Cyber cover: do you need a separate cyber policy?

Well Covered

Insurance should be your last line of defence when it comes to preparing for a cyber attack. In fact, insurers expect businesses to have a number of risk mitigation strategies in place. These strategies can reduce your premium on a cyber policy.

These include up-to-date anti-virus and anti-spam tools and system backups that are regularly tested. Rigid protocols around passwords are also essential. Staff training to ensure employees understand what a cyber attack or threat is and how to prevent one is also essential.

In a recent portfolio analysis conducted by cyber insurance specialist underwriting agency Emergence Insurance, showed FY19 cyber claims frequency was up 29 percent compared with FY18.

Professional, scientific or technical service industries accounted for 20 percent of claims; healthcare and social assistance 14 percent; and financial and insurance services 12 percent.

Insurance, can, however, play a role. “I liken it to the mythical beast from Greek legend called Hydra, a serpent with many heads. That’s what cyber protection is like, because it can come up in lots of different policies,” says Michael White, Steadfast’s broker technical manager. “It is obviously covered in cyber policies, but it can also be covered under business interruption insurance,” he adds.


“Staff training to ensure employees understand what a cyber attack or threat is and how to prevent one is also essential”

Cyber policies can provide cover in the event of a financial loss as a result of a cyber attack, which are common. Attacks of this nature include ransomware attacks, in which a criminal locks a business out of its IT system in exchange for a ransom. Other cyber threats include malware attacks.

This is when a criminal goes into a business’ IT system to store malicious software, for instance a tool to steal customer data or infect the business with a virus. Some sources suggest there are more than 350,000 malware attacks a day.

According to the Australian Competition Consumer Commission (ACCC) in 2018 a total of 3000 small businesses suffered $4.5 million in losses as a result of cyber attacks. Despite this alarming statistic, too few small businesses take out cyber cover.

Cyber policies cover businesses for the cost of responding to a cyber event such as a denial of service attack that results in a firm, or its staff and clients, not being able to access its IT systems.

Cover pays for a technician to resolve the issue, as well as any economic loss the business suffers as a result of the attack, for instance lost sales.It’s also important to understand the elements of an attack for which cyber policies do not provide cover.

Cyber policies can provide protection for a financial loss, but they don’t usually provide cover for a physical loss, White explains.“If someone hacks into a car’s system and causes it to crash, the event would normally be covered under traditional vehicle insurance, rather than by a cyber policy.”

Similarly, if an attack causes the business’s servers to fail, this should be construed as property damage and could be covered under a separate policy to the cyber policy.

As this shows, businesses require a range of different insurances to help ensure they are properly protected in the event they suffer a cyber incident. As such, they are advised to work with an insurance broker so they have the right protections in place should they, like so many other businesses, find themselves under a cyber attack.


Important note – the information provided here is general advice only and has been prepared without taking in account your objectives, financial situation or needs. Steadfast Group Ltd (ABN 98 073 659 677, AFSL 254928)


Important disclaimer – Steadfast Group Limited ABN 98 073 659 677, its subsidiaries and its associates.

The views expressed are those of the author only and do not necessarily reflect those of Steadfast.

This magazine provides information rather than financial product or other advice. The content of this magazine, including any information contained on it, has been prepared without taking into account your objectives, financial situation or needs. You should consider the appropriateness of the information, taking these matters into account, before you act on any information. In particular, you should review the product disclosure statement for any product that the information relates to it before acquiring the product.  

Information is current as at the date articles are written as specified within them but is subject to change. Steadfast, its subsidiaries and its associates make no representation as to the accuracy or completeness of the information. Various third parties, including Know Risk, have contributed to the production of this content. All information is subject to copyright and may not be reproduced without the prior written consent of Steadfast Group Limited.


Like This