top of page

The critical importance of cyber insurance

Nobody likes to think about insurance until they must, but it’s been a key factor in business resilience for many centuries. It remains as important today as it was when it was first used to protect ships and cargo against maritime risks in the 17th century. Over time, insurance developed to protect against the effect of fires, floods and other catastrophes, and has continued to evolve to transfer the financial cost of devastating risks away from businesses.

The rise of cyber-attacks such as Ransomware and the risk of large-scale data breaches has created a new major threat that has the potential to financially and reputationally destroy a business. There can be huge direct costs involved in restoring a network and its data, along with a loss of business during the interruption and the resultant reputational harm. If confidential data has been lost, then a business could be open to legal action from the affected parties and possible regulatory action by the Information Commissioner’s Office (ICO).

It’s important to be aware that traditional insurance policies that protect against physical loss or damage do not cover these risks. For a business to remain resilient to a major risk, it must arrange separate Cyber insurance for protection.

Physical vs digital assets

Most businesses have traditionally focused on the importance of their physical assets – premises, contents, stock, etc and have built operational resilience around these.

The recent pandemic has helped highlight what assets are most important to a business. For many, it became clear just how vital full and unrestricted access to their computer network and its data is to remain operational. Most computer networks will hold customer, employee, financial and other operational information. Loss of use of that data could be an inconvenience for a few days, but a few weeks or even months will have a significant financial impact.

It’s clear that digital assets now have great value and therefore protecting against the risks of a cyber-attack should be a key consideration for any business.

What cyber risks can be insured against?

The focus of most Cyber insurance is to protect against the effects of a cyber hack or malware infection.

There is not a standard form of policy wording in the market. Most insurers give wide, comparable cover, with many offering protection against financial crime such as computer-enabled frauds. It is advisable to be wary of any cover that has been offered free of charge or at a nominal cost as the level of protection may not be sufficient or suitable. It is best not to find out that you are under-insured when you dealing with a major crisis.

Additional benefits of being insured

Most serious cyber-attacks require urgent action to avoid costly business interruption losses and to meet any legal requirements involving data protection law. Unlike traditional insurances, Cyber insurance is designed to respond quickly and operates as a service, not just a means of reimbursing costs or lost business. A policyholder will be able to access a range of experienced cyber professionals including emergency responders, forensic experts, lawyers and public relations firms. This avoids a business having to rely on its own IT advisers where there could be a conflict of interest.

Specialist advice

Berkeley Insurance Group has been advising clients on their cyber risks and overall business resilience for many years. They’re happy to respond to any queries you may have on Cyber insurance and can get quotations for your cover.

If you’d like to learn more, read our latest blog from our affiliate member John Pennick at Berkeley Insurance Group who discusses the importance of cyber insurance.

Ready to make every element of your business cyber safer? Get in touch.


The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the West Midlands is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others.  Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the West Midlands provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.


The Cyber Resilience Centre for the West Midlands does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the West Midlands is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page