What is Cyber Insurance?
While technology continues to present new opportunities for many Australian businesses, it also creates cyber risk exposures that you’re business cannot afford to ignore. Cyber insurance can help protect small and medium businesses (SMEs) from a range of cyber risks, including:
- 24/7 access to incident response services following an actual or suspected cyber event
- Ransom payments* and access to specialist ransom negotiators
- Loss of profit related to business interruption following a cyber-event
- Costs to repair and restore IT systems and data
- Public relations, legal and credit monitoring expenses
- Insurable regulatory fines and penalties related to a cyber-event
- Cyber-crime cover for events such as social engineering scams and invoice fraud
*where it is legal for insurers to pay a ransom
There is also the option to extend your cyber risk insurance coverage to obtain even further protection around cyber-crime risks, as well as broad property damage, should it be appropriate for your business.
Who needs Cyber Insurance?
If your business undertakes any of the following activities, it is exposed to potential cyber risks and the devastating financial and reputational harm that can often occur as a result.
- Manages a business website
- Conducts business online
- Utilises technology to operate its business - e.g. HR or Accounting Software
- Electronically stores customer or employee personal information
- Outsources business IT management to a third party provider
- Stores business data in the cloud that may cause financial or reputational damage if lost or stolen
A cyber insurance policy is an extremely valuable risk transfer tool for every business. Having cyber insurance cover can help protect your business and minimise any damage or disruption from a cyber-attack.
How much does Cyber Insurance cost?
The price of cyber insurance will vary depending on the size of your business and the particular cyber security risks that your business may have. Marsh has teamed up with CFC Underwriting to provide Australian SMEs with access to competitive rates and extensive insurance coverage.
To obtain a competitive cyber insurance quote, please contact us.
Why Marsh?
We are a professional insurance broker, advisor and risk management expert dedicated to helping businesses like yours. Our expert cyber team have extensive experience in cyber security and risk management and can obtain cyber risk insurance quotes from multiple insurers to provide the best advice and recommendations to our clients.
We negotiate competitive premium prices and insurance coverage to deliver value to businesses and help to ensure you have the right level of cover.
In addition to obtaining quotations and placing the policies, Marsh can also assist with claims. We can help to manage, negotiate and settle claims with insurers on your behalf.

What is Cyber Risk?
Cyber risk is any risk that occurs from the unauthorised or incorrect use of technology, resulting in financial loss, disruption or damage to a business’s operation or reputation. It can include malicious cyber-crime, such as ransomware as well as unintended and accidental disclosure or loss of confidential data.
Cyber-attacks are considered one of the greatest risks to small and medium businesses as they can significantly impact business operations. As cyber-attacks are rapidly increasing in frequency and sophistication, SMEs need to ensure they take proactive measures to help manage these risks.
The Top Cyber Risks for SMEs
To ensure your business doesn’t become a statistic, it is important to understand the top cyber risks that could be a threat to your business.
Different industries should also be aware of various cyber risk exposures impacting their sector. The Cyber Risk Heatmap, developed by CFC Underwriting, utilises data from over 2,500 SME claims over the past two years and ranks the severity of the various cyber risk exposures that different industries fact.
The table ranks the severity of different industries’ exposure to business interruption, privacy, and cybercrime and includes a few examples of how these exposures can play out for different types of businesses.
Risk Levels
Some Risk |
|
|
|
High Risk |
Exposures
|
Business Interruption |
Privacy |
Crime |
Construction |
Moderately high risk The system of one of your major suppliers goes down, creating a knock-on effect as your're unable to get the materials you need in time or at the same price |
Some risk | High risk You pay a large, seemingly-authentic invoice to a supplier, only to realise that it was a fake and the money is now irretrievable |
Education |
Some risk | High risk Hackers manage to access personal information, including student health information, and you must notify all parents of the breach |
Moderately high risk A phishing campaign results in compromised employee email accounts which hackers use to reroute tuition payments |
Healthcare |
High risk A cyber event disrupts operations resulting in cancelled appointments, staff overtime and rerouted services |
Moderately high risk PHI is lost or stolen leading to widespread notification, corrective action plans and other regulatory expenses |
Medium risk |
Manufacturers |
High risk Production slows or stops due to problems on your own system or on the systems of your supply chain partners |
Some risk | High risk Cybercriminals fraudulently intercept wire transfer payments made between you and your supply chain partners |
Professional service firms |
Medium risk | Medium risk | High risk Hackers gain access to your business email and reroute your clients' invoice payments to fraudulent accounts |
Public entities |
High risk Public services come to a halt after a ransomware attack locks down systems and prevents access to key operational information |
Moderately high risk Sensitive information about, residents including names, addresses, birth dates, income status and political party is stolen from you and posten on the dark web |
Medium risk |
Retail |
Moderately high risk Your business loses revenue, and customer loyalty, from an inability to operate in-store or online due to a cyber attack or system downtime |
High risk Your customers' credit card information is stolen and you must pay the costs of notifying, as well as regulatory fines and penalties |
Medium risk |
Technology |
Medium risk | Moderately high risk Client data that you're responsivle for protecting gets stolen, and you're held liable |
Some risk |
Transport & Logistics |
High risk A ransomware attack prevents you from using your trackings systems leading to large delays, lost items and staff overtime costs |
Some risk | Medium risk |
Helpful articles
Any statements concerning actuarial, tax, accounting, or legal matters are based solely on our experience as insurance brokers and risk consultants and are not to be relied upon as actuarial, accounting, tax, or legal advice, for which you should consult your own professional advisors.
Marsh makes no representation or warranty concerning the application of policy wordings or the financial condition or solvency of insurers or re-insurers. Marsh makes no assurances regarding the availability, cost, or terms of insurance coverage.