Solutions
Customer Support
Resources


When a breach hits, the GC becomes the focal point - for investors, customers, and the board. That premise shaped one of the standout breakout sessions at Juro's Scaleup GC 2026 event, hosted by Capsule Insurance.
It brought together three perspectives you'd want in the room when things go wrong: an in-house GC at an AI company, a leading external cyber counsel, and one of the UK's most experienced cyber underwriters.
The panel opened with two simple questions: who's experienced a cyber breach? Almost every hand in the room went up. Who has a plan in place if it happened tomorrow? Barely one or two.
Here's the 'war room' thinking they shared, and what every scale-up GC needs to know before it's their turn.
Cyber’s the number one risk facing technology businesses today, with the average UK data breach now costing £3.6m, which many businesses never recover from.
AI is accelerating this threat by enabling smarter attacks and making the consequences more severe. Stolen data can now be mined and exploited far more effectively than before, and regulators are already factoring AI into their sanctions decisions as a result.
But it's not all headline-grabbing ransomware. From an underwriting perspective, the majority of claims hitting scale-ups are attritional, covering business email compromises and fund transfer fraud. These are relatively low value, but constant and stressful to deal with.
The catastrophic incidents get loads of attention, but it's the steady stream of smaller incidents that wears teams down.
The strongest advice from the panel was simple. From an in-house perspective, the single most important thing a GC can do is build relationships with their technical team before an incident happens.
Take your technical lead for coffee and understand what they do, what they’re seeing, and how they’d respond. That relationship’s everything when the clock starts ticking.
From a claims perspective, the practical equivalent is a "Break Glass" document. This is where you map your key contacts - outside counsel, lead investors, your cyber insurer's claims team. It sets out what happens in the first 24 hours of a breach, so nobody's scrambling to figure that out mid-crisis. The responsibility sits with the GC, and if no one else is doing it, you definitely need to.
From an external counsel standpoint, the message was the simplest and most important, practice! Run a drill, it’s only a matter of when it happens, not if. No one should face a crisis alone and unprepared.
From Capsule’s work auditing portfolios across 30+ VC funds, 34% of portfolio companies lack cyber insurance entirely. Investors are now waking up to this, and they’re increasingly expecting GCs to own the conversation.
The framing that works with boards is highlighting the existential risk. For a scale-up, a major breach isn’t only a technology problem, it’s potentially company-ending.
Risk registers with clear severity and probability ratings help, but ultimately it’s about having the conversation early, making sure any obligations you take on are proportionate to your actual risk profile, and educating your board about what you’re trying to cover.
You don’t need all the answers, but you do need a plan, the right relationships and the confidence to own the room when it matters most.
Panel hosted by Capsule Insurance at Scaleup GC 2026. Panellists: Kit Lewin (Partnership Director, Capsule), Imogen Armstrong (CLO, Stelia), Tom Draper (MD, Coalition), Laura Brodahl (Of Counsel, Wilson Sonsini).

Kit Lewin is Partnerships Director at Capsule Insurance, the broker built for UK scale-ups. With deep ties to the PE and VC community, he brings a perspective on what investors and boards are demanding from their GCs on cyber and risk management as they scale.