Cyber Liability insurance has been available for more than 20 years now, and much of the social housing sector has been insuring against cyber risks for many years.
Cyber Insurance

In the beginning this cover was seen as additional protection to your organisation for a potentially low risk event. However, with cyber criminals becoming far more sophisticated over time, we are now seeing a significant increase in the frequency and severity of these losses and Cyber Liability has become an integral part of many Housing Associations insurance programmes.

What are the Risks?

Based on losses experienced by our clients, cyber breaches aren’t always as a result of being hacked, human error plays a big part and is often the cause of a data breach. In our experience, with more of us working from home or in temporary locations, it is not surprising that the severity of cyber losses in the Social Housing sector has considerably increased in the last 18 months, with insurers seeing and handling multiple claims in excess of £1,000,000.

Case Study – based on significant claim we have handled

  • 5,000 resident’s personal data leaked.
  • 500 residents bring a claim against you.
  • Each claimant awarded £3,292 payment for damages. Claim total = £1,646,000
  • In addition to the award costs there are also Breach Response Costs, Legal Defence Costs, ICO (Information Commissioners Office) Reporting Costs.

The Cyber Insurance market has also seen an increase in ransomware losses over the last 24 months, with 70% of all cyber claims now arising from ransom attacks, and 75% of these losses were as a result of limited or poor risk controls. Average claim costs are increasing, forensic and specialist costs are growing, and ransoms demands are on the rise1.

The losses experienced by insurers are likely driving increases in premiums, reduction in appetite from the market, and lower limits of cover being provided. Many insurers are also demanding more risk management tools, whilst many only offer cover if you have Multi Factor Authentication (MFA) in place for all remote and virtual system access.

What is a Multi Factor Authentication?

MFA adds additional protection to the sign-in process, making it more difficult for hackers to impersonate your employees. Our Head of Cyber Risk Management, Johnty Mongan, explains more about MFA and its importance in a recent article.

The significance of the losses incurred have undoubtedly had a negative effect on the insurance market; and as a result, we would recommend the following steps to help your business and data stay safe:

  1. Multi-Factor Authentication
  2. IP Blacklisting
  3. IPS/IDS
  4. Penetration Testing
  5. Vulnerability Scanning

If you would like to know more about cyber risk management and discuss how to help protect your business, why not request a 30 minute cyber risk management consultation? To find out more please speak to your usual Gallagher representative.


The sole purpose of this article is to provide guidance on the issues covered. This article is not intended to give legal advice, and, accordingly, it should not be relied upon. It should not be regarded as a comprehensive statement of the law and/or market practice in this area. We make no claims as to the completeness or accuracy of the information contained herein or in the links which were live at the date of publication. You should not act upon (or should refrain from acting upon) information in this publication without first seeking specific legal and/or specialist advice. Arthur J. Gallagher Insurance Brokers Limited accepts no liability for any inaccuracy, omission or mistake in this publication, nor will we be responsible for any loss which may be suffered as a result of any person relying on the information contained herein.