Cyber Insurance for Schools and Academies

Section 1: The Cover

Standard Cover

Section Standard Limit of indemnity Standard Deductible
Privacy liability 100% of Limit of indemnity £1,000 up to £2.5m
turnover/£2,500 up to
£10m turnover
Network security liability 100% of Limit of indemnity £1,000 up to £2.5m
turnover/£2,500 up to £10m turnover
Media liability 100% limit of indemnity £1,000 up to £2.5m
turnover/£2,500 up to £10m turnover
Incident response expenses 100% limit of indemnity Nil

Optional Cover

Section Standard Limit of indemnity Standard Deductible
Cyber extortion 100% of Limit of indemnity. Can be
purchased as bundle with Data
Asset Loss and Business
Interruption
£1,000 up to £2.5m
turnover/£2,500 up to £10m turnover
Data asset loss 100% of Limit of indemnity. Can
be purchased as bundle with
Cyber Extortion and Business
Interruption
£1,000 up to £2.5m
turnover/£2,500 up to £10m
turnover if additional cover
purchased.
Business interruption 100% of Limit of indemnity.
Can be purchased as bundle with Data Asset Loss and Cyber
Extortion
premium plus IPT.
12 Hours
Recovery costs 100% limit of indemnity £1,000 up to £2.5m
turnover/£2,500 up to
£10m turnover

Standard Sub Limits

Standard Sub-limits applicable
Consumer redress fund 50% of Limit of indemnity £1,000 up to £2.5m
turnover/£2,500 up to
£10m turnover
Payment card loss 50% of Limit of indemnity *Must
be PCI Compliant*
£1,000 up to £2.5m
turnover/£2,500 up to £10m turnover
Regulatory fines 50% of Limit of indemnity £1,000 up to £2.5m
turnover/£2,500 up to
£10m turnover
Service Provisions
Jurisdiction Worldwide excluding USA / Canada
Territory Worldwide excluding USA / Canada
Retroactive date Inception unless Cyber Insurance
purchased previously

Additional terms, conditions, exclusions and endorsements

Service Provisions
Endorsement Chubb Incident Response Endorsement – Standard
Territory Worldwide excluding USA / Canada
Subjectivities Satisfactory, signed and dated Chubb ERM Underwriting
Statement of Fact

Section 2: Underwriting Statement of Fact to complete

    Yes No
1 Do you the Insured have an up to date antivirus & malware protection in place on all systems & connected devices? If ‘No’, Please see page below for any mitigating controls the insured has in place
2 Do you the Insured have back up for all mission critical systems and files (to a secondary storage environment at least monthly) If 'No' - Please provide information for compensating controls below
3 Do you the Insured implement access control or password protection policies for your network and critical systems? If 'No', Please see below for any mitigating controls you the insured has in place
4 Do you the Insured, or your outsourced service provider, accept payment card transactions? If Yes - Are they compliant to the level of PCI that applies to their company?
5 Within the last 3 years, have you the Insured had any cyber incidents; known cyber events or become aware of any matter that could lead to a claim under a cyber insurance policy? If ‘Yes’, was this a one-off incident that did not result in any financial impact to the organisation (please provide further information if ‘No’)
6 Do you the Insured have a fully implemented staff training program in place for data & privacy protection? If No, please provide information below on how employees are trained or made aware of basic security practices and their role in keeping sensitive information safe
7 Who do you use as your main software and/or network platform where an outage of it would impact on capability to operate fully?      

If you need to add further information for any of the above Questions please download and complete the PDF document

I/we declare that I/we have made a fair presentation of the risk, by disclosing all material matters which I/we know or ought to know or, failing that, by giving the Insurer sufficient information to put a prudent insurer on notice that it needs to make further enquiries in order to reveal material circumstances.

Helpful Definitions:
  1. 'Connected Devices' - electronic device that is connected to a network, such as laptops, notebooks or tablet computers.
  2. Files’ (collection of data &/or information)
  3. Secondary storage environment’ (devices and media that are not constantly accessible by a computer system)
  4. 'Access control' - Ensuring only those who should have access to systems to only have access and at the appropriate level.
  5. 'Password protection' - Allows only those with an authorised password to gain access to certain information.
  6. The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organisations that handle branded credit cards from the major card schemes. Please view https://www.pcisecuritystandards.org/faqs for full information.

Or contact Ruth Humphreys on:
07837 646239
01773 814 400 ext:227
ruth@uk-sas.co.uk

Get a quote

Get a Quote

We've got your staff covered

Get a Quote

GDPR Health Check

GDPR Healthcheck

GDPR Health Check

Get a Health Check

Cover more

Our Policies

Cover for staff up to 75 years of age

Our Policies

School App

Discover SAS Apps

Communicate with the parents at your school via our handy mobile app

Discover SAS Digital

Get the App

Discover SAS Apps

Download the app today and register for our well-being service

Download Apple app Download Android app

Exclusively Education

As we deal exclusively in the education sector we offer a range of insurance products and services that have been specifically designed for schools and academies. These are explored fully on this site, but if you have any questions or queries please feel free to contact us to discuss them further, sales@uk-sas.co.uk or 01773 814400.

Take first steps for best value today