Cyber insurance in Cyprus in 2024. A complete guide for Cyprus-based companies.

Cyber insurance in Cyprus

Cyber insurance is an indispensable product for companies that handle sensitive personal data (i.e. credit cards, social security numbers, tax records) and for companies that provide technology services to third parties.

Companies based in Cyprus are often contractually obligated to acquire cyber insurance from a reputable insurer when signing a business deal with a large international company.

Cyber insurance can be expensive, so we wrote this analytical guide to help you understand the coverages and learn ways to save money on your contract.

Table of contents

What is cyber insurance?
Cyber insurance coverages in Cyprus
What does cyber insurance not cover?
Cyber insurance claims
How much cyber insurance do I need?
Affordable cyber insurance in Cyprus
Cyber insurance for small business
Cyber insurance companies in Cyprus
Best cyber insurance in Cyprus
Cyber insurance cost
Cyber Insurance quote

What is cyber insurance?

Cyber insurance, also called cyber liability insurance and cyber security insurance, is a contract designed for businesses to help reduce the financial risks of doing business online.

Cyber liability insurance can cover the costs related to data breaches and cyber attacks on your business.

According to the Digital Security Authority of Cyprus, 46% of Cyprus-based companies experienced a cyber incident last year.

Data breaches

Cyber insurance generally covers your company’s liability for data breaches involving your customer’s sensitive information, such as social security numbers, credit card details, driver’s licence and health records.

Cyber attacks

It also deals with cyber attacks. Examples of cyber attacks involve the following:

DoS and DDoS Attacks
MITM Attacks
Phishing Attacks
Ransomware
Password Attack
SQL Injection Attack
URL Interpretation
Web Attacks

Cyber insurance coverages in Cyprus

Cyber insurance coverages vary, but most insurers have a standard set of offerings.

The following are the most popular insurance coverages provided in Cyprus:

First response coverage
Event management (core coverage)
Privacy and security liability (GDPR Fines)
Cyber extortion (ransomware)
Network interruption
Network interruption (OSP - outsourced service providers)
Digital media
Phishing
Goodwill restoration
Data protection & cyber liability insurance coverage
Telephone hacking

First response

Most companies do not have the resources and know-how to resolve an IT issue, especially a suspected cybersecurity breach.

The first response in a cyber insurance contract gives access to IT professionals and legal response advisors on call to provide emergency support when a breach is detected.

Premium cyber insurance providers in Cyprus cooperate with independent cyber security companies and cyber extortion consultants with expertise in providing first response reservices.

These companies are predominantly located in the UK, Germany and the Netherlands.

These companies will help you bring your company back on track as soon as possible, immediately mitigating any adverse losses.

Specifically, specialised legal advisors will advise on the next steps you need to take and assist with response coordination.

The legal advisors will also assist you in notifying the regulators (GDPR regulators) and your clients.

IT specialists will help determine which systems and terminals have been affected and how the damage can be contained, repaired or restored.

A Personal Relationships Consultant can be appointed within a company for large corporations with extended media exposure to mitigate the initial reputational damage.

In the case of extortion or ransomware (i.e. when a hacker blocks your systems and requires a ransom to restore access), a Cyber Extortion Advisor will be delegated to help you start the negotiations with the hacker.

You can communicate with these companies ²⁴⁄₇. You can even communicate with them for suspected cyber attacks.

Note: deductibles do not apply in premium cyber insurance contracts for the first response expenses.

Event management

The event management cover is activated after the first response tasks are completed.

This is the core coverage of cyber security since it aims to restore your company’s normal function.

This portion of the insurance ensures coordination of events is covered and helps to pay for costs such as IT and PR services, legal fees, data restoration and breach notification costs.

Privacy and security liability

This section covers expenses arising from damages, fines and lawsuits of third parties negatively affected by a cyber attack on your company.

Specifically, this coverage includes:

Payment of GDPR fines
Payment of CySEC fines
Expenses from third-party lawsuits
Investigation costs

GDPR fines

The General Data Protection Regulations (GDPR), introduced by the European Union and adopted by the Cypriot parliament, aim to motivate companies to increase their data security culture. Fines can be as significant as 2% - 4% of a company’s turnover.

Most cyber insurance contracts in Cyprus do not cover GDPR fines.

Our underwriters can cover GDPR fines.

In Cyprus, the legislation does not prohibit insurance companies from paying fines, as is the case in the UK.

Cyber extortion (ransomware)

Businesses are often the target of cyber criminals who use ransomware to encrypt their data and ask for money (fiat and cryptocurrency) to unlock it.

This portion of the insurance helps businesses recover from losses after an extortion threat, including ransom costs and the expenses of specialists (negotiators) who helped to end extortion.

Ransomware is an expensive coverage not included in most cyber insurance policies in Cyprus.

Also, some policies covering ransomware have maximum coverage that usually does not exceed €10,000.

The average ransom requested by hackers in Cyprus in the last five years was €55,000.

Premium cyber insurance contracts always cover ransomware.

Their ransomware limit of coverage is usually 50% of the total insured amount of the contract. For example, if the coverage of the contract is €1 million, the ransomware limit is about €500,000.

Network interruption

This section of a cyber insurance contract covers lost income and mitigation costs when business operations are interrupted or at a halt due to a cyber security issue.

Network interruption can be the result of anything of the following:

OSP Security or System Failure
Network System Failure
Network Security Failure
Voluntary Shutdown

Network interruption is indispensable coverage for online companies (e-commerce, affiliate marketing, drop shipping, social media, online stores).

Cyprus insurance contracts usually have a sub-limit for network interruption. For premium cyber insurance, the sub-limit is >40% of the total insured amount.

Network interruption (OSP - outsourced service providers)

Outsourced service providers (OSPs) provide payment processing, online web hosting, and data storage.

This coverage extends network interruption to include the costs that result from an OSP security or system failure.

Digital media

In today’s technological age, businesses risk engaging in trademark infringement, misinformation presented as facts, and sharing harmful content online.

This portion of a contract covers defence and damages costs associated with negligence related to electronic content or a third-party intellectual property breach.

Phishing

According to the latest study from the University of Cyprus, 35% of cyber attacks involving Cypriot companies are related to phishing.

Phishing (pronounced: fishing) is a cyber attack that attempts to steal your identity or money by asking you for personal information, such as credit card details or passwords, on fraudulent websites that pretend to be legitimate.

Premium cyber insurance contracts provide discounted seminars from independent companies to train your employees after a phishing attack.

Goodwill restoration

Cyber breaches can negatively impact a business’s reputation and customer relationships.

Goodwill restoration helps restore the company’s reputation and provides financial rewards to customers affected by the cyber incident.

Data protection & cyber liability insurance coverage

This portion of the coverage responds to third-party liability claims resulting from network security failures.

Data protection and cyber risk insurance cover defence costs, liability claims, and PCI investigation fines.

Telephone hacking

Online businesses also risk being hacked by phone, not only online.

Criminals target telephone systems to call premium rate numbers, or PBX dial, through fraud.

Cyber security insurance covers the unauthorised use of a business’s telephone system, whether on or off their premises.

What does cyber insurance not cover?

Impersonation (social engineering)

Electronic fund transfer fraud is a form of computer crime. Criminals use details they stole online through data breaches to fraudulently transfer funds from one financial account to another.

Most cyber insurance contracts in Cyprus do not provide this coverage. Impersonation is usually covered under the crime insurance policy.

Professional errors and omissions

These risks are covered by a contract called Professional Indemnity Insurance.

Accidental death, bodily injury and property damage

These types of risks are covered under General Public Liability Insurance.

Hardware

Cyber security insurance typically doesn’t cover property damage. This might prove to be an expensive issue for a business if their hardware is unfixable and they need to purchase new equipment.

Most cyber policies only restore a business’s software to pre-attack versions and not new ones, meaning they have to cover depreciation costs.

Cyber insurance claims

Cyber insurance claims are increasing as the dependence on technology in the business sector increases.

Examples of some of the most common cyber liability insurance claims are listed below.

Data breaches

Data breaches aren’t limited to malicious causes but occur in various ways. As discussed, some breaches are accidental. For example, a business sent an email containing a client’s confidential information to the wrong recipient.

Whether the data breach occurs through an employee error or inadequate online security, both can lead to extortionate costs. Data breaches and breaking data protection laws can result in costly lawsuits.

DDoS attack

Distributed denial of service attack, aka DDoS attack, causes a business website to be suspended, resulting from a deliberate attack to overload a network.

Customers then can’t access the website, and this causes the business to lose income and time. These attacks pose a significant issue for the business.

Unauthorised access

Claims related to unauthorised access arise from a variety of sources. For example, security loopholes can enable hackers to gain unauthorised access to a company’s network.

In another case, an employee managed to access confidential data reserved for the use of management. In any case, any type of unauthorised access puts a business in jeopardy.

Ransomware

The cause of these claims comes down to being held ransom by hackers who use extortion threats.

For example, a malicious link is sent in an email, and an employee clicks on it. This simple mistake caused ransomware software to be installed on the company’s network.

This software then encrypts the company’s financial data, locking it and asking for a “ransom” to access its network. The business accounts are inaccessible until this ransom is paid.

Malware and viruses

Malware and viruses work fast once they enter a computer system and cause havoc. These computer bugs can cause computer screens to freeze and software to shut down completely.

Installing new anti-virus software is important as more robust malware is created annually. Even if one machine is infected, it can cause an entire network to be rendered useless.

Phishing

Malicious software can also be downloaded by visiting unsecured websites, and malicious links can also download harmful software.

Phishing software searches for confidential information once downloaded onto a system. This software can give a cyber criminal access to passwords and private information.

Phishing software is designed to find profitable confidential information easily and efficiently.

Cyber insurance Cyprus

The above examples are some of the most common cyber risks businesses must be aware of.

See our article here to read about the biggest cyber attacks in recent years.

How much cyber insurance do I need?

There is no straightforward answer to this question to solve everybody’s needs. Various factors determine how much cyber insurance you need for your business.

Insurance providers determine how much cyber coverage you need by assessing your company’s level of risk, what policies you require and how much coverage.

They will also examine what cyber security measures you currently have in place, as that will influence your level of risk and what coverage you are likely to need.

Cyber insurance cost

Your cyber liability insurance cost depends on the following factors:

Required Limit of liability.
Your business activities.
The turnover of your company and its subsidiaries.
Your territorial limits, i.e. where your clients are from (if you work with clients from the USA, Canada and the UK, the cost will be higher due to the high litigation costs).
Jurisdiction and Choice of Law. Clients should specify the choice of law (which territory’s law they intend will be used to determine the dispute between the insurance company and the client) and jurisdiction (in which territory they intend any dispute relating to the contract will be heard).
The amount of sensitive personal information you process and store (i.e. payment card information, financial account information, health-related information, employee personal information).
Whether you share client information with third parties.
Whether you outsource IT/Data services to third parties.
Whether you have a Chief Privacy Officer.

Affordable cyber insurance in Cyprus

No matter the size of the operation, we believe in the potential of all companies.

Pitsas Insurances want to enable all businesses a fair chance to acquire cyber insurance by keeping the costs low.

We offer cheap cyber insurance in Cyprus in the following ways:

We can insert large excesses into your policy.
We can remove additional coverages from your policy, such as ransomware, network interruption, and multimedia insurance coverage.

Cheap Cyber Insurance in Cyprus

Pitsas Insurances provides the most comprehensive Cyber Insurance contract in Cyprus.

We are also the largest provider of business insurance contracts in Cyprus and the largest insurer of technology companies.

Cyber insurance for small business

Cyber insurance is a comparatively new product in Cyprus. There isn’t enough data available to accurately calculate premiums for small businesses.

As the largest provider of Cyber Insurance contracts in Cyprus, Pitsas Insurances cooperate with the largest underwriters globally.

We keep the cost of our client’s contracts low through tailor-made coverages.

Furthermore, redundant coverages (e.g. ransomware, network interruption) can be excluded, and we are fairly flexible with deductibles (excesses).

Cyber insurance companies in Cyprus

Pitsas Insurances is the largest provider of cyber insurance contracts in Cyprus and the largest insurer of technology companies.

Cyber Insurance Cyprus

Our company cooperates with the largest international underwriters (Munich RE, Zurich Insurance, Markel Insurance, Swiss RE) and with underwriters available locally in Cyprus.

Due to the large number of cyber insurance contracts we handle and our excellent working relationships with all underwriters, we can bargain the most profitable deals for our clients.

In addition, we provide discounts on the predetermined premiums set by the underwriters.

Best cyber insurance in Cyprus

There is not one best insurance contract, but there is one best suited to you, and we can help you acquire it.

Our experienced insurance consultants can find your business the best cyber insurance to meet your particular needs and budget constraints.

We first aim to understand the minimum number of terms to include in your contract.

We then analyse the requirements set by your clients, partners, regulators, and suppliers.

We then look for your business’s most affordable cyber insurance contract before suggesting optional terms to increase your protection.

We are certain that our cyber insurance contracts have fewer exceptions than any similar contract in Cyprus, and we can offer you the best deals.

Pitsas Insurances cooperate with more international underwriters than any other insurance company in Cyprus, enabling us to find the best cyber insurance deals for you.

Cyber Insurance quote

Pitsas Insurances, operating since 1985, is a leading provider of business insurance contracts in Cyprus.

Furthermore, our company constitutes one of the biggest providers of cyber insurance services to Cypriot, European and international companies.

Among our clients are international software developers, investment and financial corporations, law firms, and shipping and construction companies.

Cyber Insurance Cyprus

We cooperate with all local and international underwriters, enabling us to compare all available cyber insurance policies in Cyprus.

Customers prefer us for our quick and outstanding services and the additional discounts we provide on fixed premiums.

Please see here to view and compare our cyber liability insurance products.

Cyber insurance Cyprus

Speak with one of our insurance experts today for a hassle-free cyber risk insurance quote.

Pitsas Insurances Team