Cyber Liability Insurance

*iSelect’s partnered with BizCover Pty Ltd to compare a range of small business insurers and policies in the market. Not all policies are available at all times or in all areas. Our advice on this website is general in nature and does not consider your situation or needs. Consider if any advice is appropriate for you before acting on it. Learn more.

Written by

iSelect Editorial Team

Compare business insurance the easy way

We've partnered with BizCover to help you compare business insurance policies.*

Compare policies

These days even the smallest businesses need to be online and engaged with the digital world in order to operate. While this new age has opened up fresh opportunities for businesses around the globe, it’s also brought with it significant risks.

This is where cyber liability insurance comes in. A cyber liability insurance policy could help protect you from claims, and support your profitability in the event of a cyber breach or attack. It’s now common that businesses hold some form of customer data, whether it be emails, addresses, financial details, or other personal information. All of this is valuable to hackers who can sell or use this information for fraudulent purposes, so protecting this is often a priority of any relevant business.

In addition, businesses can be severely disrupted by ransomware, so putting in place measures to support your business during a resulting period of business interruption can be an important risk mitigation strategy.

Prior to making a decision on a level of cover, ensure you review the Product Disclosure Statement for details of policy inclusions, limitations and exclusions.

What is cyber liability insurance?

Cyber liability insurance is a type of business insurance product, which protects your business against both the legal costs and expenses (including compensation payments) related to cybercrime incidents. Your coverage may generally include cover for expenses and legal costs relating to the following*:

Data breaches
Theft or loss of client information
Business interruption costs
Forensic investigation
Data recovery
Extortion
Fines and penalties
Crisis management costs (to restore your businesses reputation after an attack or data breach)
Legal costs from any ensuing civil action taken against you or your company

Is cybercrime really a threat to your business?

You may think that your small grocery store, online homewares shop, or one-man IT consulting firm is an unlikely target for cybercrime, but that’s not the case. Here’s some government statistics that give you a good idea of the breadth of cybercrime in Australia:

Cybercrime is costing businesses in Australia an estimated $1 billion a year¹
55% of small to medium sized businesses unknowingly expose themselves to cybersecurity risks through their most common online activities (such as via email and social media)²
Small business is the target of 43% of all cybercimes (According to the Australian Small Business & Family Enterprise Ombudsmen’s “Small Business Best Practice Research Report 2017)²
22% of small businesses that were breached by Ransomware attacks in 2017 were affected to such an extent that they couldn’t continue operating²

In short, few businesses are too small to be targeted. Like many of the other risks which businesses face, cybercrime can never be completely eliminated, only mitigated³. While prevention is a key part of any business’s strategy, ensuring you’re covered in the event of an incident is also important.

cyber insurance australia

A cyber attack can be costly for your business

In the event of a cyber breach or crime, you may find yourself glad you purchased suitable cover, allowing you to get much needed financial support from your insurer.

The Australian Criminal Intelligence Commission (ACIC) website states after conducting a Cyber Security Review, they found that cybercrime is costing the Australian economy up to $1 billion annually in direct costs⁴.

The obvious exposures for your business from a cybercrime incident are claims by affected clients, and potential loss of revenue, as well as damage to core digital infrastructure. However, the secondary risks can include⁴:

Damage to your business’ reputation
Direct loss of customers and business opportunities
Psychological and emotional impacts (both upon your business, staff, and customers)

The extent to which your business is at risk of a cyber-attack further increases with the size of your organisation, its public profile, as well as the amount and kinds of data you’re storing.

What are some further examples of cybercrime?

There are many different ways that an outside entity can perform a cyber attack on your organisation. Below are some examples provided by the ACIC⁴, as well as the Australian Cybercrime Online Reporting Network (ACORN)⁵:

Ransomware: this is a type of malware that usually facilitates extortion. This malware can lock a computer’s content and displays a message requesting the user to pay a ransom in exchange for a decryption key that will supposedly allow the user to regain access to their device
Credential harvesting malware: usually designed to harvest a user’s credentials when logging into a website. The malware is usually delivered to a victim’s computer or device via an email with a malicious attachment. Malware is a general term and refers to specific types, such as viruses, worms, trojan horses, or bots
Denial of service attacks: This kind of attack floods a computer or website with data, causing it to overload and inhibits proper functioning
Email spam and phishing: Phishing is a tactic used by criminals to trick people into giving out their personal or financial information. These kinds of email can come masked as coming from a legitimate business such as a bank or telco provider
Online scam or fraud: These are dishonest schemes seeking to take advantage of unsuspecting people to gain a benefit (such as money or access to data), and can include prize scams, money scams, threats or extortion scams, investments scams, and identity theft

cyber liability insurance australia

Understanding your coverage

Before you sign up for your policy, it’s vital that you understand what you’re covered for. Cyber liability insurance is a relatively new class of insurance product, so policy inclusions and exclusions may differ between providers.

Cyber liability policies can include the following*:

Business interruption costs: a data breach interrupts your normal workflow, requiring you to re-task employees and redirect resources to address the issue. This can negatively impact the completion of core business and therefore on your revenue
Investigation and data recovery costs: Every data breach comes about because of a vulnerability in your system. Discovering this vulnerability will cost money as you engage forensic analysts to help you find where/how hackers got in
Fines and penalties: You may be required to pay a fine in recognition of your inability to adequately protect customer data. These penalties have been strengthened under the Federal Government’s new Notifiable Data Breaches scheme
Extortion costs: The rise in use of speciality software called ransomware that locks legitimate users out of their systems until they pay the person who installed the software is something every business should be aware of⁶
PR and crisis management costs: As a minimum, your business may need to retain the services of a PR firm to help you respond to and control blowback from the data breach. This is often recognised as a necessary part of the process
Claims by affected third parties: compensation claims against you by people who have been affected by a data breach

Looking to purchase cyber liability insurance? Compare with iSelect and BizCover

With iSelect in partnership with BizCover, you can compare cyber liability insurance policies. Get started comparing business insurance policies online today, or call 13 19 20.

*Please note that all insurance is subject to the terms and conditions set out in the policy wording or Product Disclosure Statement. The information set out above is general only and should not be relied upon as advice.

Sources:
1. https://www.smallbusiness.nsw.gov.au/__data/assets/pdf_file/0005/134933/Cyber-Aware-full-report.pdf
2. https://www.asbfeo.gov.au/sites/default/files/documents/ASBFEO-cyber-security-research-report.pdf/
3. https://www.business.vic.gov.au/disputes-disasters-and-succession-planning/how-to-manage-risk-in-your-business/prepare-a-risk-management-plan/
4. https://www.acic.gov.au/about-crime/organised-crime-groups/cybercrime/
5. https://www.cyber.gov.au/threats/
6. https://www.cyber.gov.au/threats/ransomware/

Last updated: 25/07/2019

^As with any insurance, cover is subject to the terms, conditions and exclusions contained in your policy document. The information contained on this webpage is general only and should not be relied upon as advice.

*iSelect’s partnered with BizCover Pty Ltd (ABN 68 127 707 975: AFSL No.501769) to help you compare small business insurance policies. iSelect earns a commission from BizCover for every policy sold through the website or contact centre. iSelect and BizCover do not compare all providers in the market, or all policies offered by all providers. iSelect does not arrange policies from the providers we compare for you directly, but iSelect will refer you to our trusted partner, BizCover Pty Ltd who can.

Any advice provided on this website is of a general nature and does not take into account your objectives, financial situation or needs. You need to consider the appropriateness of any information or general advice iSelect gives you, having regard to your personal situation, before acting on iSelect’s advice or purchasing any policy. You need to consider if the insurance policy is suitable for you. Please read the Financial Services Guide before buying any insurance policy.