Cyber Insurance
Last Update: Nov 10th, 2024.
What is Cyber Insurance?
Organisations domiciled in Europe and the UK with a turnover under €20m are entitled to Cyber Liability Insurance. This cover is underwritten by CFC Europe S.A. and administered by Leader Team Broker. CFC Europe S.A. is authorised and regulated by the Financial Services and Markets Authority (FSMA).
Registered Number: 0711818068
Insurance Coverage
-
A 24-hour helpline is available to report cyber incidents, providing crisis management and incident response up to the total liability limit.
-
Cyber insurance covers up to €1,000,000.
-
Insurance coverage may vary depending on your specific cyber insurance policy.
Important Notes:
Cyber insurance is provided on an opt-in basis for organisations holding a valid Cyber Essentials certificate through CyberSmart’s insurance partner. Enhanced insurance coverage is also available on a non-advised basis.
What is insured?
• Cyber incident response costs to quickly neutralise
or minimise the damage caused by a cyber event
Your losses as a result of:
• Privacy breach notification costs
• Lost, corrupted or inaccessible electronic data
• System damage
• System business interruption
Claims made against you arising out of:
• Invasion of privacy
• Network security liability
• Cyber and privacy liability
• Management liability arising from a cyber attack
• Defamation
• Intellectual property rights infringement
Additional covers
• Insurable fines and penalties
• Court attendance costs
What is not insured?
Circumstances or occurrences known, or ought reasonably to have been known, at the start of your policy
Unsolicited communications
Unlawful surveillance
Liquidated damages, service credits and penalty
clauses
Any claim or part thereof that results in you being
in a better financial position as a direct result of the
wrongful act
Patent infringement
Bodily injury and property damage
Uninsurable fines
Insolvency of you or a of a third party
Wilful or dishonest acts of senior executive officers
War and terrorism
Nuclear reaction or radiation
Theft of funds
Are there any restrictions on cover?
Where more than one claim arises from the same original cause or single source or event, all of those claim will be
deemed to be one claim.
Where the same original cause or single source or event causes a series of system outages, these will be considered one system outage whose total duration is equal to the cumulative duration of each individual outage.
We will not cover any system outage, unless the system outage lasts longer than the time retention specified on your policy schedule.
We will not cover the costs to repair or replace tangible property or hardware, unless repairing or replacing the property or hardware is a more practical and cost effective solution than installing new firmware.
We will not pay more than the limits of liability specified on your policy schedule.
Where am I covered?
Please check your policy schedule for:
Territories in which legal action can be brought against you
Jurisdictions in which your business activities are covered
What are my obligations?
• You must provide all information which may be relevant to the cover in a clear and accessible manner and as accurately and
completely as possible.
• You must notify us of any incident, circumstance or claim in accordance with the conditions detailed in the policy document.
• You must not admit liability for or settle or make or promise any payment or incur any costs and expenses without our prior
written agreement.
• You must maintain all your rights of recovery against any third party and make these available to us where possible.
When and how do I pay?
You must pay the premium no later than 60 days beyond the inception date stated on your policy schedule.
Speak with your insurance broker or adviser for how to pay.
When does the cover start and end?
Your cover starts on the inception date stated on your policy schedule and ends on the expiry date stated on the policy schedule.
How do I cancel the contract?
You may cancel the contract by giving us 30 days’ written notice.
How do I make a claim?
Customers can get in touch via the app, online, email, or phone.
General enquiries or claims
Call us United States: +1 866 949 4177
Canada: +1 866 949 4177
United Kingdom: +44 (0) 845 013 1575
Australia: +44 (0) 845 013 1575
Rest of world: +1 866 949 4177
Email us cyberclaims@cfc.com
Make a claim www.cfc.com/claims
Experiencing a cyber incident now?
Report via app iPhone or Android
Call us United States: +1 844 677 4155
Canada: +1 800 607 1355
United Kingdom: 0800 975 3034
Australia: 1800 803 202
Rest of world: +1 866 949 4177
Claims and incident response
We put speed and simplicity at the heart of our cyber claims and incident response process, so you can get back to focusing on what matters most, your business. Every CFC cyber policyholder can benefit from:
Continuous access to experts 24/7 follow-the-sun support.
Need help with a cyber incident or have question about the claims process? Our cyber security experts, incident responders, and cyber claims adjusters are available to assist you – free of charge – throughout your policy. You can reach them through our Response app, phone, email, and online.
Experienced specialised teams with 25 years’ experience handling cyber incidents
Responding to cyber incidents requires deep technical expertise. Equipped with extensive experience, our in-house teams specialises in handling all types cyber incidents. If needed, we also have the ability to partner with trusted vendors to assist with getting you back online
How it works?
-
Notify. Available 24/7, the fastest way to notify CFC of a cyber incident (urgent or non-urgent) is through our mobile app, Response. Customers can also notify via email, phone or our website.
-
Triage. A technical incident responder from the CFC team will be in touch within 15 minutes* to assess the situation and identify the necessary resources to address the incident. You’ll also hear from your dedicated claims adjuster within 24 hours.
-
Contain. Our in-house team will work with your internal teams to contain and remediate the incident. If required we’ll also engage reputable third-party specialists to help.
-
Recover. We’ll work around the clock to rebuild systems, reconstitute data and get the business back online as soon as possible. Throughout this process your claims adjuster will update you on coverage details and reimbursement ensuring a clear understanding and a smooth resolution.
CFC mobile app for cyber Response
From the moment you take out a CFC cyber policy, our cyber security team works around the clock to protect your business against cyber attacks. If we detect a threat or vulnerability, the app allows us to notify you of cyber threats targeting your business in real time.
Response delivers critical threat alerts and provides instant access to our cyber security team when all other channels are compromised – whether you need to notify us of an incident or have a cyber question.
What security precautions must be maintained?
You are required to install & maintain automatically provided updates from your software provider for critical business software. This process should already be in place, but you should make sure it is maintained to ensure that the insurance remains valid.
What if I already have Cyber Insurance?
You can’t claim on two policies. If you are satisfied your existing policy gives you the cover you require, then you can opt out of the cover that comes with Cyber Essentials. If you have two policies in force at the time of a claim you will need to notify both insurers.
What if my turnover is more than €20m?
Companies with a turnover above €20m are not eligible for the automatic insurance.
Big Cyber Group and Leader Team Broker
Leader Team Broker of Insurance provides cyber and PI insurance in the EU and UK with insurance for their operations (“Insurance”); and WHEREAS, Big Cyber Group Ltd desires to market, promote and increase the demand and sale of its Insurance to persons, corporations or any other entity in EU and the UK, with which Company is not currently engaged, and Company is interested in engaging Finder to provide the Services in order to assist with such activities.
During the Term, each party may have access to certain non-public proprietary, confidential or trade secret information or data of the other party, whether furnished before or after the Effective Date, and regardless of the manner in which it is furnished, which given the totality of the circumstances, a reasonable person or entity should have reason to believe is proprietary, confidential or competitively sensitive (collectively, the “Confidential Information”). The Confidential Information shall be owned solely by the disclosing party. It is hereby agreed that any business contacts introduced by Finder to the Company in connection with
the Services will be considered as Finder’s Confidential Information.
Confidential Information shall exclude any information that: (i) is now or subsequently becomes generally available in the public domain through no fault or breach on the part of receiving party; (ii) the receiving party can demonstrate in its records to have had rightfully in its possession prior to disclosure of the Confidential Information by the disclosing party; (iii) receiving party rightfully obtains from a third party who has the right to transfer or disclose it, without default or breach of this Agreement; or (iv) the receiving party can demonstrate in its records to have independently developed, without breach of this Agreement and/or any use of, or reference to the Confidential Information.
The receiving party agrees that it will take all appropriate steps to protect such Confidential Information from unauthorized disclosure, that it will not disclose such Confidential Information to any third party, and that it will not use any Confidential Information (other than as authorised by this Agreement) without the prior written consent of the disclosing party.
The receiving party’s obligations with respect to Confidential Information shall continue for a period of 5 years from the date of termination of this Agreement. Without derogating from any other remedies available under applicable law or agreement, the receiving party shall be entitled to obtain an injunction restraining any violation, further violation or threatened violation of the covenant set forth in this Section 3.