Cyber Insurance Australia

Cyber Insurance: Essential Financial Safeguard for Businesses Against Advanced Cyber Threats

Cyber Insurance Australia

Cyber Insurance: Essential Financial Safeguard for Businesses Against Advanced Cyber Threats

Business Insurance

Why Cyber Insurance Matters

Cyber Insurance Australia – It’s not about IF, it’s about WHEN.

Cyber Insurance is now a necessity for all businesses. Cyber attacks are an imminent threat that could strike at any moment. No matter how secure your system, 95% of attacks that make it through are due to human error. The ramifications of a cyber attack could leave your business exposed, as well as your clients personal information which could result in large fines to your business.

Cyber Insurance will provide you with financial reimbursement for the costs incurrect after an attack but also extends as a crucial lifeline by providing you direct access to an elite team of cybersecurity specialists to guide you through, stressfree, getting you back up and running in no time.

Get a Quote


Cyber Insurance can cover the costs incurred after cyber events such as the ones below:

Cyber Extortion

Cyber extortion is a criminal act that entails attacking or threatening your IT systems, while demanding payment to prevent or halt the attack.

Cyber Espionage

Cover for Cyber espionage which is when someone breaks into your computer systems to spy on you, usually for government or criminal reasons.

Denial of Service

This attacks aim to make your computer systems unavailable.

Card Skimming

Card skimming involves installing a skimming device into your IT systems to steal data from payment cards through tampering.



Crimeware is any type of harmful software designed to damage your computer systems.


Hacking of your IT systems can involve different methods like generic hacking, phishing, and malware to steal sensitive information, or redirect you to malicious webpages.


In Australia, every cyber insurance provider provides their policyholders with a dedicated emergency response hotline, specifically designed to address cyber attack incidents. This critical feature of your cyber insurance policy mandates that in the event of a cyber attack, your first course of action should be to immediately contact this hotline. The purpose of this requirement is twofold: to ensure that you receive expert guidance at the crucial initial stages of discovering a cyber incident and to activate the comprehensive support your policy offers for managing the situation. By promptly notifying your insurer, you enable their team of specialists to guide you through the necessary steps to mitigate the attack’s impact, secure your systems, and navigate the complexities of recovery.

Get a Quote


Call the Insurers Emergency Hotline for guidance and assistance to navigate the attack


Work with the insurers forensic and IT teams to secure your network


Out of pocket expenses reimbursed - Claim finalised - Network Secured.

Get a Quote

Frequently Asked Questions About Cyber Insurance

Yes, Cyber Insurance Covers Ransom Payments. However, when a cyber event happens and the insurers emergency forensic team is appointed to guide you through the attack, ransoms may or may not be paid depending on the circumstances of the attack.

Cyber Insurance is Important as it offers businesses critical financial protection, serving as a vital shield against the increasingly sophisticated and frequent cyber attacks commited by cyber criminals.

Cyber Insurance is not mandatory in Australia for businesses or individuals. There are industries that stipulate as part of thir contractual requirements that Cyber Insurance is taken out to mitigate the extent of a cyber insurance attack.

Cyber Insurance can be purchased through an Insurance Broker. Morgan Insurance Brokers assists Businesses and Individuals in Australia that require protection against cyber events.

Yes, IT costs are covered by Cyber Insurance. IT costs could include forensic investigations costs and system and data recovery costs.

Similiar to a business insurance policy, applying for Cyber Insurance Protection, the insurers need an insight into your business and IT operations.

Questions that will be asked will be:

  • Entity to be insured including ABN;
  • Address of your business;
  • How many employees you have;
  • Whether you’re subject to the Privacy Act;
  • Information about your current security procedures;
  • What cover limit you require;
  • What extensions of coveer you’d like to insure for.

Cyber Insurance Costs $1,000 to $2,000 annually for Small to Medium Businesses in Australia.

As a Steadfast Broker, we have access to the largest panel of Cyber Insurance providers in Australia and London.

Insurers include:

Emergence, Chubb, CFC, Nova, and DUAL.

Cyber insurance is a smart choice and worth it for any business active in today’s online world especially as the risk of a cyber attack is so large and the premiums for the protection is so low.

Paying a little for cyber insurance now can save a business from big money troubles later. It’s a smart move for keeping a business safe.

Cyber Insurance can cover the costs of fines and penalties your business is penalised with after a cyber attack.

Short answer, everyone. No business is imune to a cyber attack and the costs associated.

Businesses that are online, such as a e-commerce stores, and businsses that handle personal information have a higher exposure such as the below occupations:

  • Accountants;
  • Mortgage Brokers;
  • Financial Planners;
  • Solicitors;
  • IT Companies;
  • Healthcare Providers;
  • Property Managers.

The Stats, The Costs, The Risk to Business

For detailed statistics and reports, visit the official ACSC website. They offer guidance, resources, and support to mitigate Cyber threats to Australian Businesses and Individuals.

Average Cost of Cyber Crime to Businesses

  • Small business: $46,000
  • Medium business: $97,200
  • Large business: $71,600.

Frequency of Cyber Attacks

In 2024, Australia has witnessed a cybercrime every 7 minutes, predominantly targeting businesses.

The ACSC has reported a 15% increase in cyber incidents, with an estimated 77,600 cases in 2023-2024,

Top Cyber Crimes for Businesses

  • Email compromise
  • Business email compromise fraud (This is where an individual is tricked into sending money or diclosing information – different to phishing attacks where there are malicious links or malware)
  • Online banking fraud.

A Large Exposure To Businesses

Only about 20% of SMEs and 35-70% of larger businesses have standalone cyber insurance.

You Insure Your House For Fire, But Why Not For Cyber?

The 2019-2020 Black Summer Australian Bushfires cost us $6B, but cyber attacks cost Australian Businesses and Individuals $33B annually.

Email and Human Error are the main causes

94% of malware is delivered via email and 95% of cyber breaches result from human error

What is typically not covered?

Cyber insurance policies are designed to mitigate the risks associated with online activities, providing a safety net for businesses against the financial losses from cyber attacks. However, like any insurance product, cyber insurance policies come with exclusions. Listed are the main exclusions, but each policy comes with different terms and conditions and different cover levels.

Public Liability Insurance Broker

Events that occured before the policy started

Public Liability Insurance Broker

An error, fault or flaw in or of your IT infrastructure

Public Liability Insurance Broker

Injuries to your employees (Workers Compensation)

Public Liability Insurance Broker

Natural Perils- Flood, Fire, Storm, Cyclone etc.

Public Liability Insurance Broker

War & Terrorism

Public Liability Insurance Broker

Intentional Acts By You/Your Business

Public Liability Insurance Broker


The Privacy Act and How It Impacts Your Business

What is the Privacy Act?

The Privacy Act 1988 is crucial for protecting individual privacy and regulating how Australian Government agencies and certain organisations handle personal information. The Act also governs the privacy aspects of consumer credit reporting, tax file numbers, and health/medical research. For more detailed information, please visit the OAIC’s official page on the Privacy Act

When You Must Notify of A Data Breach

When unauthorised access, disclosure, or loss of personal information occurs, it constitutes a data breach. If you fall under the Privacy Act 1988,  you must inform both the individuals impacted and the relevant authorities if there’s a high risk of serious harm due to a data breach involving personal information.

Am I Subject to the Privacy Act?

If you are a small business with a turnover less than $3,000,000 than you are not subject to the Privacy Act and do not have to notify.

Businesses such as healthcare providers, residential property managers, finance brokers, and mortgage brokers are subject to the Privacy Act regardless of their turnover as they deal with sensitive personal information.

Business Insurance

What is an example of a cyber insurance claim?

  • Name: Construction Company Pty Ltd
  • Industry: Construction
  • Location: Australia
  • Annual Turnover: $3.5 Million
  • Incident Date: January 15, 2024

The Incident:

On January, 2024, an administration employee of Construction Company Pty Ltd, while performing her daily tasks, received an email that appeared to be from a trusted supplier. As she thought the email was safe, she clicked on a link contained within the message. Unfortunately, the link was malicious and resulted in the company’s computer system being infected with ransomware. The malware quickly spread through the network, encrypting files and effectively locking them out of their system. It was discovered that the hacker had gained access to the company’s email system, compromising personal and sensitive information of their clients.

Actions Taken:

  • The employee immediately reported the incident to the company’s IT department.
  • Construction Company Pty Ltd, having cyber insurance, contacted Morgan Insurance Brokers, their insurance broker, to report the incident.
  • Morgan Insurance Brokers them to provide with the necessary details to contact the insurer’s emergency response hotline.
  • An emergency response team was deployed by the insurer to assist in mitigating the attack, securing the network, and beginning the process of data recovery where possible.
  • Due to the company’s annual turnover exceeding $3 million, they were required to report the data breach to the relevant Australian authorities, in compliance with the Notifiable Data Breaches (NDB) scheme.
  • Ransom negotiations were conducted by cybersecurity professionals, as part of the insurer’s response services, to attempt recovery of the locked systems.
  • An Insurance Claim was lodged, and after the insurer reviewed the claim, a settlement was reached, covering the ransom payment costs related to the breach’s mitigation, legal fees, notification expenses, and business interruption losses.
Business Insurance

How Morgan Insurance Brokers can help

Morgan Insurance Brokers specialises in understanding the unique risks and needs of your business. We can help put together a cyber insurance policy tailored to the specific threats your business faces. This ensures that coverage extends to the risks most relevant to your operations, whether it’s protection against data breaches, ransomware attacks, or business interruption costs.

Get a Quote

What is Socially Engineered Theft?

When it comes to theft, not all crooks are breaking windows or hacking into systems. Some of them are playing a much more cunning game, one where they trick you into handing over your personal details, money, or access to your accounts. This sneaky tactic is known as socially engineered theft, and it’s all about manipulation and deception.

Imagine getting an email that looks like it’s from your bank, asking for your account details to ‘verify your identity.’ Or maybe someone calls you, pretending to be from tech support, saying they need your password to fix an issue on your computer. These scenarios are classic examples of socially engineered theft. The fraudsters don’t need to be tech geniuses; they just need to be good at convincing you to trust them.