Any business, be it a large managing agent or a residents management company for a single block, will rely on information technology (IT) infrastructure these days – but for professional managing agents, the risks are especially high.

If your IT equipment or systems fail, are subject to ransomware or viral attack and are breached, then business interruption, income loss, damage management and repair, and reputational damage are all likely.

What’s more, if your company’s IT security is found to have been inadequate when a breach occurs, the penalties can be high.

Cyber security remains a priority with 82% of businesses saying that cyber security is a high priority for their directors or senior managers in the UK’s annual Cyber Security Breaches Survey. Nearly 40% reported breaches, and many have invested in IT to secure remote workers connections.

Under GDPR regulations, which originally came into force across the EU in May 2018, you are required to notify your customers of a cybersecurity breach and could be fined up to 4% of your annual turnover if found to be at fault. Post-Brexit, the GDPR was retained in domestic law as the UK GDPR, but the UK does now have the independence to keep the framework under review. At the time of writing, it still stands.

Cyber liability insurance can cover the losses relating to damage to, or loss of, information from IT systems and networks. The policies we arrange also assist with the management of the incident itself, which can be essential when faced with reputational damage or regulatory enforcement. Being seen to deal with the situation promptly and professionally can be the difference between winning back the trust of your clients and losing it forever.

That’s why, even though existing insurance policies, such as commercial property, business interruption or professional indemnity insurance, may provide some elements of cover against the aftermath of a cyber attack, businesses are increasingly buying specialised cyber insurance policies to supplement their existing insurance arrangements.

Managing agents in particular, are likely to hold a lot of personal and sensitive data concerning their customers. The increasing use of online portals and remote working call for special attention to keep the door shut on hackers who could access sensitive information held about individual customer accounts.

*There is more information about your responsibility for personal and sensitive data at the Information Commissioner’s Office.

Find out more about the cyber liability insurance provided through Deacon.


The sole purpose of this article is to provide guidance on the issues covered. This article is not intended to give legal advice, and, accordingly, it should not be relied upon. It should not be regarded as a comprehensive statement of the law and/or market practice in this area. We make no claims as to the completeness or accuracy of the information contained herein or in the links which were live at the date of publication. You should not act upon (or should refrain from acting upon) information in this publication without first seeking specific legal and/or specialist advice. Arthur J. Gallagher Insurance Brokers Limited (Gallagher) trading as Deacon accepts no liability for any inaccuracy, omission or mistake in this publication, nor will we be responsible for any loss which may be suffered as a result of any person relying on the information contained herein.