What is data breach insurance?

A data breach could cost your business thousands or even millions of pounds in lost revenue, reputational damage and fines. Data breach insurance protects you against these risks, here’s a closer look at what it does.

What is a data breach?

It’s where information your business holds is accessed without your permission. A data breach could occur:

  • By accident, if for example, a member of your staff loses a mobile phone or accidentally emails an attachment to the wrong person.
  • On purpose, if your business is hacked or targeted by cyber criminals using malware or other methods to access your data.

In both cases a data breach can cause huge damage, so it pays to protect your business from the risks.

Cyber liability insurance and data breach insurance are generally the same thing, so either could offer the cover you need.

How does data breach cover work?

Like most insurance policies, data breach insurance can protect your business from a financial risk, in this case cyber-attacks.

You’ll have to pay an annual insurance premium and often a significant excess if you need to make a claim, but the right cover could potentially save your business thousands in the event of an attack.

A decent data breach or cyber insurance policy should cover:

  • Business losses: If your systems are down it’s likely you’ll face some loss of income. Often productivity becomes impossible and you need to spend your time mitigating any damage that has been caused. You may even lose customers and have to look for new ones.
  • Legal costs: You could face legal trouble if a data breach occurs. The General Data Protection Regulation (GDPR) is very strict when it comes to protection of information, and you could face fines and legal action as a result.
  • Follow-up investigations: While identifying the source of the problem may provide peace of mind, it could also stop the same issue from happening again. Often this can be very costly, but some packages will incorporate these costs and even the cost of upgrading your infrastructure to prevent further incidents.
  • Communication costs: You will need to tell stakeholders inside and outside your company of any data breach. When sensitive information, or customer data is involved, it’s often a legal requirement. The scale and scope of this communication will depend on your company, but the costs can be considerable. Data breach insurance can help you manage those costs too.

Some data breach policies will cover you for reputation management costs as well as repair and damage control costs, but this may be only available with third party cover.

Do you need third party cover?

A cyber-attack has immediate consequences and most of these are covered by standard first party cover, for example loss of income during the attack.

What some people don’t consider though, is there are consequences beyond those initially obvious.

This is where third party cover comes into its own, it can cover things like:

  • Public relations management: helping you respond to enquiries when the news breaks and communicating with the press, regulator and the public
  • Ongoing legal expenses: if for example a customer takes legal action against you for their losses as a result of your data breach

Ultimately third party cover will be more expensive, but it will offer more comprehensive protection than first party cover alone.

You will need to weigh up whether it represents good value for your business depending on the amount of data you hold and the level of risk you feel exposed to.

What types of attack are covered?

Types of cyber-attack vary and new ways of accessing data are being created all the time.

A data breach policy can cover any of these attacks:

  • Malware
  • Ransomware
  • Phishing
  • Denial of service
  • Email fraud
  • Other forms of hacking

Do you really need data breach cover?

Cyber-crime has become just as prevalent as real world burglaries, theft and disasters. This means for many businesses that data breach insurance makes just as much sense as contents or building insurance in the 21st century.

New methods of attack are being devised every day by hackers, so it’s important never to assume that your company is safe from cyber attacks.

Cyber criminals also target businesses of all shapes and sizes in any way available to them. This means everyone is at risk, from a start-up to multinational corporations.

This all makes a strong case for protecting your business with the right data breach cover. While you can’t cover every possible concern, you can come very close.

Don’t wait to deal with issues after the damage is done, because that is much harder to do.

How to get data breach insurance that suits you

First, take a look at your business and ask the following questions:

  • How much data do I have in “custody” on any given day?
  • How many stakeholders would be affected if that data becomes compromised?
  • What would the ramifications of a compromise be? Consider the following:
  • Loss of income
  • Legal problems
  • Reputational damage
  • Repair or set up costs
  • Loss of customers
  • Ability to pay salaries

Those questions are a good starting point from which to estimate the level of cover you might need.

You can also use the free Cyber Exposure Calculator from Hiscox to help you estimate the potential impact of a cyber attack on your business.

If you’re worried about the cost of cover then read our guide on How much cyber insurance costs for some tips on how to keep the price down.

You’ll then need to get quotes from several different insurers and compare carefully what cover they offer before you make a final decision.

Data Breach FAQs

It is a confirmed incident where sensitive, confidential, or private data has been accessed or disclosed to unauthorised people.

GDPR classify a data breach as “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed”.

There are lots of measures you can put in place to reduce the risk to your business of having a data breach.

If you are particularly concerned about a potential breach you can also employ an external company to assist you, although this can be quite expensive.

For a detailed look at the measures you can take read our cyber security and data breach prevention guide.

If you deliberately hide a data breach there can be serious repercussions, including fines of up to 10 million euros or 2% of your business turnover, whichever is greatest.

If a data breach is caused intentionally or by negligence, then it may not be covered by your cyber insurance policy.

Yes, data breaches are becoming more and more common and many of the leading companies in the UK have suffered data breaches in recent years, including TalkTalk, Virgin Media, and Dixons Carphone Warehouse.

Martin Lane
Written by Martin Lane, Head of Content
Martin is an experienced writer in the financial services sector previously serving as Managing Editor at money.co.uk with regular guest slots on BBC Radio 4 and featured in the national press.

Cyber insurance buying guide for SME’s




Free for a limited time