Protect your organisation with cyber liability insurance Last year, 74% of small organisations suffered a data security breach.* Don’t add your name to the list this year. Cyber attacks were big news in 2015, with many high profile news stories about well known brands – and their customers – falling victim to security breaches. But what is not so well publicised is the number of attacks on smaller organisations. According to figures in the Information Security Breaches Survey 2015 – a report commissioned by HM Government – 74 per cent of small businesses suffered a security breach in 2015. That’s an increase of 14 per cent on the previous year. Unfortunately, it’s smaller organisations that more often don’t have the financial resources to recover from an attack, making it arguably one of the greatest risks of 2016. Discover how you can protect your organisation and mitigate risk – download our cyber liability insurance brochure.

1. Cyber liability insurance
Protecting your organisation
Would your organisation recover from
a cyber attack?
Cyber attacks were big news in 2015, with many high
profile news stories about well known brands – and their
customers – falling victim to security breaches. But what is
not so well publicised is the number of attacks on smaller
organisations. According to figures in the Information
Security Breaches Survey 2015 – a report commissioned by
HM Government – 74 per cent of small businesses suffered
a security breach in 2015.That’s an increase of 14 per cent
on the previous year.
Unfortunately, it’s smaller organisations that more often
don’t have the financial resources to recover from an attack,
making it arguably one of the greatest risks of 2016.
Over
records are now exposed
every time a UK business
suffers a data breach.*
is the average number of days
a business can be out of action
following a cyber attack.*
lucasfettes.co.uk
Last year, 74% of small
organisations suffered
a data security breach.*
Don’t add your name
to the list this year.
days10
is the average cost to a small
business of its worst security
breach of the year.*
£75k–£311k
23,000

2. What insurance covers are available?
There are a number of ways in which your organisation could
be exposed – but there are covers available to mitigate the risk,
for example:
Multimedia liability
Covers the insured company for claims against
them of defamation, libel and slander, and
unintentional infringement of intellectual
property rights such as copyright, plagiarism or
piracy.
Example claim:
Easy Group sought compensation from sixty
separate companies who had the word“easy”in
their registered internet domain name. In one
specific case Easy Group took legal action against
easypeople.co.uk and demanded that they pay
the fee of £100,000 for its legal costs in pursuing
the matter.
Network security and privacy liability
Covers the liability of the insured company
should they fail to prevent the transmission of
a virus, or a denial of service attack to a client’s
network, or destroy data that has been entrusted
to them by a third party, or fail to prevent
the unauthorised disclosure of confidential
information.
Example claims:
A supermarket’s point of sales system was hit
by external malware, disabling communication
between the registers and the inventory
machine.The supermarket ran out of stock and
had to close until the till system was fixed and
stock replenished.
A multinational insurance company was
punished by a multimillion-pound fine by
the UK’s regulator when it lost a backup tape
containing the private details of over 46,000
policyholders.
An employee’s laptop or USB flash drive is stolen
containing your customers’information.
Privacy notification costs
Covers the legal costs, including postage and
advertising, incurred by the insured company in
notifying its customers that a network or privacy
breach has occurred, potentially compromising
customer data.
Note:
Whilst data breach notification laws do not
currently exist here in the UK other than for
communication service providers, it is important
to consider that companies doing business in
the USA (and certain countries within Europe)
should be aware of state legislation that requires
companies to notify individuals of security
breaches involving personally identifiable
information.

3. Credit assistance expenses
Covers fees incurred by the insured company
in the procurement of professional credit
monitoring services or identity theft assistance
for individuals affected by a network or privacy
breach.
Example claim:
A business services company conducted a
mailing project for a customer and inadvertently
mailed out approximately 60,000 envelopes
bearing account numbers on the outside. It
claimed £220,000 for notification and credit
monitoring services.
Crisis management expenses
Covers expenses incurred by the insured
company for professional fees in relation to
legal advice concerning a media strategy, crisis
consulting and independent public relations
services following a breach.
Example claim:
An investment adviser’s chief customer service
officer had his laptop stolen.The laptop
contained more than 100,000 customer records,
including social security numbers. Costs for
hiring a public relations firm to restore customer
confidence or mitigate negative publicity
generated by the incident were £75,000.
Forensic expenses
Covers fees incurred by the insured company for
specialist forensic auditors or investigators who
have been retained to conduct a review or audit
to substantiate how the breach occurred.
Example claim:
A travel agency with four locations, £650,000
turnover and 30 staff, experienced three separate
data breaches over a three-year period, in
which hackers gained access to their computer
system. Over 250,000 individuals’credit card and
passport details were compromised. £1.2m was
paid for the forensic and legal costs in defending
the investigation.
Electronic data rectification expenses
Covers all reasonable costs and expenses
incurred to repair or restore the insured’s
computer system to the same or equivalent
standard as immediately before it was damaged
or destroyed by a network security breach.
Example claim:
A manufacturer had a disgruntled employee
delete their entire database. It cost the company
£5m in lost revenues and £1.3m to replace the
lost data.
Cyber extortion
Covers the insured company for extortion
demands where there is a credible threat to
destroy the insured’s computer system or
website, or a threat to introduce a malicious code
or a denial of service attack.
Example claim:
A law firm with a turnover of £1.3m and eight
staff had its server and client records locked by
Ransomware software. It was only able to get the
files released after paying a ransom of £50,000 to
hackers.

4. Lucas Fettes & Partners Limited are independent insurance intermediaries authorised and regulated by the
Financial Conduct Authority. *
2015 Information Security Breaches Survey, HM Government. 43/16 GM004
Talk to us
As an independent insurance broker we have access to over 300 insurers and will
arrange cover based entirely on your needs and budget. We can also provide impartial
advice and guidance on a range of risk management measures. To find out more, please
speak to your usual Lucas Fettes & Partners contact or your local office.
Berkhamsted
T: 01442 866670
E: berkhamsted@lucasfettes.co.uk
Bristol
T: 0117 989 8300
E: bristol@lucasfettes.co.uk
Chichester
T: 01243 530450
E: chichester@lucasfettes.co.uk
Glasgow
T: 0141 248 1620
E: glasgow@lucasfettes.co.uk
London
T: 020 7413 0999
E: london@lucasfettes.co.uk
Manchester
T: 0161 973 9101
E: manchester@lucasfettes.co.uk
Newport, Isle of Wight
T: 01983 522577
E: newport@lucasfettes.co.uk
Cyber business interruption
Covers the insured company for loss of
business income directly following a network
security breach that results in a total or partial
interruption to the insured’s computer system.
Example claim:
An online retailer with a turnover of £3m and
15 staff had its website defaced, including a link
to a competing retailer’s website. Hackers then
gained access to personal information about
customers and took over their website. £500,000
was paid for loss of income and other related
costs.
PCI fines and penalties
Covers the insured company for Payment Card
Industry (PCI) fines or penalties arising from a
network or privacy breach due to the insured’s
non-compliance with Payment Card Industry
Data Security Standards.
Note:
Since 2005 more than 80% of credit card
breaches have occurred at small businesses.
Failure to comply with Payment Card Industry
Data Security Standards (PCI DSS) could result in
fines of up to £50,000 per infringement.