We're sorry but your browser is not supported by Marsh.com.au

For the best experience, please upgrade to a supported browser:


Cyber Insurance for Small and Medium-Sized Businesses

Did you know that over 60% of Australian small business do not survive a cyber-attack or data breach?

As cyber-attacks become increasingly more common and sophisticated, make sure your business is protected with cyber insurance.

What is Cyber Insurance?

While technology continues to present new opportunities for many Australian businesses, it also creates cyber risk exposures that you’re business cannot afford to ignore.  Cyber insurance can help protect small and medium businesses (SMEs) from a range of cyber risks, including:

  • 24/7 access to incident response services following an actual or suspected cyber event
  • Ransom payments* and access to specialist ransom negotiators
  • Loss of profit related to business interruption following a cyber-event
  • Costs to repair and restore IT systems and data
  • Public relations, legal and credit monitoring expenses
  • Insurable regulatory fines and penalties related to a cyber-event
  • Cyber-crime cover for events such as social engineering scams and invoice fraud

*where it is legal for insurers to pay a ransom

There is also the option to extend your cyber risk insurance coverage to obtain even further protection around cyber-crime risks, as well as broad property damage, should it be appropriate for your business.

Who needs Cyber Insurance?

If your business undertakes any of the following activities, it is exposed to potential cyber risks and the devastating financial and reputational harm that can often occur as a result.

  • Manages a business website
  • Conducts business online
  • Utilises technology to operate its business - e.g. HR or Accounting Software
  • Electronically stores customer or employee personal information
  • Outsources business IT management to a third party provider
  • Stores business data in the cloud that may cause financial or reputational damage if lost or stolen

A cyber insurance policy is an extremely valuable risk transfer tool for every business. Having cyber insurance cover can help protect your business and minimise any damage or disruption from a cyber-attack.

How much does Cyber Insurance cost?

The price of cyber insurance will vary depending on the size of your business and the particular cyber security risks that your business may have. Marsh has teamed up with CFC Underwriting to provide Australian SMEs with access to competitive rates and extensive insurance coverage. 

To obtain a competitive cyber insurance quote, please contact us. 




Why Marsh?

We are a professional insurance broker, advisor and risk management expert dedicated to helping businesses like yours. Our expert cyber team have extensive experience in cyber security and risk management and can obtain cyber risk insurance quotes from multiple insurers to provide the best advice and recommendations to our clients.

We negotiate competitive premium prices and insurance coverage to deliver value to businesses and help to ensure you have the right level of cover.

In addition to obtaining quotations and placing the policies, Marsh can also assist with claims. We can help to manage, negotiate and settle claims with insurers on your behalf.




What is Cyber Risk?

Cyber risk is any risk that occurs from the unauthorised or incorrect use of technology, resulting in financial loss, disruption or damage to a business’s operation or reputation. It can include malicious cyber-crime, such as ransomware as well as unintended and accidental disclosure or loss of confidential data.

Cyber-attacks are considered one of the greatest risks to small and medium businesses as they can significantly impact business operations. As cyber-attacks are rapidly increasing in frequency and sophistication, SMEs need to ensure they take proactive measures to help manage these risks.


The Top Cyber Risks for SMEs

 To ensure your business doesn’t become a statistic, it is important to understand the top cyber risks that could be a threat to your business. 

Different industries should also be aware of various cyber risk exposures impacting their sector. The Cyber Risk Heatmap, developed by CFC Underwriting, utilises data from over 2,500 SME claims over the past two years and ranks the severity of the various cyber risk exposures that different industries fact. 

The table ranks the severity of different industries’ exposure to business interruption, privacy, and cybercrime and includes a few examples of how these exposures can play out for different types of businesses.

Risk Levels

Some Risk




High Risk



Business Interruption
Moderately high risk
The system of one of your major suppliers goes down, creating a knock-on effect as your're unable to get the materials you need in time or at the same price
Some risk
High risk
You pay a large, seemingly-authentic invoice to a supplier, only to realise that it was a fake and the money is now irretrievable
Some risk High risk
Hackers manage to access personal information, including student health information, and you must notify all parents of the breach

Moderately high risk
A phishing campaign results in compromised employee email accounts which hackers use to reroute tuition payments
High risk 
A cyber event disrupts operations resulting in cancelled appointments, staff overtime and rerouted services

Moderately high risk
PHI is lost or stolen leading to widespread notification, corrective action plans and other regulatory expenses
Medium risk

High risk
Production slows or stops due to problems on your own system or on the systems of your supply chain partners
Some risk High risk
Cybercriminals fraudulently intercept wire transfer payments made between you and your supply chain partners
Professional service firms
Medium risk Medium risk High risk
Hackers gain access to your business email and reroute your clients' invoice payments to fraudulent accounts
Public entities
High risk
Public services come to a halt after a ransomware attack locks down systems and prevents access to key operational information
Moderately high risk
Sensitive information about, residents including names, addresses, birth dates, income status and political party is stolen from you and posten on the dark web
Medium risk
Moderately high risk
Your business loses revenue, and customer loyalty, from an inability to operate in-store or online due to a cyber attack or system downtime
High risk
Your customers' credit card information is stolen and you must pay the costs of notifying, as well as regulatory fines and penalties
Medium risk
Medium risk Moderately high risk
Client data that you're responsivle for protecting gets stolen, and you're held liable
Some risk
Transport & Logistics
High risk
A ransomware attack prevents you from using your trackings systems leading to large delays, lost items and staff overtime costs
Some risk Medium risk

Helpful articles 

Any statements concerning actuarial, tax, accounting, or legal matters are based solely on our experience as insurance brokers and risk consultants and are not to be relied upon as actuarial, accounting, tax, or legal advice, for which you should consult your own professional advisors.

Marsh makes no representation or warranty concerning the application of policy wordings or the financial condition or solvency of insurers or re-insurers. Marsh makes no assurances regarding the availability, cost, or terms of insurance coverage.

Marsh Advantage Insurance Pty Ltd (ABN 31 081 358 303, AFSL 238369) (“MAI”) arrange this insurance and is not the insurer. The Discretionary Trust Arrangement is issued by the Trustee, JLT Group Services Pty Ltd (ABN 26 004 485 214, AFSL 417964) (“JGS”). JGS is part of the Marsh group of companies. Any advice in relation to the Discretionary Trust Arrangement is provided by JLT Risk Solutions Pty Ltd (ABN 69 009 098 864, AFSL 226 827) which is a related entity of MAI. The cover provided by the Discretionary Trust Arrangement is subject to the Trustee’s discretion and/or the relevant policy terms, conditions and exclusions. This website contains general information, does not take into account your individual objectives, financial situation or needs and may not suit your personal circumstances. For full details of the terms, conditions and limitations of the covers and before making any decision about whether to acquire a product, refer to the specific policy wordings and/or Product Disclosure Statements available from Marsh Advantage Insurance on request.