectly alleged that Western provident was about to be investigated by the DTI.
Claims made against you for breaches of intellectual property rights Easy Group sought compensation from sixty separate companies who had the word “easy” in their registered internet domain name. In one specific case Easy Group took legal action against and demanded that they pay the fee of £100,000 for its legal costs in pursuing the matter.
Claims made against you for breaches of confidentiality or rights of privacy (for example, a breach of the Data Protection Act) A list of more than 1,800 web users and their personal details has been left at, an online shopping mall that directs buyers to well-known names such as Boots, Comet, Debenhams and Interflora. On display were users’ names, email addresses, postal addresses, gender and age group. Following the press’s investigation, the UK information Commissioner’s Office agreed to act on behalf of the thousands of consumers who had their details exposed.
Claims made against you for misleading pricing Kodak mis-priced a top quality digital camera at £100 instead of £329. Not surprisingly they received over 10,000 orders in a very short space of time. Following press coverage and the threat of legal action, Kodak honoured the contracts which cost them over £2.3m.
Claims made against you for jurisdictional issues Yahoo’s litigation with the French courts over the availability of Nazi memorabilia on Yahoo’s sites has lasted for over four years now.
Claims made against you for any errors or omissions in the provision of technology services to your clients (coverage only offered if applicable) Client held software consultant accountable for failure of bespoke accounting system to work. Total loss exceeded £500,000.
Claims made by your employees for an inappropriate workplace (for example for sexual harassment) Claims made by your employees for an inappropriate workplace (for example for sexual harassment)
Claims made by your employees for breaches of confidentiality due to you misusing their date. British Gas was forced to pay over £200,000 to an ex-employee arising from the comments circulated via the internet that breached his privacy.
The costs incurred in repairing the damage caused to your computer systems and finding, replacing or restoring your computer records as a result of a hack attack or virus. A computer engineer who had been employed to update the computer system of a sheet metal company was fired due to incompetence. When the company refused to pay the engineer, he hacked into its computer system and deleted their files. It cost the company over £70,000 to rectify the damage.
Reinstatement of your lost revenue due to your inability to conduct trade electronically as a result of a hack attack or virus. In an October 2004 UK court judgement, it was deemed that there was no cover for Tektrol’s business interruption loss under their all risks policy, due to the ‘erasure of information on computer systems’ exclusion. Tektrol’s loss was due to the combination of a burglary and a virus.

Uninsured losses do not tend to be reported, but the 2004 DTI Information Security Breaches Survey found that 1% of security breaches disrupted the company for more than a week and a further 1% for over a month.

Your losses as a result of third parties using your computer systems to steal your money. Citibank lost £6.25m to a hacker using an old computer in an accountancy office in St Petersburg, USA. He was arrested in the UK and extradited to the US where he is now serving a prison sentence. The FBI has still not recovered £250,000 of the funds.
Ransom demands or threats to introduce a virus or hack into your computer systems, or to disseminate the data you hold on your computer systems. A dismissed IT department employee encrypted the entire database of his previous company and then demanded £1m in ransom. The company were preparing to call his bluff, when it found out that not only had he actually succeeded, but that it would cost at least £5m in computer and employee time to undo the damage.
Your legal expenses incurred in the enforcement of your intellectual property rights on the internet. Road Tech Computer Systems found that a competitor, Mandata, had been using Road Tech Computer System’s registered trademarks as metatags on their web site. By doing this, Mandata had ensured that internet traffic was diverted to them. Road tech Computer Systems sued Mandata successfully and received £80,000 in compensation.


Rowlands & Hames would be delighted to obtain a Cyber Liability quotation on your behalf. The information provided in this Technical Bulletin has been kindly provided by CFC Underwriting and we gratefully acknowledge their assistance in preparing this document.

CFC Underwriting and its award- winning Cyber Liability Policy is Rowlands & Hames’ preferred underwriter and policy wording. The detail of cover provided above is based upon this specific contract. Rowlands & Hames have access to other underwriters and policies should our preferred policy not be suitable.

Premiums start from as little as £250 plus insurance premium tax for simple email and internet insurance for a basic website.

Insurance policies tend to have certain subjectivities and exclusions. Our preferred policy relies on just two major subjectivities and exclusions relating to ‘back-up’ procedures and ‘obscenity controls’.

To discuss your requirements contact:

John A Isles on 01253 598953

or email