When an organisation with a turnover under £20M achieves self-assessed certification covering their whole organisation to either the basic level of Cyber Essentials or the IASME Standard, they are eligible for Cyber Liability Insurance.

The cover, underwritten by AIG and brokered through Sutcliffe & Co, can be briefly described as follows:

£25K limit of indemnity covering:

Event Management

Costs to engage Legal, IT Forensics, Data Restoration, Reputational Protection, Notification Costs and Credit and ID Monitoring services following an actual or suspected breach of personal or corporate information, an IT security or system failure

Data Protection Obligations

Insurers will pay:

  • Defence Costs in respect of a Regulatory Investigation, and;
  • Any lawfully insurable Data Protection Fines that the Company is legally liable to pay in respect of such Regulatory Investigation with regards to a breach of Data Protection Legislation


Damages and Defence Costs arising from:

  • An actual or alleged breach of data
  • An actual or alleged security failure
  • The failure to notify a Data Subject and/or any Regulator of a breach of personal information in accordance with the requirements of Data Protection Legislation
  • An actual or alleged breach of duty by the Information Holder in respect of the processing information (for which the Company is responsible) on behalf of the Company

A major breach may well require more than the £25K cover. 💰

Did this answer your question?