Cyber Liability Insurance
Protects your business against the financial and legal fallout of data breaches, ransomware attacks, business email compromise, and cyber-related liability.
Cyber Liability is the dedicated cover for the modern threat profile most Kenyan businesses now face: ransomware, business email compromise (BEC), data breaches, social engineering fraud, and the legal liability that follows when customer or employee data is exposed. Kenya's Data Protection Act, 2019 imposes specific obligations on data controllers — including notification of breaches and potential ODPC penalties — and cyber liability is the product that responds to both the operational fallout and the regulatory consequences.
Vike places cyber cover for tech companies, financial institutions, professional services firms, healthcare providers, retailers, and any business handling customer data or running material operations through IT systems. We pay particular attention to first-party costs (forensics, ransom negotiation, system restoration, business interruption) versus third-party liability (regulatory penalties, customer claims, defence costs) — most claims involve both, and the right cover responds to both sides.
What It Covers
Forensic investigation and incident response costs
Ransomware payment and negotiation (subject to legal and policy constraints)
Data and system restoration costs
Business interruption following a cyber event
Notification costs to affected customers and employees
Credit monitoring services for affected individuals
Regulatory defence costs and fines (where insurable)
Third-party liability for customer claims arising from data breach
Who It's For
Tech companies, SaaS providers, and IT consultancies
Financial institutions — banks, saccos, microfinance, fintechs
E-commerce and online retailers
Healthcare providers handling patient data
Law firms, accountants, and other professional services
Any business with material customer-data holdings or IT-dependent operations
Types We Cover
Each profile is rated and underwritten differently. Talk to us so we can match your specific situation.
SME Cyber Cover
Streamlined cover for businesses with under KES 500M revenue. Standard cyber perils, modest limits (typically KES 10M–50M), simplified underwriting. Often the right entry point.
Mid-Market Cyber Cover
Broader wording with limits KES 50M–250M. More detailed underwriting around IT security controls, backup regime, and incident response readiness. Suitable for established mid-market businesses.
Corporate / Large Cyber Cover
Limits KES 250M+ with bespoke wording, multi-jurisdictional coverage, and dedicated incident response panel. Typically structured through London brokers with regional fronting.
Financial Institution Cyber
Specialised wording for banks, saccos, and fintechs — covering wire transfer fraud, banking system breach, and CBK regulatory implications. Specific carve-outs and warranties around core banking system protections.
Cyber Combined with Crime
Bundles cyber liability with social engineering fraud, funds transfer fraud, and other commercial crime perils. Increasingly the market standard as the distinction between 'cyber' and 'crime' becomes operationally meaningless.
Real-World Scenarios
Ransomware locks operations for a logistics company
Operational systems encrypted; ransom demand USD 200,000. Cyber cover engages negotiators, funds the (legally permitted) ransom, pays forensic investigation, system restoration, and the business interruption for the 11 days the business was offline. Total claim value typically exceeds 10× the ransom amount.
Business Email Compromise — KES 8M wire fraud
An attacker compromises a finance team email account and tricks the accountant into transferring funds to a fraudulent account. Social engineering fraud extension covers the loss (subject to dual-control warranties being met). Many policies excluded this until recently — wording is critical.
Data breach exposes customer records
An e-commerce platform breach exposes 40,000 customer records. Cyber cover funds breach notification, ODPC engagement, credit monitoring for affected customers, and defence of any third-party class action. Regulatory defence costs are increasingly the largest single component of cyber claims.
Optional Benefits & Add-ons
Business interruption following a cyber event
Social engineering and BEC fraud
Reputational damage and PR response costs
Cyber extortion and ransomware negotiation services
Bricking — damage to IT hardware following a cyber attack
Cyber for cloud-only environments
Availability varies by underwriter. Our advisors will confirm what is available on your chosen policy.
Frequently Asked Questions
You May Also Need
Quotes from Kenya's leading underwriters
Ready to get covered?
Our advisors will compare quotes and find the best fit for you — at no extra cost.
Talk to a Cyber Specialist
