Cyber Insurance
If you transfer funds to a fraudster, or are subject to a ransom demand to unlock your systems, or have a claim made against you for breaching data, what would you do and who would you call? Cyber insurance is your 999 cyber emergency service.
Quick Summary
- Your 999 cyber emergency service: Cyber insurance doesn’t just pay claims — it deploys forensic IT teams, legal experts, ransom negotiators, and PR consultants the moment an incident is reported.
- Premiums from under £200: Cover scales from simple SME policies to bespoke, high-value arrangements for financial institutions and complex corporates.
- Both fronts covered: A well-structured policy protects your own losses (ransomware, system failure, business interruption) and claims made against you by customers, regulators, and suppliers.
- Willis Network Broker access: As a Willis Network Broker, we access specialist cyber markets and bespoke Willis Broker Wordings with enhanced cover — unavailable through comparison sites or direct insurers.
Cyber Insurance & Data Liability
Fundamentally, Cyber Insurance is your modern business continuity plan. It actively protects your intangible assets — your data, your systems, and your reputation — when technology fails or criminals attack.
Historically, crime occurred in the physical world. It has now shifted irrevocably to the digital one. Yet for many UK businesses, the risk isn’t just a malicious hacker; frequently, it is human error, a failed software update, or a supplier’s data breach. At Daines Kapp, we move beyond the jargon to provide robust protection that responds when you need it most. With our in-house cyber lead, Stefan — a recognised speaker on AI and insurance risks — we don’t just sell policies. We help you understand the evolving digital landscape.
What is Cyber Insurance?
At its core, Cyber Insurance covers the financial and operational impact of a cyber event. This includes costs for recovering lost data, restoring IT systems, covering lost revenue during downtime, and paying for legal defence following a GDPR breach. Modern policies are service-led: in the event of a claim, the policy acts as an “Incident Response Service”, giving you immediate access to:
- Forensic IT Specialists — to stop the breach and recover data
- Legal Experts — to handle notifications to the Information Commissioner’s Office (ICO)
- Ransom Negotiators — to manage extortion demands professionally
- PR Consultants — to protect your brand reputation
Real-World Cyber Insurance Claims
Many SMEs believe they are “too small” to be targeted, or that their IT company handles everything. The reality is often very different. Here are three examples where Daines Kapp clients benefited directly from their cyber cover:
1. The “Non-Malicious” System Failure
Not every cyber claim is a hack. One of our clients suffered a catastrophic server failure (blue screens) due to hardware corruption. They were unaware they even had cover — fortunately, we had negotiated it into their package years prior. The insurer called them within hours. Because backups were unusable with the encryption password unknown, the insurer funded forensic data recovery experts. The client was back to full operation within three weeks, and the £20,000 claim for recovery and interruption was fully paid.
2. The MSP Oversight (Human Error)
A client’s Managed Service Provider forgot to apply Multi-Factor Authentication (MFA) to a single mailbox. That one gap allowed a criminal to compromise the account. The insurer stepped in immediately — drafting the necessary regulatory notifications and informing affected individuals, saving the client from significant legal headaches and reputational damage. The claim costs paid exceeded £30,000.
3. The Supply Chain Breach
You can do everything right and still suffer a loss. A client used a third-party supplier platform which suffered a massive breach, compromising staff records uploaded by our client. Within hours, the insurer connected our client with leading legal experts who advised on their liability and the steps needed to protect their staff — a reminder that cyber risk extends well beyond your own network.
What Does a Cyber Policy Actually Cover?
A robust policy protects you on two fronts: First Party cover (your own losses) and Third Party cover (liability to others).
| First-Party Losses (Your Business) | Third-Party Losses (Liability to Others) |
|---|---|
| Cyber Extortion (Ransomware) — costs to negotiate or pay ransoms and decrypt data | Privacy Liability — defence costs and damages for GDPR breaches |
| Business Interruption — lost profit and increased working costs while systems are down | Regulatory Fines — ICO fines and penalties (where insurable under UK law) |
| System Failure — revenue loss from accidental damage or failed software updates | Media Liability — protection against libel, slander, or copyright infringement online |
| Social Engineering (Fraud) — theft of funds via phishing or fake invoice fraud | PCI Fines — fines and assessment costs related to payment card data breaches |
Common Cyber Insurance Misconceptions
We hear these objections regularly. Here is why each one can leave your business dangerously exposed.
“We outsource our IT, so we are safe.” Outsourcing IT does not outsource your legal liability. If a breach occurs via your IT provider, your customers will still pursue you. Most IT contracts limit their liability to the cost of their monthly fee — if a breach costs £500,000 in lost trade, your IT provider will not cover it. A cyber policy bridges that gap.
“We are too small to be a target.” Cyber criminals are opportunists, not snobs. They use automated bots to scan for vulnerabilities — like a thief trying every car door handle on a street. If your door is unlocked, they enter. Data from the National Cyber Security Centre (NCSC) confirms that micro-businesses are frequently targeted — not because of their wealth, but because of their vulnerability.
“We don’t hold sensitive data.” Even if you hold no client records, you almost certainly hold employee data — payroll and HR records — which is strictly regulated under UK GDPR. More importantly, the most expensive claims often involve ransomware (locking your systems) or fund transfer fraud (stealing money), neither of which require a data breach to cripple your business.
Why Choose Daines Kapp for Cyber Insurance?
Cyber insurance is complex — policies vary significantly in their exclusions, triggers, and quality of wording. A standard “off-the-shelf” policy may leave dangerous gaps, and the majority of cyber products we have reviewed do not meet the standard our clients deserve.
As an independent broker and Willis Network Broker, we access specialist cyber markets — including bespoke Willis Broker Wordings with enhanced cover — that are simply not available through comparison websites or direct-to-insurer routes. We work with over 20 specialist cyber insurers to find the right fit for your risk profile.
Cyber is led by Stefan Daines, a recognised speaker on AI and insurance risks. Our team manages the full spectrum — from straightforward SME policies (premiums from under £200 per year) through to complex, high-value arrangements for financial institutions where annual premiums run into five and six figures. Whatever your sector or risk profile, we take the time to understand your specific exposures before approaching the market on your behalf.
When the worst happens, we are in your corner — just as we were for the clients above — ensuring the insurer responds quickly and your business survives.
Frequently Asked Questions About Cyber Insurance
Does cyber insurance cover GDPR fines?
Cyber insurance can cover the legal defence costs associated with a regulatory investigation. It may also cover fines where they are legally insurable under UK law, though this is a nuanced area — not all ICO fines are insurable, and the specific policy wording is critical. We review this carefully when recommending cover.
What is Social Engineering Fraud?
Social Engineering (also known as Financial Transfer Fraud) is when a criminal impersonates a trusted figure — such as a supplier, your bank, or your CEO — to trick an employee into transferring funds. This is one of the most common causes of cyber loss and requires a specific crime extension in your policy. A standard cyber policy without this extension will not respond.
How much does Cyber Insurance cost?
Premiums vary based on turnover, industry, and existing security controls such as Multi-Factor Authentication. For many SMEs with modest turnover and straightforward IT setups, premiums can start from under £200 per year. For larger businesses or those in complex sectors such as financial services, premiums can run to five or six figures annually. In every case, the cost is a fraction of what a single week of business interruption could cost your business.
Do I need cyber insurance if I outsource my IT?
Yes. Outsourcing IT does not transfer your legal liability for a data breach. If your IT provider is responsible for a breach, your customers and regulators will still look to you first. Most IT contracts cap their liability at the cost of their monthly fee — leaving you exposed to the full cost of recovery, business interruption, and regulatory action. Cyber insurance is specifically designed to bridge this gap.
What should I do immediately if I suspect a cyber attack?
Call your insurer’s 24/7 incident response line immediately — before contacting your IT company, and before attempting to investigate or remediate yourself. Acting quickly is critical: self-investigation attempts can destroy forensic evidence, complicate regulatory notifications, and undermine your claim. Your cyber policy will mobilise specialist IT forensics, legal counsel, and PR support within hours. If you are a Daines Kapp client and are unsure of your insurer’s number, call us first.
