ICAEW.com works better with JavaScript enabled.


Efficient cyber insurance to support your risk management strategy

Author: Marsh Commercial, ICAEW Member Rewards Partner

Published: 14 Oct 2022

Exclusive content
Access to our exclusive resources is for specific groups of students, users, members and subscribers.
Technology continues to transform the way we run our businesses. However, using technology has some downsides - one of which is the increased risk of data breach, online fraud and cyber-crime.

By now, you’re familiar with managing this risk in your business by ensuring you have policies and procedures in place and your staff are well-educated. However, a common weakness in many SMEs’  risk management strategies is having a plan in place for when incidents occur. 38% of SME and micro businesses identified security breaches or attacks in 2021. These incidents could cost you time, money and the reputation of your business.

Does your business really need cyber insurance?

Should your business suffer a cyber-attack, cyber insurance helps by taking action, rectifying the issue and repairing the damage.

Some criticisms of cyber insurance are:

  • exclusions of important cyber incidents like phishing scams
  • timescales to claim due to investigation periods
  • the perceived lack of cover or the policy failing to pay out

Working with a broker will help you avoid the disappointment of having a claim declined when you thought you were covered.

Brokers get to know your business and can provide advice on the suitable level of cover. Now, more than ever, insurance policies need to be streamlined and efficient – providing the cover you want and need – at a price you can afford. An insurance broker will use their network to negotiate the best possible terms and price on your behalf.

What does cyber insurance cover?

It’s important to select the cyber insurance policy that best meets your business needs and budget. Cyber insurance can include cover for:

Regulatory defence and penalties

As a result of civil regulatory action, compensation, civil penalty or fines following a data breach, for example.

Cyber extortion

Expenses incurred by you and your business including any ransom paid for the purpose of terminating a threat.

Data breach notification

Complying with data breach law, this includes legal fees, notification communications, call-centre services for enquiries.

Business interruption 

Whether total or partial interruption, degradation in service or failure of communication.

Fraudulent representation

Cover for loss of your money, property, products, goods and services as a result of fraud.

Forensic investigations costs

To find out how the cyber-criminal accessed your system following an insured cyber incident.

System restoration costs

Cover to repair the damage caused to your systems as a result of an insured cyber incident.

Is cyber insurance available to all businesses?

Insurance underwriters expect insurance to fit into a wider cyber risk management strategy. To offer cyber insurance, insurers expect to see evidence of risk mitigation processes and procedures in place across your technology and employees. Antivirus software and malware protection are essential for all work devices. Employees play an important part in keeping these installed and up-to-date. Cracks in your security are just a click away. Insurers expect employees to be both well-trained and vigilant.

How cyber insurance reacts to an incident

Arranging cyber insurance through a broker like Marsh Commercial provides your business with a cohesive response strategy should you suffer a data breach or cyber-related incident. Your broker, insurer and policy will respond by:

Taking action

As soon as you notify us of an incident, your cyber policy reacts, covering your liabilities on media, data security, viruses and hacking.


Costs covered are further reaching than your initial liabilities.  Customer notifications, credit monitoring and legal fees are also included.

Repairing the damage

In addition to hiring forensic to identify root causes, PR consultants can also be paid to mitigate damage to your brand.

An expert claims adviser from Marsh Commercial will join the response, guiding you through the claims process and facilitating communication with the insurer’s claims teams.

Why work with Marsh Commercial?

Our team has a wealth of knowledge in arranging cyber insurance. We take time to understand your business to ensure the protection you have in place is suitable for the risks you face. You can be confident we’re committed to working with leading insurers on your behalf. We’ll arrange appropriate cover – on competitive terms.