Cyber insurance is essentially insurance if a company loses out as a result of some kind of incident relating to its IT systems. This is quite a complicated area because insurance companies are still getting to grips with the kind of incidents that might occur and the liability they are prepared to take on.

There may be different types of cyber insurance for things such as employee breaches (deliberate or unintentional), third parties gaining unauthorised access to the system (either connected with the organisation in some way or strangers) and policies to do with ransom ware and simply putting back the IT system into the position it was before the incident took place.

What types of business should consider getting it and why?

All businesses should at least consider getting insurance policies for events which could adversely affect their IT systems since organisations have grown to rely extensively on their IT systems and so any issues surrounding their IT such as breaches of IT security can have a major impact on how the business operates and breaches can be expensive to remedy.

What are the different kinds of cyber insurance available?

There are a whole host of policies offered by different brokers and insurance companies covering various aspects of IT but it is important for businesses to understand not only what is covered but also what is NOT covered (i.e. the exclusions on their policies and also any policy monetary excesses that need to be paid and also caps on the amount of money that an insurance company will pay per incident).

What should companies consider when looking into purchasing cyber insurance?

There are huge challenges around cyber insurance simply because insurers cannot be certain of their liability and what might or might not be covered via their policy wording compared to, say, motor insurance where the rules are pretty well established as to what is and what is not covered by insurers. Companies should look to reputable insurers that provide policies which are reasonably comprehensive rather than policies that have major gaps, exclusions, high excesses or major caveats in them.

What do companies need to implement security measure-wise to get premiums at the best price?

Getting various certifications and keeping up-to-date software security in place and ensuring that IT security policies are in place and adhered to will all help to reduce insurance premiums.

It seems there’s a lot of confusion around cyber insurance, so what are the key things businesses need to know and should be doing?

If businesses are confused about the insurance coverage and its limitations available, then speaking with a specialist cyber insurance broker to fully understand the pros and cons of insurance policies provided by different insurers is a good step to take. Many insurance brokers now have subject-matter specialists that can talk businesses through what exactly different cyber insurance policies do and do not cover.


Although many businesses might shop around for the cheapest insurance, it is probably worthwhile for businesses to actually pay more if the coverage they get is much more comprehensive. This is because IT security incidents are becoming more prevalent and so if and when a business needs to call upon that insurance policy, it wants to make sure that it is properly covered and that it will indeed be able to get some compensation for losses that it may have suffered.

If you are thinking about cyber insurance or if your IT infrastructure is legally compliant, get in touch.

For further information please contact:

This article is for general information purposes only and does not constitute legal or professional advice. It should not be used as a substitute for legal advice relating to your particular circumstances. Please note that the law may have changed since the date of this article.