Cyber Insurance
If you transfer funds to a fraudster, or are subject to a ransom demand to unlock your systems, or have a claim made against you for breaching data, what would you do and who would you call? Cyber insurance is your 999 cyber emergency service.
Cyber Insurance & Data Liability
Fundamentally, Cyber Insurance is your modern business continuity plan. It actively protects your intangible assets—your data, your systems, and your reputation—when technology fails or criminals attack.
Historically, crime occurred in the physical world. However, it has now shifted to the digital one. Yet, for many UK businesses, the risk isn’t just a malicious hacker; frequently, it is human error, a failed software update, or a supplier’s data breach. At Daines Kapp, we move beyond the jargon to provide robust protection that responds when you need it most.
With our in-house cyber lead, Stefan—a recognised speaker on AI and insurance risks—we don’t just sell policies. Instead, we help you understand the evolving digital landscape.
What is Cyber Insurance?
At its core, Cyber Insurance covers the financial and operational impact of a cyber event. Specifically, this includes costs for recovering lost data, restoring IT systems, covering lost revenue during downtime, and paying for legal defence following a GDPR breach.
Furthermore, modern policies are service-led. In the event of a claim, the policy acts as an “Incident Response Service,” giving you immediate access to:
- Forensic IT Specialists: To stop the breach and recover data.
- Legal Experts: To handle notifications to the Information Commissioner’s Office (ICO).
- Ransom Negotiators: To manage extortion demands professionally.
- PR Consultants: To protect your brand reputation.
Real-World Cyber Insurance Claims
Many SMEs believe they are “too small” to be targeted or that their IT company handles everything. The reality is often different. Here are three recent examples where Daines Kapp clients benefited from their cyber cover:
1. The “Non-Malicious” System Failure
Not every cyber claim is a hack. One of our clients suffered a catastrophic server failure (blue screens) due to hardware corruption. They were unaware they even had cover—fortunately, we had negotiated it into their package years prior.
The insurer called them within hours. Because backups were unusable with the encryption password unknown, the insurer funded forensic data recovery experts. Consequently, the client was back to full operation within three weeks, and the £20,000 claim for recovery and interruption was fully paid.
2. The MSP Oversight (Human Error)
In another case, a client’s Managed Service Provider (IT Company) forgot to apply Multi-Factor Authentication (MFA) to a single mailbox. That one gap allowed a criminal to compromise the account.
Immediately, the insurer stepped in. They drafted the necessary regulatory notifications and informed affected individuals, saving the client from significant legal headaches and reputational damage. The claim costs paid exceeded £30,000.
3. The Supply Chain Breach
Crucially, you can do everything right and still suffer a loss. A client used a third-party supplier platform which suffered a massive breach, compromising staff records uploaded by our client.
Within hours, the insurer connected our client with leading legal experts. These experts advised on their liability and the next steps to protect their staff.
What Does a Cyber Policy Actually Cover?
A robust policy protects you on two fronts: First Party (your own losses) and Third Party (liability to others).
| First Party Losses (Your Business) | Third Party Losses (Liability) |
|---|---|
| Cyber Extortion (Ransomware): Costs to negotiate or pay ransoms (where legal) and decrypt data. | Privacy Liability: Defence costs and damages if you fail to protect sensitive data (GDPR breaches). |
| Business Interruption: Reimburses lost profit and increased working costs while your systems are down. | Regulatory Fines: Cover for fines and penalties from bodies like the ICO (where insurable). |
| System Failure: Loss of revenue caused by accidental damage or failed software updates (no hacker involved). | Media Liability: Protection against libel, slander, or copyright infringement in your digital media. |
| Social Engineering (Fraud): Theft of funds caused by phishing emails (e.g., fake invoice fraud). | Payment Card Industry (PCI): Fines and assessment costs regarding credit card data breaches. |
Common Cyber Insurance Misconceptions
We hear these objections daily. Here is why they might leave your business exposed.
“We outsource our IT, so we are safe.”
However, outsourcing IT functions does not outsource your legal liability. If a breach occurs via your IT provider, your customers will sue you. Furthermore, most IT contracts limit their liability to the cost of their monthly fee. If a breach costs you £500,000 in lost trade, your IT provider is unlikely to cover it. Therefore, a cyber policy bridges that gap.
“We are too small to be a target.”
Cyber criminals are opportunists, not snobs. They use automated bots to scan for vulnerabilities—like a thief trying every car door handle on a street. If your door is unlocked, they enter. Data from the National Cyber Security Centre (NCSC) shows that micro-businesses are frequently targeted. You are not targeted because you are wealthy; rather, you are targeted because you are vulnerable.
“We don’t hold sensitive data.”
Even if you don’t hold client records, you likely hold employee data (Payroll, HR), which is strictly regulated. More importantly, the most expensive claims often involve Ransomware (locking your systems) or Fund Transfer Fraud (stealing money). Neither of these require a data breach to cripple your business.
Why Choose Daines Kapp for Cyber Insurance?
Cyber insurance is complex, with varying exclusions and triggers. Consequently, a standard “off-the-shelf” policy may leave you with dangerous gaps, with the majority of the cyber products we have reviewed not being up to standard.
We work with over 20 specialist cyber insurers to find the right fit for your risk profile. More than just placing cover, we act as your risk management partner. Led by Stefan, our team understands the technical nuances of AI, cloud computing, and regulatory changes.
When the worst happens, we are in your corner—just as we were for the clients mentioned above—ensuring the insurer responds quickly and your business survives.
Ready to review your cyber risk?
Don’t wait for a screen to turn blue. Speak to Stefan or the team today for a jargon-free review of your digital exposure.
Frequently Asked Questions
Does cyber insurance cover GDPR fines?
Cyber insurance can cover the legal defence costs associated with a regulatory investigation. It may also cover fines where they are legally insurable under UK law, though this is a complex area that requires legal advice to determine whether the particular fine is insurable.
What is Social Engineering Fraud?
Social Engineering (or Financial Transfer Fraud) is when a criminal impersonates a trusted figure—like a supplier or CEO—to trick an employee into transferring funds. This is a common cause of loss that requires a specific crime extension to your policy.
How much does Cyber Insurance cost?
Premiums vary based on turnover, industry, and security controls (like MFA). However, for many SMEs, the cost is a small fraction of the potential loss from a single week of business interruption. Some of our policies pay less than £200 annually!
