A Quick Guide to

Cyber insurance in AUSTRALIA

What is cyber protection insurance?

Cyber protection insurance is a relatively new form of cover. It’s designed to help protect your business from the financial impact of computer hacking or a data breach.

The scale and reach of malicious cyber activity affecting Australian public and private sector organisations and individuals is unprecedented.  The rate of compromise is increasing, and the methods used by malicious actors are rapidly evolving.

Former Prime Minister Malcolm Turnbull

Australia’s Cyber Security Strategy Report, 2016

Who should consider insurance?

If your business has a website or electronic records, you’re vulnerable to cyber hackers. In fact, it’s likely that your business will suffer a cyber attack at some stage.

A cyber attack could cost your business more than money. It could also threaten your intellectual property and put customers’ personal information at risk – which could damage your reputation

Did you know?

58% of victims of data breaches are categorized as small businesses.

Verizon 2018 Data Breach Investigations Report, 2018


There were 177,519 scams reported in 2018 with 9.9% having a financial loss of $107,032,111.

Scamwatch statistics

Australian Competition & Consumer Commission, 2018

Among small to medium-sized businesses that have experienced a successful infiltration of the corporate network by ransomware, 22% reported that they had to cease business operations immediately (identical to the global average), and 18 percent lost revenue (higher than the global average).

Second Annual State of Ransomware Report

Survey Results for Australia, Osterman Research, 2017

What insurance should you take out – and what can it cover?

Business insurance packs can offer general protection for a business, which may include cover against:

Type of cover

Potential benefits

First-party losses

Business interruption lossesCovers financial loss you may suffer as a result of a cyber attack.
Cyber extortionThe costs of a cyber attack, such as hiring negotiation experts, covering extortion demands and prevention of future threats
Electronic data replacementThe costs of recovering or replacing your records and other business data.

Third-party losses

Security and privacy liabilityDamages to your reputation resulting from data breaches, such as loss of third-party data held on your system.
Defence costsFunds the legal costs of defending claims.
Regulatory breach liabilityCovers legal expenses and the costs of fines arising from investigation by a government regulator.
Electronic media liabilityThe costs of copyright infringement, defamation claims and misuse of certain types of intellectual property online.

Extra expenses

Crisis management expensesProvides cover for the costs of managing a crisis caused by cyber hackers.
Notification and monitoring expensesThe costs of notifying customers of a security breach and monitoring their credit card details to prevent further attacks.

What usually isn’t covered?

Exclusions and the excess you need to pay can vary greatly depending on your insurer. Policies generally won’t include cover for:

  • Damage to computer hardware.
  • Criminal actions committed by you or your business.
  • A cyber attack based on facts of which you were aware.
  • Criminals using the internet to steal money from you.

There are other exclusions which your insurance broker can outline for you.

Case study

Your employee opens an email attachment infected with a ransomware virus. Access to your systems and data are blocked and the virus software informs you that it will remain unavailable unless you pay the ransom amount. Rather than paying the hacker and opening your business up to further extortion attempts, you hire external IT consultants to recover your back-up data and files and upgrade your antivirus software. Over the week it takes to apply these fixes, you have to close your business, causing you to lose revenue. It also affects your reputation with your clients; one of your clients threatens to sue you for the delay which cost them a large amount of money.

A Cyber Protection Insurance policy allows you to recover some of the costs you incur during this incident. Depending on your policy, you may be able to make a claim for losses caused by the interruption to your business, the costs of recovering your data and upgrading your software, and ongoing crisis management expenses.

Book a FREE Discovery Meeting

If you would like to discuss this or any other product in more detail. Book a no-obligation discovery session with one of our specialists.