Cyber insurance
Protect your business in minutes with cyber cover designed for our fast-changing digital world.
Be quote confident. We'll beat the price of any like-for-like quote. T&Cs apply.
What is cyber insurance?
Cyber insurance, also known as cyber liability insurance or cybersecurity insurance, is designed to cover any business which operates online or is exposed to the internet and the risks that come with storing and handling data when running a business.
You can protect your business for specific cyber risks, including:
- Accidental privacy breaches
- Business interruption
- Hacking, extortion and ransomware
- Lost income and restoring data
- Malware
- Denial-of-Service attacks
- PCI DSS compliance
- Cybercrime
Is your business raising and scaling?
Our specialist brokers provide custom cover for high-growth tech companies with complex risks — from web3, fintech, medtech, blockchain, VC firms, SaaS and more — whether you're at seed stage or IPO ready.
Be quote confident
We're big on fairness. So if you find a lower price for a comparable quote, we won't just match it — we'll go one better and beat it.
So even better than apples to apples, apples to better apples. We're talking Galas to Braeburns.
As you'd expect, T&Cs apply.
How cyber insurance can help your business
If you believe you've been hacked or suffered a data breach, before you even begin your claim, contact our 24-hour breach response helpline, and we'll provide you with industry-leading legal, IT security and PR support to help your business deal with the incident. Your cyber business insurance can then help your business by covering:
Extortion, hacking and ransomware
Suppose you're held ransom by a hacker, or have to pay compensation to your customers because of a data breach. In that case, we can cover damages and extortion payments, as well as costs associated with defending, negotiating and settling the claim.
Business interruption
You may be reimbursed the income you lose because of a cybersecurity breach affecting your computer systems — or those of your suppliers (also known as dependent businesses). This means you're not left out of pocket by interruptions to either your system or those of another business that you rely on. We can also pay for your data to be restored if it's lost or damaged in the process.
Payment Card Industry Data Security Standard (PCI DSS)
Any business that uses an electronic payment card system should be PCI DSS compliant. This can reduce the risk of data breaches involving customers’ card details. Cyber insurance covers your business in the event that private card data leaves your system. You will be provided with the services of a lawyer and a cyber response team to guide you through the process, and all fines and expenses may be paid, up to the policy limit.
Privacy liability
Cyber insurance policies can cover damages you're legally obliged to pay and defence costs incurred because of a security or data breach — or your organisation’s failure to disclose such a breach — and failure to comply with certain parts of your privacy policy.
Social engineering, email fraud and phone hacking
We offer an extension to our policy that can reimburse up to £100,000 in financial losses caused by cyber fraud. This could be funds transfer fraud (also known as social engineering), phone hacking, botnet attack and cryptojacking. In short, a cyber insurance policy could protect you against losses if you're tricked by a hacker into giving them access to your accounts or sending them money.
Once you've completed a quote, you'll be able to view a summary of cover. Please always refer to your policy documents for full details around exclusions, terms and limits of your customised cover. Read our guide to understanding your policy documents.
Features of the cyber insurance policy
Cyber and privacy liability
Covers compensation you may have to pay because of data or security breaches, including:
- Failure to disclose a breach within the GDPR time limits
- Failure to comply with parts of your privacy policy
Defamation and IP infringement media liability
Can cover compensation you may have to pay if an employee posts defamatory content or if there's intellectual property infringement on your website, social media or online advertising — whether intentional or not.
This happens more often than you may think — for example, if someone accidentally uses a trademarked image on one of your company’s social media accounts.
Breaches involving credit or debit card information
Cyber policies can cover payment card industry (PCI) fines from a data or security breach involving credit or debit card information. These fines can range from £3,000 to £60,000, plus expenses and legal costs. This could be particularly relevant to small businesses and retailers using mobile card payment systems.
If your systems get hacked or breached and private card data leaves your system, a cyber insurance policy could provide you with a lawyer and cybersecurity expert to guide you through the process. It could also pay your fines and legal expenses up to the policy limit.
At Superscript, we work with an industry-leading cyber response team to help you minimise the impact of a credit or debit card data breach on your business.
Interruption to business activity due to a cyber outage
A cyber issue could cause an unplanned outage of your computer systems or any business that provides you with services, like Amazon Web Services (AWS) — these third parties are known as a dependent business. If this occurs, cyber cover could reimburse you for the projected profit lost.
GDPR compliance
The GDPR — UK General Data Protection Regulations — puts a greater onus on businesses to keep customer data secure, while introducing more serious penalties for non-compliance. From January 2021, UK GDPR replaced the nearly identical EU GDPR laws after the UK left the European Union.
Any business that fails to follow the new rules will face fines of up to £17.5 million, or 4% of annual global turnover — whichever is higher. If that happens, our cyber cover could cover your defence costs, where legally insurable.
Please note that GDPR penalties or fines are uninsurable as a matter of public policy.
Unauthorised use of your systems
Covering you for unauthorised use of your systems. For example, if a hacker accesses:
- Your phone system and makes calls
- Your computer system and launches a denial-of-service (DoS) attack against another company
- Your computer system to mine cryptocurrency, also known as cryptojacking
Website recovery services
If your website or computer systems slow down or stop working due to a distributed denial-of-service (DDoS) attack, a cyber policy could cover costs for Link11 to fix this.
Money paid to fraudulent sources
If money is paid by you or by your bank, on your behalf, in response to a fraudulent email or phone instructions. This is an extension that is only available in a cybercrime policy and is not a typical feature of our cyber policies.
Data breach response services to help you after a cyber attack
If you suspect a data breach or security breach has happened, you'll have access to a 24-hour helpline with an industry-leading breach response team to guide you through the next steps. A breach could include a hack of your system and theft or leak of personally identifiable information (PII) like customers’ medical records, passport numbers or bank account details.
Plus, our cyber insurance could cover the costs of:
- Legal experts, to provide you with advice
- Support from a computer security expert, to help contain the breach
- Notifying those affected by the data breach, as required by law
- Call centre support, to field inquiries from those affected
- Credit and identity monitoring for those affected
- PR and brand crisis management
Legal costs
The insurer can arrange your legal defence and take care of costs, including legal fees and expenses to investigate, defend and settle any covered claim. If you or your employees have to attend court as witnesses in a cyber case, our cyber cover could pay up to:
- £500 per day for management
- £250 per day for employees
What's not covered?
Cyber insurance includes a range of features, but as with all policies, there are some things concerning cyber business interruption, loss, data recovery costs and cyber extortion we cannot cover which, for example, include:
- Any loss resulting from the seizure, nationalisation, confiscation or destruction of property undertaken under the order of any governmental or public authority
- Costs or expenses to identify or remediate software program errors or enhance your computer systems to a level higher than you had before
- Any loss linked to the failure or malfunction of satellites or power, utility, mechanical or telecommunications infrastructure that is not under your direct control
It’s also important you tell us about any changes in your business activities and cyber risk management practice — for example, the use of multi-factor authentication — as this may affect this insurance.
Any claims must be made as soon as possible, and can only be made during the policy period.
What our expert says
Harry Dibben, Lead Underwriter
People tend to conflate ‘cyber’ with ‘data’ which is a very dated approach. In fact, some markets still refer to cyber cover as ‘data breach’ insurance which doesn’t help things. The scope of coverage provided by a cyber policy is far wider reaching.
Cyber insurance claims
There are various types of cyber insurance claim that can affect different industries, but here are a few examples of specific claims that could be covered by a policy:
Ransomware shuts down your business
A member of your marketing agency staff accidentally opens a malicious email and downloads ransomware onto your company’s system, locking your files. Your policy covers the ransom demand to unlock your system and covers profits lost due to business interruption.
Customer's credit card details are stolen
The payment card system in your clothing shop is hacked and customers’ private card details are stolen. Your policy covers your legal costs and compensation payments due to affected customers, as well as any fines for PCI DSS non-compliance.
Business disruption due to cyber attack
The website that your online building supplies business runs on crashes due to a cyber attack on the web service firm hosting your site. Your cyber policy pays out for all projected profits lost during your company’s downtime, even if the outage happened at a third-party business you depend on.
We offer cyber cover to over 1,000 industries
From accountants to website developers, and fintech firms to consultants, we insure a wide range of companies and sole traders to protect them from the risks associated with doing business in an increasingly digital world.
While cyber cover isn’t required by law, it can be crucial to protecting many industries and businesses, even those who do not consider themselves at risk of cyber attack.
Here are just a few of the diverse industries that Superscript has provided cyber cover for:
- Online retailers
- Health advice firms
- Accountants
- Beauty therapists
- Management consultants
- Computer games developers
- Personal trainers
- Medtech firms
- Tradespeople
- Fintech companies
To see if we offer cyber liability insurance for your industry, simply click ‘start your quote’.
What is unique about Superscript's cyber insurance?
At Superscript, we aim to offer businesses and entrepreneurs cyber insurance policy that reflects a changing cyber landscape, with constantly evolving threats and risks.
Our cover gives you the choice to pay how you like, monthly or annually. And if you need to make changes to your cover halfway through your policy term, you can do so without fees.
As you grow your business, and as the world of cyber threats continues to evolve, you can adapt your cover so you only pay for what you need, confident that you have the cover your business requires.
Our super cyber cover also goes a step beyond and includes business interruption cover for when unforeseen cyber issues at your third-party suppliers (known as ‘dependent businesses’) cause interruptions to your business activities.
How do claims work?
Notify us of the claim
Contact us by email at bukproclaims@gosuperscript.com, by 24/7 freephone on 0800 772 3059 or by logging in to your customer portal.
Ideally this should be done as soon as possible and within 30 days of you becoming aware of anything which you think may be covered by your insurance.
A good indicator of whether or not to let us know is if there's an issue which may require a payment to be made on your behalf.
Contact our 24/7 breach response helpline
With cyber insurance from Superscript, you have the support of an industry-leading data and security breach response team if your business or one of your suppliers is the victim of a suspected or confirmed hack or data breach.
To notify us of a data or security breach please email BBRUK@gosuperscript.com or by phone on 020 3514 2434. Ideally, this should be done as soon as possible and within 30 days of you becoming aware of anything which you think may be covered by your insurance.
You'll be guided through your breach response by legal and cybersecurity experts and will have access to call centre support to notify all your customers who may have been affected by the breach. If you don’t notify us of a data or security breach when one occurs, your policy will be void.
We'll get on the case
We'll acknowledge your claim within 24 hours, and sometimes in as little as 30 minutes! This means you'll receive email confirmation of your claims reference and contact information should you need to speak to us.
We will then reach out to you within 48 hours to request any extra information we need to progress your claim.
We'll keep you updated on the next steps as the claim progresses.
A decision is made
We'll let you know if your claim is successful or not. If your claim isn't covered, we will always try to point you in the right direction and support you as best we can in getting back to normal.
Read about the most common reasons claims aren't paid.
If your claim is successful, once we have all the documents we need, we will aim to settle claims such as accidental damage, theft and lost equipment within five working days.
Cyber insurance FAQs
What does a cyber insurance policy cover?
Cyber insurance covers your business's liability for a data breach involving sensitive customer information, such as credit card numbers, passwords and personally identifiable information (PII).
It also covers you if a third party of yours — like a supplier or anyone you pass data to — has been hacked.
What does cyber insurance cost?
The cost of your cyber insurance policy will vary according to the cover your business needs and the risks you face.
How much cyber insurance do I need?
The limit you select should take into consideration your turnover and how much data you store.
Having said that, this cover pays for breach response services based on the number of people affected, rather than a set monetary amount — and these costs can be covered in addition to the limit you select.
What information do I need to provide when making a cyber insurance claim?
If you end up having to make a claim on your cyber insurance policy, you will be asked a set of questions to help us assess your claim as quickly as possible:
- The date of the incident
- When you first became aware of an incident
- Confirmation of whether or not you’ve contacted Action Fraud to report the issue
- Whether you think your finances may be vulnerable – if so, your bank should be contacted immediately
- What systems do you believe have been targeted?
- Are you aware of any specific parties who may have been affected? If yes, please provide the relevant information
- Is your business still able to run and operate effectively? If no, how has your business been affected?
What is personally identifiable information?
Personally identifiable information (PII) is any data which could be used to identify a specific person. This could be as simple as a name, location data or email address.
How does cyber insurance work?
Cyber insurance protects your liability against certain digital risks, from damages as a result of cyber-related data breaches to accidental copyright infringement — say if a company social post accidentally used a trademarked image, leading to you being sued.
What are notification costs and why would I need cover for these?
Notification costs are the costs incurred in gathering information and contacting the relevant authorities and individuals affected by a security or data breach. Our cover includes support from experts who would work alongside your business to handle this difficult situation.
What businesses are at risk of a cyber attack?
Big brands tend to hit the headlines, but small and medium sized businesses are just as likely to fall victim to cyber attacks and data breaches. In 2023, more than 3 in 10 businesses in the UK identified cybersecurity breaches or attacks.
SMEs are often seen as a soft target by hackers as they have fewer resources to put towards the technology and skills they need to stay safe. Plus they’re busy, which means security practices can often get overlooked. We've put together a helpful guide to cybersecurity for small businesses.
What is the excess on this policy?
The excess is from £500, but this will depend on the size of your business and the activities you carry out.
How do I know if my business has been hacked?
You might not always be able tell that your systems have been hacked, however there are a few telltale signs. It’s important to stay vigilant and if you notice any of the signs below, the first thing for you to do is let us know.
If your business is a victim of ransomware, all or some of your files will be locked and you will receive a message requiring you to perform certain actions, or to pay a fee to unlock your systems. In this situation, please get in touch with us immediately.
Another less obvious example would be your mouse moving outside your control as if someone else is controlling it. It could well be a bug, but it’s better to disconnect the device from your network and run a virus scan, just to be on the safe side.
How can I protect my business from cybercrime?
- For starters, keep track of the data you hold and delete any records that you don’t need.
- Anonymise personal information where possible and appropriate.
- Take a look at your processes, as a large amount of data tends to live in spreadsheets and ad-hoc files on your systems. There might be a better, safer way to store your information that doesn’t leave you open to unintended data breaches.
- Don't forget about employee training. Having continuous employee training and testing is just as important in implementing a strong cybersecurity program.
To find out more about securing your cyber risks, take a look at our guide to carrying out a cyber risk assessment.
What to watch out for when choosing cybersecurity insurance?
If your business needs professional indemnity insurance (PI), a good tip would be to try and make sure it’s the same insurer as the cyber liability insurer. The two covers are linked and have some crossover covers.
When choosing your provider, make sure they have a good technical understanding of how they work together. At Superscript, we keep our PI and cyber liability covers together to make sure they both work for you and avoid any confusion.
Is cyber insurance tax deductible?
Yes, the cost of your business’ cybersecurity insurance premium (both first and third-party cover) can be written off as a business expense against tax in the UK.
Is cyber insurance a legal requirement for UK businesses?
Cyber insurance is not currently a legal requirement for businesses in the UK.
What’s the difference between cyber liability insurance and cybersecurity insurance?
In short, there is no substantive difference. You may have heard of, or read about these two terms and found the differentiation confusing. Cyber security insurance and cyber liability insurance are alternative names for ‘cyber insurance’, which is the industry standard name for this type of policy.
Liability insurance covers money you legally or contractually owe to a third party — as opposed to first-party insurance, which covers your personal loss as a business. The cyber insurance Superscript offers covers both of these.
Are small businesses exempt from GDPR law?
All organisations are required to follow the new UK GDPR law that has been in place since January 2021. However, businesses with fewer than 250 employees are exempt from some record-keeping requirements within the regulations.
Learn more about cyber insurance
Our insurance guides answer more of your cyber insurance questions.
What is cyber insurance?
Cyber insurance is designed to cover any business which operates online or is exposed to the internet. Find out if you need it.
How much does cyber insurance cost?
Several factors affect the price of cyber cover — learn what they are and how much cyber liability is.
How to keep your business cyber safe
Business are exposed to more risks than ever before. Read our top cybersecurity tips to keep your business safe.
Boost your cover with legal protection insurance
Covers compensation awards, professional fees and legal costs associated with a range of legal disputes.
Why choose Superscript?
Cover for over 1,000 types of business
Five-star customer service and claims support
Flexibility to adjust your policy without fees
Authorised by the FCA
The FCA supervises UK financial services firms to protect consumers. We are directly authorised and regulated by the FCA and our Firm Reference Number is 656459. These details can be confirmed on the Financial Services Register at www.fca.org.uk or by calling the FCA on 0845 606 1234.
A-rated financial strength
Our insurance products are underwritten by Standard & Poor’s A-rated financial strength or higher. This means the underwriter has been independently assessed by the world’s leading credit rating provider and found to have a strong capacity to meet financial commitments (pay claims).
Protected by the FSCS
If you are a business with an annual turnover under £1m, charity with an annual income under £1m, or trust with net assets under £1m, then you will be entitled to compensation from the FSCS in the unlikely event we cannot meet our obligations. Full details and further information on the scheme are available at www.fscs.org.uk.