“How do I work out how many records I need to insure?”
Records means people, so 5 pieces of information about you, is one record. You should consider any person whose data you hold, including your customers, the customers of your clients, your employees, and sub contractors. If you are growing you might want to multiply your total by your growth to allow for an increase in records in the year of insurance. If you don't store the data but you use someone else to store the data (outsource) then you should include those as you will probably still have responsibility.
However, if you do get it wrong we will not reduce the coverage you have bought: there is no equivalent of "average" in a property policy
“What level of cyber liability cover do I need?”
This is a complex question, best advice is to purchase as much cover as you can afford. Essentially you need to work how many people's data you hold, to choose a limit of records, and then the more difficult part, if someone brings legal allegations against you, how much you think you might be sued for plus the associated legal costs.
Privacy lawyers can be quite expensive if they are good, more than £500 per hour. It is worth checking your commercial contracts to see if the contracts specify what limit of cyber you should buy. The limit of liability is in the aggregate which means if you were unlucky enough to have more than one claim against you then it would need to be enough for both claims.
“How does the indemnity limit work?”
If there is a legal allegation against you, the indemnity limit covers legal costs to defend you and if you have to pay damages, it pays damages too.
“How do I make a claim?”
Information for the notification of claims can be found on your policy Schedule. You can call the number or send an email. if you email we will call you back.
If you suffer a data breach / loss, or any form of computer system security breach or hacker attack you should contact the Beazley Breach Response hotline on 0207 667 0667 (option 2). The line is open 24 hours a day, 7 days a week.
“Do you cover cyber ransom demands?”
there are lots of different cyber ransom demands.
If someone prevent you from accessing a database or network by the use of encryption, often called a ransomware attack, then we would investigate, and if you needed to recover data we would pay the cost, and if your business was interrupted we would pay the loss of revenue. There are limits and excesses to be applied. if you have to pay a ransom then we would pay that too.
Another kind of cyber ransom is if someone steals sensitive information and threatens to publish it unless you pays ransom - again we would investigate and if necessary pay the ransom too.
“If my website or system is hacked, what do I do?”
Email or phone our BBR services Breach Manager who will urgently begin the process of investigating the hack.
You can contact Beazley Breach Response hotline by calling 0207 667 0667 (option 2). The line is open 24 hours a day, 7 days a week.
“How does your Beazley Breach Response cover work?”
The idea is that you contact a Beazley employee whose job is to handle data breaches. Collectively we have handled over 6000 incidents. The breach manager will take some details of what you know so far, and agree with you who on your side needs to be involved to agree the way forward.
The breach manager will pull in various specialists to help work out what happened, deal with any regulators, notify people affected, comfort those affected with some fraud alert services, all depending on what happened. You get access to the experience of our breach managers and the vendor panel we put together very carefully. This group has worked together many times so are an effective team.
“What does the business interruption and cyber extortion extension cover?”
Cyber business interruption triggers if you suffer a hack or a denial of service attack which slows down your website or network that could affect your revenue. Basically, we pay the revenue you lose ,which you cannot get back. there is normally a time retention which means the cover kicks in after a number of hours, typically 12 hours.
Cyber extortion triggers if someone threatens you by preventing access to your network, or publishing private information, and demands money to let you back in to your network or to avoid the private information being published. we pay the investigate and if the ransom needs to paid then the ransom too.
“What does the fraudulent transfer extension cover?”
Cyber criminals use a variety of creative ways to commit crime. Standard cyber insurance policies only provide cover for data loss or cyber attack which would exclude actions such as fraudulent instruction where monies are paid inadvertently where a person is purporting to be a vendor, client or authorised employee.
Subject to selection of the extended fraudulent transfer extension cover is provided for up to £10,000 in the policy period.
“What’s the difference between cyber insurance and professional indemnity?”
Professional indemnity (PI) insurance is cover you for your mistakes as a professional, often negligence or a breach of contract.
Cyber insurance is for everyone not just professionals, because it deals with a data breach or a breach of cyber security, and anyone can have one of those.
If you also have PI why not speak to one of our Cyberguru advisors to make sure the cyber and PI work together well. Often the response times for a cyber breach can need to be more urgent than PI so there is often a need for a different insurance service.
“My business trades in the US as well as the UK & EU, can you cover me?”
We can extend our policy to Worldwide. there are specific US exposures and we have a good understanding and experience of handling US data breaches
“Why do I need to pay Insurance Premium Tax?”
Insurance Premium Tax (IPT) is a tax on general insurance premiums in the UK and cyber insurance is not exempt
“What do you mean by encrypting mobile data?”
Data encryption is a practice used to keep data secure. It basically takes the original data and scrambles it to make it unintelligible without a special code. It is unusual to store data on mobile phones or tablets as normally all that data is stored somewhere else and all you do is look at it on the device. If you do actually store data on your mobile phone or tablet then we recommend you encrypt it.
“What is Personally identifiable information (PII))?”
Taken from the EU General Data Protection Regulation (GDPR) which will be enforced from May 2018, ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Basically, that means if you can tell from the data who exactly it is, and otherwise you would not be able to identify them, then it is PII
“What is a Denial of Service (DOS) attack?”
A DoS attack is a type of cyber-attack which typically involves a targeted machine/network being flooded with an excessive amount of communication requests such that the machine/network cannot possibly fulfil all the requests, disrupting the service and therefore becoming unavailable to genuine users. Imagine a revolving door with so many people trying to get through that it stops turning. Substitute the people with data, and the revolving door with your network and that is a DoS attack. Your network stops turning or turns so slow it is not useful. It is a malicious attack.
“What do you mean by Legal and Forensic expenses?”
We will pay reasonable forensic costs and expenses of a computer security expert incurred defending a claim covered under your cover arising from a security breach. If you have to pay for a special payment card one called a PCI forensic investigator (normally more expensive) we will pay for that as well!
“Do you cover Payment Card Industry (PCI) fines and expenses?”
We will indemnify for PCI Fines, Expenses and Costs incurred in the course of your business activities stated in the schedule which you shall become legally obligated to pay because of a claim first made against you during the policy period.
“What does Territorial Limits mean?”
The breach needs to happen within the territorial limits. Under the cyber liability section of the Cyberguru policy, cover is generally provided on a worldwide basis as standard.
“What does Jurisdictional Limits mean?”
The claim against you has to be brought within the jurisdictions specified. As standard, the Cyberguru cyber liability policy provides cover for actions raised against you on a worldwide basis excluding claims made in the USA or Canadian courts. Cover may be extended to these areas upon referral to us.
“What’s the difference between territorial and jurisdictional limits?”
The Territorial Limit is about where the data breach takes place, and the Jurisdictional Limit is where the claims has to be brought against you.
“What does Retroactive Date mean?”
Basically, what went wrong has to happen after the retroactive date.
Cover under the Cyberguru cyber insurance policy is arranged on a “claims made” basis, as such, you need to have cover in force both, when the loss occurred AND when a claim is made against you. The policy will not provide cover for incidents which occurred before the retroactive date.
“How much do I have to pay in the event of a claim?”
If valid, the claim should be settled at whatever cost necessary to fulfil your legal obligation. We will then indemnify you for damages and claims expenses you have incurred because of the claim, as long as the claim is first made against you during the policy period and reported to us during the policy period wide of any policy excess. The standard policy excess is typically £500, but you should check your policy schedule for full details.
“Which insurer underwrites Cyberguru policies?”
Beazley Syndicates 623/2623 at Lloyd’s. Beazley is a specialist cyber insurer underwriting cover since 2009 and has subsequently managed over 6,000 data breaches.
“What does the professional indemnity exclusion mean?”
Our standalone cyber policies exclude claims arising out of acts of negligence through your professional duty to provide a service/advice (i.e. a breach of contract). If you are interested in professional indemnity insurance, please contact one of the Cyberguru team who will be happy to assist.
“Do you cover loss of income following a cyber attack on my website?”
Our first party extension endorsement includes coverage for the loss of revenue as a result of a cyber attack and/or data breach.
“I need more than £1 million cyber liability insurance, can you still insure me?”
Absolutely, at Cyberguru we can arrange cover for limits up to £100m! If you need cover for more than £1m, we will just need a little more information and one of the Cyberguru team will be happy to arrange this for you.
“How can I arrange cover?”
You can buy cover online or alternatively by calling one of the Cyberguru team on 0330 1240730
“How can I amend my details?”
You can request amendments to your policy by visiting the client hub on our website.
“How do I change my limit of indemnity?”
Changes to your indemnity can be made via the client hub on our website or my calling one of the Cyberguru team on 0330 1240730. If you are looking to increase indemnity you may be asked to sign a no claims discount before the higher limit
“How do I cancel my policy?”
You can cancel your policy at any time (subject to no claims or losses having been reported) by providing 30 days written notice.
“Can I pay in instalments?”
Premiums can be paid in full by credit or debit card. Alternatively, we can arrange a premium payment facility via Premium Credit Ltd. Details of the payment options will be displayed on your quotation and is subject to a 8.9% credit charge.
“How do I change my bank details?”
If you are making payment via Premium Credit Ltd on direct debit you can update your bank details and view your payment schedule via their online system.
“When will my monthly payments be taken?”
Upon acceptance of cover and arrangement of the monthly payment facility via Premium Credit Ltd, you will be sent a schedule of payments confirming your monthly payment dates.
“Can I change the date of my monthly payments?”
You can make changes to the date on your monthly direct debit by contacting Premium Credit Ltd via their online system.
“What is the extra charge for paying in instalments?”
Premium Credit Ltd make a small credit charge of 8.9% to arrange payment via instalments.