We use cookies to give you the best possible experience of our website. If you continue, we'll assume you're happy for your web browser to receive all cookies from our website. See our cookie policy for more information on cookies and how to manage them.


Cyber liability insurance

Almost every company relies on computer systems for some aspect of running their business whether it’s customer data storage, office applications, payroll or email. As our reliance on technology increases so too do the associated risks.

Call us today:
0345 894 4685

Request a call back

Our cyber liability insurance is designed specifically for professional firms to help you manage and control the impact of a cyber breach and get you back to business as usual.

As well as protecting you financially if someone brings a claim against you arising from your use of the internet, email, intranet, extranet or your website, our cyber liability insurance can cover loss of customer data and the consequential losses and fines that may arise from this.

We can also cover your own IT systems if they are damaged, as well as the resultant damage to reputation and potential loss of profits associated with a cyber breach.

To find out more about cyber risks and how to protect your business, click the links below.

What are the risks?

Businesses face a range of cyber risks including but not limited to: 

  • rogue employees stealing hardware or data to gain competitive advantage, sell on to criminals or for extortion
  • negligent employees sending incorrect data, losing hardware or falling victim to phishing attacks.
  • hackers
  • malware
  • poor IT controls
  • data breaches as a result of outside providers with inadequate security
  • backdoor intrusion into the business through employees social networking accounts
  • employees accessing company data through their own smartphones or tablets, this is often referred to as Bring Your Our Device (BYOD) working.

What's the average cost of a cyber attack?

The average cost of a cyber attack (per record) is:

  • detection and escalation - £14 
  • response - £17 
  • notification - £6 
  • lost business - £34. 

Therefore the total direct loss from a data breach per record in the UK is £71. 

Source: 2010 Annual Study: UK & US Cost of a Data Breach by Ponemon

What are the direct and indirect costs?

Direct costs

Loss or damage to digital assets

If you suffer loss or damage to data or software programmes, costs will be incurred in restoring, updating, recreating or replacing them.

Non-physical business interruption and extra expense

A cyber attack that prevents your company from trading would inevitably result in a loss of income whilst you cannot carry out business as usual.

Reputational damage

Years of good work could be damaged by just one incident that sours your customers view of you as a business, meaning a loss of customers and subsequently income.

Indirect costs

Civil damages

If you suffer a security breach on your network, transmit any malicious code, or if you breach any third party or employee privacy rights or confidentiality, you may be subject to defence costs and/or civil damages.

Regulation defence

If you are investigated by any regulator as a result of the above, you will face investigation and defence costs, as well as potential fines. In the majority of cases, responsibility is on the data owner (you), rather than any data processor you may outsource to.

Customer care

There is sometimes a legal or regulatory requirement for you to notify the individuals affected by the security or privacy breach, in which case you may be subject to legal, postage and advertising expenses.

Who is at risk?

Cyber risks are a fact of life in a world of data and information systems. Any company dealing with electronic data whether it’s on mobile devices, computers, servers or on websites face such risks. Whilst the risks remain the same, often the vulnerability to those risks differs depending on the size of the business.

Small to medium sized businesses

Common misconception: small equals safe 

The 2011 small business study by the National Cyber Security Alliance found that 40% of all cyber attacks are directed at firms with fewer than 500 employees. 

Open to attack 

Smaller businesses may have less robust security and no audited response initiatives (perhaps seen as too costly). They often present opportunistic targets and criminals may use them as a backdoor means of attacking larger organisations. 

Vulnerable to damage 

Smaller companies may have no access to forensic, legal and PR experts after a security failure. As a result loss of revenue, inability to cover operational expenses and reputational damage can be devastating for them.

Larger businesses

Bigger target 

Large companies with more data means that breaches can lead to more records being stolen and more costs to manage the loss. They are also more susceptible to third party and shareholder class actions. 

Harder to track

Monitoring employee activity, tracking stolen and lost hardware and the corresponding theft of proprietary information is much harder in large complex organisations and data breaches can take much longer to resolve.

Case study

Theft of a hard-drive

Scenario: An employee of a business was driving to work, when he stopped at a junction. A thief reached through an open window and stole his briefcase, which contained a hard-drive with a database of 250 client details including names, addresses, contact numbers, dates of birth, nationalities and passport numbers. The hard-drive was password protected but was unencrypted. The business owner voluntarily notified the Information Commissioner’s Office (ICO) of the breach. 

Outcome: Despite the business owner being the victim of theft, the ICO considered that he failed to take appropriate measures to secure the data held on the hard-drive. The business owner should have encrypted the data and placed the briefcase in the boot of the car.

The ICO found that the data subjects could suffer substantial distress knowing that the data has been disclosed to unknown third parties and fined the business owner £5,000 (a reduction from £70,000 in recognition of the business owners voluntary notification).

If your insurance is not yet due for renewal and you would like us to contact you closer to the time register your interest now.


Cyber liability - what's the risk to your business? PDF document - 274.4 KB - 05/09/2019
Cyber liability - understand the threats PDF document - 241.7 KB - 12/09/2019

Call us today:

0345 894 4685

Monday to Friday 9am - 5pm

Request a call from Bluefin Professions

If you would like to speak to a member of the Professions team please fill in your details below and we will contact you.