09) Does your organisation have cyber insurance?
Business Resilience Cyber Insurance
Written by Haydn Brooks
Created on March 18, 2019
Modified on October 13, 2019

Answer yes if your organisation holds a valid cyber insurance policy. Please provide the certificate of insurance (as a PDF file) as evidence.

A cyber insurance policy, also referred to as cyber risk insurance or cyber liability insurance coverage (CLIC), is primarily designed to help an organisation mitigate risk exposure by offsetting the costs involved with recovery after a cyber-related security breach or similar event.

Most cyber insurance policies also include a bundle of services that help improve the security of the company that holds the policy. These services may include cyber maturity assessments, technical tools, and a cyber incident response and forensic capability.

Research by the USA National Cyber Security Alliance stated that 60% of SME’s that experience a breach subsequently go out of business within 6 months of the attack. Cyber insurance is a method to protect against this and can be invaluable if a breach occurs.

It is important to note that other insurance policies (such as business interruption policies) typically do not include cover for cyber incidents. It is important to check with your insurer or insurance broker that your policy includes cover for disruption from a cyber-attack.

How to implement the control:
Cyber insurance can be purchased from many insurance companies and through insurance brokers. Risk Ledger recommend [Axis Capital](https://www.axiscapital.com/londonmarket/insurance/cyber-cyber-technology/cyber "Axis Capital") as a provider of cyber insurance.

If you would like to contribute to this article or provide feedback, please email knowledge@riskledger.com. Contributors will be recognised on our contributors page.