Cyber Liability Insurance. Protect Your Business.
A ransomware attack or data breach can shut you down in hours. Cyber liability insurance covers incident response, restoration and the financial impact so you can recover.
Get in touchWhat is cyber liability insurance?
Cyber liability insurance covers the financial cost of a cyber attack, data breach, ransomware or other online security incident. It covers your incident response costs, system restoration, business interruption, and third-party claims resulting from a breach.
Most cyber policies include first-party cover (your own costs) and third-party cover (claims from customers, clients and regulators). Some also cover financial crime such as fraudulent payment instructions.
Cyber attacks and breaches are no longer rare. Most businesses are hit at some point. Cyber liability insurance ensures one incident does not become a financial catastrophe.
What is covered
- Incident response and forensics
- Data breach notification costs
- Business interruption from cyber attack
What is not covered
- GDPR regulatory fines
Available on some policies but often excluded or limited
- Cyber extortion and ransom demands
Not always included — check policy wording
- Social engineering fraud
Often a separate section or optional extension
Who needs cyber liability insurance?
Businesses holding customer data
Any business holding personal information, payment card data, or medical records faces regulatory and financial exposure
E-commerce and online payment
Retailers, SaaS platforms and businesses processing payments face elevated ransomware and breach risk
Professional services
Accountants, solicitors, consultants and advisers hold sensitive client data and face significant breach liability
Any business with remote workers
Remote work increases the risk of phishing attacks, account compromise and social engineering
How much does cyber liability insurance cost?
£250 – £1,200 per year for small businesses; organisations holding large volumes of personal data or processing payments may pay £800 – £5,000+
Volume and sensitivity of personal data held
high impactA business storing payment card data, medical records or large volumes of customer personal data faces greater regulatory and liability exposure than one holding minimal data.
Annual turnover and revenue reliance on IT
high impactBusinesses that would lose all revenue if their systems went offline — such as e-commerce sites or SaaS platforms — face greater business interruption exposure.
Existing cybersecurity measures
medium impactBusinesses with multi-factor authentication, staff training and endpoint protection often qualify for lower premiums. Weak security can increase cost or limit available cover.
Sector and regulatory environment
medium impactHealthcare, financial services and legal firms operate under stricter data protection regimes, increasing regulatory fine exposure.
Third-party system access
low impactIf your staff or contractors access client systems, you may carry additional liability if a breach originates from your access.
WHY CECIL
Built differently.
Cover the full cost of recovery
Incident response, forensics, notification and business interruption costs can run to tens of thousands. Cyber insurance covers the full financial impact.
Understand your cyber risk
We help you understand what data you hold, who can access it, and what your realistic exposure looks like. Then we match you with cover that fits.
Rapid access to cyber expertise
When a breach happens, you need forensic specialists and incident response experts immediately. Cyber policies include access to these services.
Cover that grows with your business
As you collect more data or process more payments, your cyber exposure grows. We help you scale your cover appropriately.
Real claims: what cyber liability insurance covers
A professional services firm is hit by ransomware that encrypts all client files
The cyber policy covered incident response costs, system restoration and two weeks of business interruption
£62,000 total response cost
A retailer's payment processing system is compromised and 4,000 card numbers are exposed
The policy covered GDPR breach notification costs, credit monitoring for affected customers, ICO investigation support and the resulting regulatory fine
£38,000 total claim
An employee falls for a phishing email and transfers £15,000 to a fraudulent account
The cyber policy's social engineering extension covered the financial loss
£15,000 recovered under the policy
Common questions about cyber liability insurance
What does cyber liability insurance cover?
Cyber liability insurance covers the financial costs of cyber attacks and data breaches, including incident investigation, system restoration, notification of affected individuals, regulatory fines, and claims from affected customers. It also covers business interruption resulting from a cyber attack.
How much does cyber liability insurance cost?
Cost depends on the size of your business, the volume of data you hold, your turnover, and your existing security measures. A small business might pay £250–£500 per year; larger organisations or those in high-risk sectors can pay £2,000–£5,000+.
Do I need cyber insurance if I am a small business?
Yes. Even small businesses hold customer data, process payments or collect personal information. A single breach can result in costs of tens of thousands in notification, credit monitoring, incident response and regulatory fines. Cyber insurance protects you.
What is the difference between cyber liability and data protection insurance?
Cyber liability covers breach response, business interruption and third-party claims. Data protection insurance specifically covers regulatory fines and defence costs related to data protection law breaches. Many policies include both, but check carefully.
Does cyber insurance cover ransomware?
Yes. Cyber policies cover ransomware attacks, including incident response, recovery costs, and business interruption. However, most insurers will not cover the ransom payment itself and many will not cover costs relating to unsupported or criminally negligent payment.
What is the difference between first-party and third-party cyber cover?
First-party cover pays for your own costs after an attack — system restoration, ransom, business interruption. Third-party cover pays for claims from customers, clients or regulators arising from your breach. Comprehensive cyber policies typically include both.
Does cyber insurance cover GDPR fines?
Cyber policies can include cover for ICO regulatory fines under the UK GDPR. Fines imposed as a result of deliberate non-compliance are generally excluded. The policy typically covers investigation costs and defence fees regardless.
How quickly do I need to report a data breach in the UK?
Under UK GDPR, a notifiable personal data breach must be reported to the ICO within 72 hours of becoming aware of it, where feasible. Affected individuals must be notified without undue delay where there is high risk to their rights and freedoms.
Does cyber insurance cover social engineering and invoice fraud?
Some cyber policies include a social engineering extension covering losses from fraudulent payment instructions. This is not always included as standard — check whether your policy has a separate sublimit for funds transfer fraud.
What is a cyber risk assessment and do I need one?
Some insurers require security questionnaires for SME policies. Larger or higher-risk businesses may be asked to complete a more detailed assessment before a quote is issued. Understanding your risk profile helps ensure you buy the right level of cover.
Does cyber insurance cover cloud service outages?
Standard cyber policies do not typically cover losses caused by outages at third-party cloud providers unless you have a contingent business interruption extension. This is an increasingly important gap to consider.
Industries that need this cover
Cyber Liability Insurance is commonly required across these sectors.
Interested in Cyber Liability Insurance?
We will be in contact when Cecil launches.