Introduction
From phishing attacks to ransomware, threat actors constantly evolve their tactics. This leaves organisations vulnerable to operational, financial, and reputational damage. If you’re looking for a way to safeguard against these risks, the Cyber Essentials scheme offers a simple and effective solution. For added peace of mind, eligible organisations can opt in for free cyber liability insurance. This provides support in the event of a major cyber incident. In this article, we explore how organisations qualify for this free cyber insurance. We’ll also explain how this cover helps in practical, real-world scenarios.
What is Cyber Insurance
- A type of insurance designed to protect from the financial impact of cyber incidents, such as a data breach and ransomware attack.
- Support for the cost of an investigation and notification to customers, legal, and regulatory assistance, assistance with operational recovery, and public relations management – up to the policy liability limit.
- With cyberattacks on the rise, cyber insurance can act as a financial safety net that it helps to support incident management and recovery.
What’s included with free Cyber Insurance
- Helpline – 24-hour helpline to report a cyber incident, providing crisis management and incident response to the total liability limit
- Liability: to support claims made against it for breaches of security or privacy
- Event Management – financial support to support an organisation through an incident, including expenses relating to legal, IT, data recovery, reputational protection, customer notifications, credit monitoring, and first response
- Extortion – relating to threats like ransomware and other forms of cyber extortion
- Regulatory Investigation – defence costs and data protection fines
- Network Interruption – costs and expenses that minimise disruption and loss relating to IT outages
- 12 months cover – policy starts from your Cyber Essentials (level one) certification date
What’s not included with free Cyber Insurance
- Fraud – the free cyber insurance policy does not cover money stolen via electronic means or cyber fraud
- Excess – there’s a £1,000 excess (increasing to £5,000 for claims emanating from activities in USA or Canada) and a 6-hour network interruption retention
How much cover is provided
- The free insurance provided with Cyber Essentials provides a £25,000 limit of indemnity
- This can be increased to £250,000 for an additional annual premium of £224
- The insurance brokers who handle the Cyber Essentials insurance are called Sutcliffe & Co (tel 01905 21681 or email cyberessentials@sutcliffeinsurance.co.uk)
- If it’s a higher limit of indemnity, bespoke quote, or you’re not eligible for the free insurance included, you can also speak to your insurance broker or contact Sutcliffe & Co
Real claim example
- A school suffered a ransomware attack and was unable to use any of its systems or access any electronic data
- Fortunately, they had £250,000 cover with Cyber Essentials
- The emergency technical response provided by the insurance policy was able to promptly identify the problem and restore systems and data
- The legal support provided by the policy was able to deal with any potential regulatory and litigation issues and communicate with all relevant parties
Client Testimonial – Hospitality & events business
“It has been a pretty testing time for us, but the assistance that we received has been fantastic. After initially reporting the situation via the helpline, everything moved extremely rapidly, and we can’t thank you all enough for this. The assistance has thankfully meant we have managed to resolve things with little negative impact. I will be recommending Cyber Essentials to anyone who will listen!”
Conclusion – How free cyber insurance may help organisations
The Cyber Essentials scheme is aimed at protecting organisations against the most common forms of cyber threats, with eligible organisations are also able to opt in for free cyber liability insurance. This insurance is designed to protect organisations from the financial impact of cyber incidents and assist in incident management/recovery (up to the policy liability limit). The cyber insurance provides a £25,000 limit of indemnity, which can be increased for an additional annual premium. Sutcliffe & Co are the insurance brokers who handle the Cyber Essentials insurance and can be contacted for more information. RB Consultancy Ltd are able to provide services to assist organisations with achieving Cyber Essentials and Cyber Essentials Plus certification.
How We Help
At RB Consultancy Ltd, we support organisations looking to implement controls and/or certify to Cyber Essentials and Cyber Essentials Plus requirements:
- NCSC Cyber Advisor certified – we’re proven to help organisations understand and implement technical controls
- Vulnerability Assessment Plus certified – we have skills and tools to identify weaknesses, risk rank findings to support prioritisation, and provide remediation advice to enable swift action to be taken
- IASME Cyber Essentials Plus Assessor certified – we’ve been tested to assess organisations against the requirements and to provide appropriate advice
- Cyber Essentials Plus Certification Body certified – we’re trusted to issue certificates to organisations that have met the required standards
If you would like assistance with implementing controls or with Cyber Essentials / Cyber Essentials Plus certification, contact us for support.
Written by Remo Belisari, Managing Director of RB Consultancy Ltd, an experienced cyber security professional cyber advisor. Remo holds certifications relating to CISSP, ISSAP, ISO 27001, Cyber Essentials, IASME Cyber Assurance, and has many years experience in IT and cyber security. Remo has a history of supporting organisations from all over the world – including a Fortune 500 in USA and over 100 organisations across the UK. The views expressed in this blog are those of the author and do not necessarily reflect the views of RB Consultancy Ltd, its clients, partners, or affiliated organisations. The content is intended for general information only and should not be taken as legal advice.
-
-
-
- .
-
-