Cyber, Data and Crime Insurance 

The threat of cybercrime is one of the biggest faced by individuals and businesses worldwide, and yet we still see many clients facing this risk without having protection in place: protection in the form of cyber, data and crime insurance.

It is difficult to comprehend why to take this risk when you consider how catastrophic cybercrime can be. A virtual virus could spread around the world within minutes, carrying the probability of bringing down national and worldwide networks that we have become so reliant on in our everyday lives.  

Why you need cyber, crime and data insurance 

The role of cyber, data and crime insurance in an overall insurance portfolio has never been as important as it is at the current time. Cybercriminals are always evolving, taking into account new opportunities to exploit businesses in new and different ways. According to the Government’s Cyber Security Breaches Survey 2020*, the extent of cyber security threats has, far from reducing, in fact evolved and become more frequent. 

Get a quote

What does cyber and data insurance cover?

Cyber, crime and data insurance covers losses relating to damage to, or loss of information from, IT systems and networks. Policies generally include significant assistance with and management of the incident itself, which can be essential when faced with reputational damage or regulatory enforcement.

Cyber and data risks fall into first-party and third-party liability.

Protection of your own assets from cyber crime

First-party liability cyber cover protects your assets, such as:

  • Loss or damage to data or software programmes
  • Business interruption from network downtime
  • Cyber and data extortion where third party threaten to damage or release data if money is not paid to them
  • Customer and/or third-party notification expenses when there is a legal or regulatory requirement to notify them of a security or privacy breach
  • Repairs or replacement following system damage
  • Regulatory actions and investigations and court attendance costs. Potentially cover for fines, where legally deemed insurable
  • Crisis communication costs
  • Reputational damage arising from a breach of data that results in loss of intellectual property or customers

Protection for your customers from cyber crime

Third-party liability data cover protects your customers' assets, including:

  • Security/privacy breaches, investigation and defence costs together with civil damages associated with them
  • Multi-media liability, to cover investigation, defence costs and civil damages arising from defamation, breach of privacy or negligence in publication in electronic or print media
  • Loss of third-party data, including payment of compensation to customers for denial of access and failure of software or systems

What threats does cyber insurance protect against?

With cyber-crime attacks becoming ever more widespread and sophisticated, you need to be sure you’ve got the right protection. Especially since the arrival of the GDPR. What support does your insurance provide if you suffer a data breach? Have you got cover for reinstating data? If you’re subject to a regulatory investigation, are your costs covered?

Cybercrime comes in all different forms and not many days go by at a time without hearing about a new cyber-attack, whether it be online fraud, hacking, viruses, malware, ransomware, phishing or smishing. 

For more about some of the threats you face, watch our short video: 

Who is most at risk from cybercrime? 

Digital technology is an essential part of business today. Almost all businesses rely on information technology (IT) infrastructure to some degree, which is why cyber and data security breaches can be so damaging.  

According to the Government’s Cyber Security Breaches Survey 2020*, almost half of businesses (46%) and a quarter of charities (26%) reported having cyber security breaches or attacks in the previous 12 months. It is higher among large businesses (75%) medium businesses (68%) and high-income charities (57%). 

Clients should particularly think about purchasing cyber, data and crime insurance if they: 

  • Hold sensitive customer details such as names and addresses or banking information 
  • Rely heavily on IT systems and websites to conduct their business 
  • Process card payment information as a matter of course 

Effects of cyber crime on businesses

The Government’s Cyber Security Breaches Survey 2020* tells us that breaches that result in a negative outcome incur substantial costs. Among the 46% of businesses that identify breaches or attacks, one in five (19%) have experienced a material outcome, losing money or data. Two in five (39%) were negatively impacted, for example requiring new measures, having staff time diverted or causing wider business disruption. Similarly, among the 26% of charities reporting breaches or attacks, a quarter (25%) had material outcomes and over half (56%) were negatively impacted.  

Where businesses have faced breaches with material outcomes, the average (mean) cost of all the cyber security breaches these businesses have experienced in the past 12 months is estimated to be £3,230. For medium and large firms, this average cost is higher, at £5,220. 

With 32% of those who identified breaches or attacks, experiencing them at least once a week in 2020, it’s easy to see how quickly costs can escalate. 

Ransomware #1Cyber Issue (1) Social Engineering A major issue - Theft of funds, fake CEO Fraud etc (2) Between two thirds and three quarters of all cyber losses have an element of human error (3)
Cybercrime is 50% of all crime in the UK - There is no 'Emergency' or stage service - Police do not have funds, resource or expertise (4) You are 9 times more likely to to have a cyber event than a property loss as a business (5) 965 Claims Are first party (own loss) as opposed to third party liability (6)
"You are not targeted because you are valuable, you are targeted because you are vulnerable (7) 70% of UK businesses are aware that cyber exposures are a risk, yet only 10% of UK businesses currently purchase cyber insurance (8) That an average losses from cyber breaches also soared from £179,000 to £289,000, an increase of 61% (9)

2. CFC Underwriting
6. CFC Underwriting
7. CFC Underwriting

Cyber risk management insurance

This is a critical part of cyber protection; which underpins the insurance covers.

There are requirements/standards to be complied with, these are simple and easy to comply with see fact sheet.

This explains 4 critical security requirements, as well as three important security standards. These simple yet effective steps will help to ensure good practice to help protect you and make your business less vulnerable.

An integral part of our cyber policy, our award-winning mobile app Response gives policyholders access to a range of proactive cybersecurity tools and services. Standard cyber risk management insurance covers:

  1. Phishing simulations – Targeting members of your team whose credentials are the most vulnerable, these simulations send mock phishing emails in order to raise awareness of this criminal tactic.
  2. Dark web monitoring – This tool scours the dark web for information relating to your business, including corporate login credentials and other breaches of sensitive data relating to your domain name.
  3. Deep scanning – This service actively scans the external client network footprint to identify claims correlated vulnerabilities that lead to cyber attacks and ransomware.
  4. Cybersecurity advice – The “Ask the Expert” section of Response allows users to get in touch with our specialist team for help with cyber risk mitigation, best practices, cybersecurity services on offer, and more.
  5. Real time threat alerts – Through continuous monitoring of our customers and analysis of the latest cyber claims, our team is able to spot problems fast. Through Response, we send policyholders critical alerts specific to their business along with guidance on how to rectify.

Download more cyber risk management information

Take our three-minute cyber risk assessment 

You can quickly discover the level of protection you need by taking our simple three-minute cyber risk assessment

The test will give you an overall risk score and indicate whether you are at high, medium or low risk of cybercrime.  

Cyber insurance FAQs

Does business insurance protect my business against cybercrime?

No, it is highly unlikely that your business insurance policy provides you with sufficient cyber protection, which is why it is important to take out a specific cyber and crime policy to protect you. Without the correct level of cover, you’re likely not to be insured should you suffer cybercrime, facing the real possibility of needing to fund the associated costs yourself.  

What is a cyber excess layer?

As the cyber insurance market hardens, some insurance providers restricting cover, increasing rates and reducing lines across the board. In addition to this hardening market, recent changes in contractual and increasingly, regulatory requirements have seen the need for larger limits increase greatly.

Weare able to arrange flexible excess of loss cyber insurance policies to top up primary covers. This cover can help ensure organisations are protected against the increasing likelihood of multiple cyber events during a single policy period.


  • Limits of up to £10 million available
  • We will follow most underlying insurer wordings


We partner with providers who have a wide appetite with no outright decline sectors or industries, each case will be considered on their own merit.

Get a cyber insurance quote 

Get a quote

Alternatively, you can speak to your usual Towergate advisor who will be happy to help. 

Cyber and GDPR

General Data Protection Regulation (GDPR) impacts every business.

One of the legislation's key requirements is that the confidential data you hold on your customers or suppliers must be processed in a manner ensuring an appropriate level of security. Is yours? See what you should do about cyber and data security and GDPR.

The enforcement of GDPR means that your business can be fined up to €20m or 4% of your turnover (whichever is the greater) for breaches of your customers’ data.

Cyber and data security, and GDPR: what you should do

Here’s what you need to do now:

  • Appoint a senior manager with some expertise to take responsibility for your cyber and data security and draw up an information security policy
  • Make sure you understand your obligations to notify the Information Commissioner’s Office (ICO) within 72 hours (and, in some instances, the individuals affected) of personal data breaches
  • Consider whether the confidential data you hold should be pseudonymised and encrypted

For more details, visit the National Cyber Security Centre.

What to do if you suffer a cyber attack

What should you do if you suffer a cyber or data attack? Here is our three-step checklist:

  1. Log and monitor any suspicious activity This can help to inform you as soon as a breach happens, giving you a chance to respond quickly and limit potential damage. It’s also useful to have a trail of activity carried out by the hacker.
  2. Regularly back up your data This will make it easier to access data – reducing downtime – in the event of a breach. But be aware that there’s a risk that you may restore the same vulnerabilities which caused the breach in the first place – consult a specialist on how to mitigate this risk.
  3. Inform your cyber and data security insurance provider If you don’t have cyber and data protection insurance, Towergate can create a policy tailored to your needs that provides cover for a range of different cyber-attack scenarios.

Specialist cyber crime and fraud insurance

With the Cyber Crime and Fraud Insurance that's right for you business, you can rest assured that your protection includes:

  • Data recovery support in the event of a breach
  • Extortion cover if a hacker tries to hold you to ransom
  • Business interruption cover to keep you going after a cyber attack
  • Payment of costs associated with regulatory investigations
  • Cover for claims for damages against your business

Get a cyber crime and fraud insurance quote

For more information, to discuss your particular cyber and data security requirements or to get a quote, simply contact Towergate.

Find out more about cyber insurance from Towergate

Download further information about our cyber crime products.

Read more cyber insurance articles and info

To find out more about the threat of cybercrime and practical steps you can take to reduce your risk, browse our range of articles: