Cyber insurance

Providing organisations with financial protection and the critical first response support required to investigate, control, mitigate and remove cyber security threats.

Why choose Howden for Cyber insurance?

At Howden we aim to support you in your cyber journey by ensuring that you have the knowledge and tools to achieve business resilience, leveraging our strong insurer partnerships to negotiate the most appropriate deals on your behalf. 

We make sure that you know how your insurance policy can respond to a cyber incident, and have a strong, experienced claims handling team to support you during the claims process, should an incident occur. 

Award winning

2020 Cyber Risk Awards winner

Specialist experts

100 dedicated Cyber Risk experts

Experienced claims team

30+ Legal, Technical & Claims experts

An introduction to Cyber insurance

What is Cyber insurance?

Cyber insurance, also known as Cyber security or Cyber liability insurance, is protection for your business from illegal attacks to access your organisations’ data or to disrupt their operations for criminal, espionage, politics or simply for mischief. 

No matter how robust your IT security protocols are, they cannot prevent human error, and all it takes is for one person to make one mistake.

With businesses increasingly relying on technology to drive core objectives, the risk of losing money and data, or technology being denied or failing due to accidental or malicious interference has never been greater. So, to keep up with the digital age, insurance evolved to remain relevant to what has fast become the top concern for most businesses globally -  their cyber risk

Business leaders without a well-thought-out strategy around cyber protection are effectively gambling with all their funds to develop their business. Or depending on your cash reserves, your very survival.

What does Cyber insurance cover?

Cyber events can disrupt organisations of all sizes, across all industries, causing reputational damage, operational downtime, financial loss and legal action. A solid Cybersecurity policy is designed to minimise and mitigate these risks, typically covering:

  • Incident response support to include IT forensics, Legal and PR services. 
  • Business interruption cover, providing protection for income
  • Digital and data asset loss, including the cost of repair, restoration or replacement
  • Information Security and Privacy Liability
  • Cyber terrorism and extortion 
  • Cyber Crime cover to help you recover lost funds from financially motivated attacks such as funds transfer fraud
  • Multimedia Liability (Defamation/IP Infringement)
  • Defence costs, civil fines and penalties, where insurable by law


Common forms of cyber-attacks

From targeted ransomware and hacking, to phishing, malware, email compromise, fraud, data breaches, social engineering and employee error, the threat landscape continues growing in size and complexity. Millions of attacks are launched at firms every day, some actually succeed in breaching these companies’ defences and wreak havoc.

An increasingly popular form of attack uses emails that appear to be from a known teammate, to trick people into installing malicious software – it’s an easy mistake that can lead to your business being locked down, losing money and held to ransom. 

A growing number of breaches come from your employees (often disgruntled) with insider knowledge. 

person typing on a laptop

Who needs Cyber insurance?

The huge range of connected applications and systems businesses use each
day present a risk, particularly wherever one ‘talks’ to another.

Wherever people are involved in building, configuring or operating these
interconnected systems, they can create inadvertent entry points for cyber
criminals.

But cyber crime is much more about people than technology – that’s why
insurance is so important for all businesses, large and small.

Key reasons cyber risk cover is essential for businesses large and small 

  1. Everyone makes mistakes, even smart people can do irrational things when it comes to protecting an organisation’s data.
  2. Cyber criminals are always finding new ways to trick their staff into collaborating with them inadvertently.
  3. Rogue employees – a large proportion of hacks and breaches are committed by current members of staff with a grievance. 
  4. Many businesses in supply chains have a requirement to get cyber insurance as part of a compliance checklist for vendor companies.
  5. The biggest firewall in the world won’t protect your system from people inside.

Safeguard your business

Additional benefits of the Howden service:
 

✓ Help dealing with insurers

Dealing with an insurer can get a little confrontational; it's much better to communicate through a friendly, professional broker who brings them millions of dollars of business each year. The mutual respect between insurers and a global brokerage means we can move quickly towards a fair resolution, always acting in your interests.  

✓ Risk management training  

As a trusted adviser, we also understand that good risk management goes beyond securing a Cyber Insurance policy. 

To help you plan for and reduce risk, we develop risk management procedures, provide seminars, tools and training – to get the most of your policy before an incident happens.    

✓ Policy wording reviews 

Subtle differences in wording can create gaps you didn’t even know were there. Identifying gaps early can save a lot of headaches later.  We are always testing out policy wordings with real scenarios to make sure they are fully up-to-date and responsive to the latest challenges. 

If you’ve not budgeted for cyber insurance this year, remember that cyber criminals will not wait. 

Cyber troubleshooting is a Howden speciality.

Maybe it’s not for you, but having diverse experts on hand can save you time when you are racing to contain your losses before they get completely out of hand.

Useful resources

The National Cyber Security Centre (NCSC) has worked with leading industry partners to release a number of free online training tools for businesses:

  • Having plans in place should things go wrong: test and practice your business cyber incident response using the ‘Exercise in a box’ tool. 
  • Reducing cyber incidents caused by employee behaviours: educate your employees using the ‘Top Tips For Staff’ training tool.
  • Managing third party cybersecurity risk: set out security measures for suppliers and partners, and train your employees in procurement roles on how best to protect commercially sensitive information using this online course

We have also created this simple guide to help demystify some of the key elements of cyber risk and the steps you can take to protect your business.

We’re here to make it easy for you

Frequently asked questions

Premiums depend upon several factors including the business annual revenue, industry sector, and the type of data held.

At Howden we aim to support you in your cyber journey by understanding the risks that are unique to your business and negotiating the most appropriate coverage and premium on your behalf. We take an integrated, holistic approach when defining our client’s business risks and ensure that we work with reputable insurers with proven global incident response services. Our strong, experienced claims handling team are also on hand to support you during the claims process, should an incident occur.

‘Silent cyber’ is the term used for potential cyber exposures in traditional property or liability policies, where cyber coverage is neither explicitly excluded nor clearly included.

You can have the best defences in the world, but IT security can’t always protect you from all threats including the human factor or exposure via third party vendors or suppliers. They say you are only as strong as your weakest link. Whilst your IT director will be critical in the incident response, they will unlikely have the experience or specialist knowledge that might be required during a cyber attack, such as knowledge of hackers, variants of malware, how to negotiate ransoms or the dark web.

The question of whether GDPR fines can be covered by insurance remains a grey area and continues to be debated in the legal and insurance sector. Currently there is no legal precedence following the revision in GDPR legislation in 2018.

However, if you have suffered damages or distress as a result of an infringement of data protection, the implementation of GDPR now
gives a right to claim compensation from an organisation. As a result, some have said that data protection related group litigation could become the next PPI.

Meet the team

Photo of Sarah Neild

Sarah Neild

Head of Cyber Retail
Photo of Sarah Neild

Sarah Neild

Head of Cyber Retail

Sarah holds over 30 years of experience in the cyber market.