What is Cyber Insurance?
Cyber insurance is designed to help cover certain financial losses a business might incur due to a cyber incident. Any business with computers connected to the internet is vulnerable to cyber risks such as malware and viruses, denial of service attacks and data/privacy breaches.
What Does Cyber Insurance Cover?
If a business suffers an attack, it is likely that costs will be incurred as a result. For example, there are costs involved to obtain advice and support, identify the source and scope of the attack, restore systems, recover the data, and to notify victims of privacy breaches. These are known as first party losses.
A claim under a typical cyber insurance policy may also cover other costs, such as liabilities and losses associated with the cyber incident in question.
The liability and regulatory environment in Australia following recent data breaches, is evolving, with new fines and penalties set to elevate Australia as a global leader in regulatory controls, oversight, and enforcement in this space.
Following a cyber attack, a cyber insurance policy may offer access to an incident response specialist who can help coordinate the steps needed to assist in the recovery from a cyber incident.
This can include:
- Arranging a forensic investigation of computer systems
- Assisting in obtaining legal advice
- Responding to regulators if required (for example if there has been a privacy breach)
- Providing public relations support to help minimise reputational damage
- Advising on costs to secure computer systems against a future cyber attack
It is worth noting not all costs are covered under a cyber insurance policy and cover will be subject to an organisation’s particular policy terms, conditions, and exclusions. For example, salary costs for employees, damage to property other than computer hardware, internet or utility outages, and uninsurable fines are not typically covered under cyber insurance.
How Much Does Cyber Insurance Cost?
The cost of coverage is relative to the threats faced and the cyber security posture an organisation has to face those threats. Just like any other insurance policy, the cost of the policy depends on several factors, such as business size, revenue, number of employees, and the industry the organisation operates in.
More specifically to cyber risks, when calculating premiums for cyber insurance, some factors considered include potential downtime following an attack and the likely revenue impacts to the organisation, the types of data stored, likelihood of human error and the financial implications, and reliance on automation, systems, or data.
As criminal activity continues to gain momentum organisations should focus on securing networks and applying this concept to third and fourth party providers that operate within the same environment. A secure network requires constant vigilance and significant investment, which can all come undone if a trusted vendor doesn’t have the same focus on security.
Best practices suggest organisations should prepare and plan for an incident, however this concept has also evolved and morphed into practicing multiple different scenarios, and indeed should involve a scenario where a critical provider suffers an outage. In addition to a focus on security, it is important to diligently prepare for when security does indeed fail. This should include understanding risk transfer options, including cyber insurance options, and understanding what is available through your cyber insurance policy pre and post incident.
When considering cyber insurance options, it is essential to carefully review the potential cyber risks for your organisation, as well as potential losses that may be suffered following a cyber attack.
 Australian Government, Office of the Australian Information Commissioner, Notifiable Data Breaches Report: July to December 2022, 01st March 2023.
 Mimecast, Ransomware’s Decline Reveals Value of Improved Defenses, March 30, 2023.
 Australian Government, Australian Cyber Security Centre, Cyber Security and Australian Small Businesses, November 2020.