Cyber Insurance

Cyber insurance covers the costs associated with a cyber incident, including data breaches, ransomware attacks, business interruption from system outages, and the legal and notification obligations that follow.

Your traditional public liability or professional indemnity policies generally exclude cyber events. That’s why cyber insurance exists as a standalone cover.

Why It Matters

• Under Australia’s Notifiable Data Breaches scheme, businesses that experience a data breach must notify affected individuals and the OAIC. Cyber insurance covers those notification costs.
• Ransomware attacks can shut down your operations for days or weeks. Cyber insurance can cover the business interruption loss.
• Even small businesses hold sensitive data like client emails, payment details, and tax records. A breach can be costly to remediate.
• Legal and forensic investigation costs after a cyber event can add up quickly, often running into tens of thousands of dollars.

Show Transcript

Now, there's sometimes confusion around what cyber insurance actually covers. The thing that I hear often is people get cyber insurance confused or muddled with general liability, thinking that your general liability, public liability is the same as cyber insurance, so I don't need it. Cyber insurance policies will cover gaps that your traditional policies won't cover. Things like data breach response, forensic investigations, ransomware payments, and legal costs. An example here is an accountant losing client tax records in a phishing attack. The PI policy might not respond there, but if they had cyber insurance, this type of policy could respond and cover things like data restoration and notification costs. How to make sure that you're covered? Well, read your policy wording of the current insurance policies that you've got because most of them will exclude cyber insurance. Speak to your insurance broker about a standalone or cyber insurance policy.

What It Typically Covers

• Data breach response - costs of notifying affected individuals, credit monitoring, and PR management.
• Forensic investigation - hiring specialists to find out what happened, how, and what data was compromised.
• Business interruption - loss of income while your systems are down after an attack.
• Ransomware and extortion - costs associated with responding to a ransomware demand (where legally permitted).
• Legal costs - defending regulatory actions or third-party claims arising from the breach.
• Data restoration - recovering or rebuilding lost or corrupted data.

Common Mistakes or Misunderstandings

• Thinking your PL or PI policy covers cyber. Most traditional policies specifically exclude cyber events. Check your policy wording.
• Assuming you’re too small to be a target. Small businesses are often targeted precisely because they have fewer security controls.
• Not understanding notification obligations. If you hold personal data and experience an eligible breach, you’re legally required to notify under the Privacy Act.
• Buying a policy without understanding the exclusions. Some cyber policies exclude social engineering fraud, or require specific security controls to be in place before cover applies.

When to Speak to a Broker

If you hold any client data, use cloud-based systems, process payments, or have employees with email access, it’s worth discussing cyber insurance with a broker. The risk applies to virtually every modern business.

Need help?

Want to understand if cyber insurance is right for your business? Reach out to Tank Insurance and we’ll review your exposure.

Related Terms

• Duty of Disclosure - When applying for cyber insurance, you must disclose your current security practices and any known incidents.
• Insurance Premium - Cyber premiums are influenced by your industry, data volumes, security controls, and claims history.