Latest News

Certain types of business insurance are non-negotiable. But with more business conducted online, did you know that there is specific cyber insurance available to you? But how does it work? What does it protect against? What does it cost? And ultimately, should you be looking into it?

We’ve answered all these questions in this article so you can make an informed choice about your next steps.

How does cyber insurance work?

Cyber insurance works in a very similar way to other types of insurance you might be familiar with like property or motor vehicle insurance. In exchange for the payment of an insurance premium, you can be covered from damages arising from cyber-related events.

What does cyber insurance protect against?

Cyber insurance can protect against events that may cause your business financial loss such as:

• The loss of revenue after a cyber attack
• The cost of replacing or recovering damaged or stolen records and data
• Losses arising from the illegal use of stolen intellectual property
• Costs arising from defending legal claims from third parties after a cyber-attack

Similar to any insurance policy, cover will vary from policy to policy. Some may cover the more straightforward losses such as the cost of recovering data but not extend coverage to indirect effects like legal claims from third parties. A detailed understanding of the product disclosure statement (PDS) is needed before making any decision.

Is E&O the same as cyber liability insurance?

Errors and omissions (E&O) insurance differs from cyber liability insurance. It is a broader category of insurance that covers you if and when a genuine error or omission by you or your employees causes financial loss to a third party. In a software context, it might apply to software sold by Company A where for some reason that software fails, which then causes financial loss to the customer, Company B.

In contrast, cyber liability insurance covers consequences that arise after attacks by malicious third-party hackers on a company.

However, because they both cover digital operations and assets, these two types of insurance (E&O and cyber) are often ‘bundled’ together and sold.

Does cyber insurance cover ransomware?

Ransomware is one of the most widely used and known forms of cyber-attack, and cyber insurance generally covers this type of attack and its consequences. However, coverage limits may apply, and insurers might require a business attempting to claim under their insurance to prove that they took ‘reasonable steps’ to ensure the protection of their systems.

What is the cost of cyber insurance?

Costs vary widely depending on business size, turnover and industry.

Industry estimates show that the cost of cyber insurance is increasing steadily as online threats increase. At the same time, policy limits have shrunk. a recent report from Gallagher states that underwriters have attempted to limit exposure by limiting cover, which has led to policy limits only about half as large as those offered in the 2021 renewal cycle.  

Should I get cyber insurance? Is it a good risk mitigation strategy?

As with any insurance, it’s dependent on your personal assessment of cost versus risk. However, data breaches, stolen customer information, loss of access to your systems and business interruptions can have both financial and reputational consequences.

Cyber insurance can help mitigate financial losses and allow you to focus on limiting the reputational consequences from the earliest possible moment. 

What key cyber insurance elements should I look for?

There are many options that have differing levels of suitability depending on the industry you operate in, but elements of cover could include provisions to cover losses arising from:

• Forensic expenses
• Legal defence costs
• Regulatory investigations, fines and penalties
• Rectification costs (e.g. notifying customers, suppliers and third parties)

Are state based attacks covered by cyber insurance?

Generally, no. For example, one of the largest and most respected insurers in the world, Lloyds, is phasing out coverage for acts of cyber warfare or attacks carried out by nation states.

Is cyber insurance mandatory?

No. However, for some industries or professions, it might become mandatory in the future in the same way that medical practitioners must have professional insurance.

Key cyber insurance takeaways

Cyber insurance is going to become more important as more Australian businesses do more online. If you are not sure about whether your business would benefit from cyber insurance or want to have your current cyber security infrastructure audited, CyberUnlocked is a Sydney based, trusted business that would be delighted to help with those needs.