A Checklist for Buying Cyber Insurance: What to Consider

Every year, tens of thousands of cybersecurity breaches occur, with over 75% of those breaches affecting small businesses with less than 200 employees. An even more concerning fact for business owners is that over 60% of those operations go out of business permanently within six months of a cybersecurity breach.

Bearing in mind those frightening statistics, it’s no surprise to learn that cyber insurance policies have become an absolute must for businesses of any size.

Read this guide to learn more about cyber insurance, including the essentials to look for when buying a policy for your business.

What is Cyber Insurance cover?

Cyber insurance is a form of insurance cover that protects businesses and individuals from the liabilities and financial losses that can be associated with data breaches and online attacks.

This form of insurance gives your business essential financial assistance and support while you recover from the impact of a cyber attack, including:

  • Any costs associated with notifying all the parties who were affected by the breach.
  • The costs of investigating the attack.
  • The costs of restoring your compromised operating systems and data.
  • Any potential legal expenses.

In a nutshell, for every business that uses any form of online tools or that has an online presence, cyber insurance is crucial.

What should be included in cyber insurance?

Several elements should be included in a quality cyber insurance policy, including:

Data breach response

A cyber insurance policy’s data breach response element covers any costs incurred in responding to the breach. That includes legal assistance, public relations, credit monitoring services, forensic investigations and notifying your customers of the breach.

Data restoration

The data restoration part of the policy covers the cost of recreating or restoring any damaged or lost data following a cyber breach.

Business interruption

Business interruption insurance covers any loss of income and expenses incurred due to a cyber attack that interrupts your normal business operation; for example, system downtime, ransomware attacks and malware use.

Ransomware and extortion

Ransomware and extortion protection covers any expenses your business incurs relating to investigating cyber incidents, meeting ransom demands and negotiating with cybercriminals.

Network security liability

Network security liability coverage covers damages and legal costs that could be incurred if a third party sues your business for a systems failure that results in a data breach.

Cyber liability

This part of the policy gives your business protection against legal liabilities and costs resulting from legal action taken by those affected by data breaches and privacy violations.


The cybercrime element of your policy covers any financial losses resulting from cybercrime, such as fraudulent electronic transactions or loss of funds from your business bank accounts.

What elements of cyber insurance should you consider?

Since insurance policies can be tailored to meet the specific needs of individual businesses and industries, every cyber insurance policy can have specific terms, exclusions and provisions. 

We recommend you discuss your requirements with our experienced experts, who will help you review the policy thoroughly to ensure the coverage is relevant to your business before you sign up. 

What to consider before investing in cyber insurance

There are many things to consider before investing in a cyber insurance policy to ensure you get the right level of coverage to protect your business in the event of a cyber incident.

1. Identify Unique Risks

Before you do anything else, you need to understand the risks that cybercrime poses to your business.

For example, retail businesses and banks will mostly be concerned with the theft of their customers’ personal financial information.

2. Buy Only What Your Business Needs

As outlined above, cyber insurance policies can contain many different elements, some of which might not be relevant to your business. Be prepared to reject any coverage that’s not applicable so that you don’t finish up paying for things you don’t need.

3. What existing coverage do you have?

Some standard first and third-party insurance policies give some protection against cyber attacks, and you need to know what you’re already covered for before taking out a cyber insurance policy to avoid duplication and unnecessary cost.

For example, certain standard financial business policies can cover third-party claims arising from cyber fraud, but you still may need more than this.

4. Set appropriate limits and sub-limits

Crucially, you must assess the potential costs associated with a data breach with the liability limits and related costs offered by the insurance coverage.

The cost of responding to a cyber attack can be massive, so you need to match the policy’s liability limits with your business’ realistic exposure in the event of a loss due to cybercrime. Some policies impose sub-limits on certain coverage, such as regulatory investigations, which are often inadequate.

However, most insurers will negotiate the size of those sub-limits, sometimes without increasing the premium. Again, our expert advisors will help you get the right level of cover for your business.

5. Watch out for exclusions

In many cases, the coverage for a claim depends on the language used in the policy exclusion clause, rather than that in the coverage itself. That’s because cyber insurance is a relatively new product, and so the policy language isn’t standardised. 

Be aware that the policy could contain exclusions that have been taken from other insurance policies, and some might not even be relevant. 

6. Obtain retroactive coverage

Some cyber insurance policies restrict coverage to incidents that occur after a specific date, such as the policy inception date. That means you won’t be covered for any breaches that happened before you took out the policy.

However, since many breaches go undetected for a period of time, you should be sure to buy insurance coverage with the earliest possible retroactive date.

7. Consider insuring against third-party acts or omissions

Many businesses use a third party for data processing or storage, so it’s important that your cyber insurance policy covers any claims that arise from errors or misconduct by one of those suppliers.

8. Check coverage for the cost of restoring lost data

Upgrading a breached computer system following a breach can be incredibly expensive, and many cyber insurance policies don’t offer coverage for that. So, you need to be sure that your insurance policy will put your business back in the position you were in before the cyber incident.

9. What triggers the policy?

To notify the insurer properly, you need to know what activates or triggers coverage under your cyber insurance policy.

For example, some policies are triggered on the date the claim is made, while others are activated on the date of the actual loss. 

10. Consider covering unencrypted devices

Do you or any of your employees work outside the office using a tablet or computer? Many company-owned laptops and other storage devices are not encrypted, leaving you vulnerable to a loss of valuable data if you’re hacked.

In that case, you’ll need a policy covering you for stolen or damaged data from personal computers.

11. Does the policy cover regulatory actions?

A cyber attack resulting in lost personal data could see you facing legal action from a customer, so you should consider taking out a policy that covers you for legal action and investigations arising from cybercrime.

How Stanmore Insurance can help with Cyber Protection

Cyber insurance is a must for any business using web-based systems and social media in the office, at home and on the road. This insurance coverage protects your business against financial losses and liabilities associated with online attacks, theft of personal information and data breaches.

There’s a lot to think about when deciding on the ideal cyber insurance policy for your business. So, be sure to speak to one of Stanmore Insurance’s expert advisors for guidance before you decide which policy will offer the best protection for your business.