What is Cyber Insurance? 

During the 2020-21 financial year, the Australian Cyber Security Centre (ACSC) observed self-reported losses from cybercrime in Australia totalling a staggering $33 billion. Most businesses rely on technology to some extent, which means they’re exposed to increasingly sophisticated cybercriminals. According to the ACSC, an average of 164 cybercrime reports are made by Australians every day – that's about one report every 10 minutes.  

Cyber Insurance covers the physical loss or damage to information, IT systems and networks. It can also cover loss of profits to be business, caused by the introduction of malware, extortion or hacking, as well as management of the incident itself. 

Why is Cyber Insurance important?

Businesses must have guards against hackers and other types of cyber breaches. What’s more, because of stricter data privacy laws, they’re increasingly required to ensure personal information is secure. A breach will be investigated and require costly actions, including contacting hundreds or thousands of customers. There’s also the potential for hefty fines and penalties.

It’s easier to buy an insurance cover that protects your main cyber-related risks of damage to your systems and recovery, rather than trying to find specialist consultants to rebuild systems and keep the business operating. Cyber Insurance policies also generally include significant support with managing the incident, which can be essential when faced with reputational damage or regulatory enforcement.

What does Cyber Insurance cover?

There is a wide range of Cyber Insurance available. While all policies cover liability to third parties for passing on viruses, some also cover damage to your own networks. 

Additional sections that we recommend considering include:

• incident response – specialists to identify the issue and repair
• lost income and additional costs related to the incident
• data recovery and restoration
• consumer notification costs and ongoing monitoring costs
• legal defence costs
• cyber extortion management and fees
• crisis and PR management of the incident
• management of communications with regulators. 

Managing cyber risks to your business

Cyber Insurance is a key part of your management of cyber incidents and attacks. Many resources are available to help minimise the likelihood of a successful attack, including the Australian Cyber Security Centre. 

The top 3 things that you can do easily are:

1. Update your devices to protect information.
2. Set up multi-factor authentication for logging on.
3. Back up your data real-time of at least daily.

Explore your insurance options today. Talk to your professional insurance and risk adviser and get the best cover for you and your risks.

Frequently Asked Questions

What is not covered by Cyber Insurance? 

Like any insurance, not everything is covered by your policy. Some common exclusions include:

• personal injury
• consumer redress funds, unless specifically covered
• loss of money or securities, unless specifically covered
• your intentional conduct or wrongful use of personal information 
• failure to take reasonable care in securing your IT systems

Is Cyber Insurance required in Australia? 

Cyber Insurance can help you to manage your business's financial risks. While it isn’t mandatory in Australia, it is expected that certain businesses have some level of cover in place – including critical industries, care, finances and utilities. Without insurance, you would be forced to pay out of your own pocket for repair, recovery, and remediation costs from a cyber incident or attack.
 

What are the main areas covered under Cyber Insurance?
 
Cyber Insurance typically helps you with expenses spent on five main areas: 

1. Third-party liability
2. Emergency response and business continuity assistance
3. Recovery of your data and IT systems
4. Business interruption due to interference to your systems
5. Loss to you from crime or fraud. 
    

Does Cyber Insurance cover data loss? 

Yes, Cyber Insurance covers your lost information and data, as well as any loss caused to your customers or suppliers if a virus is transferred. It also covers:

• notifying potentially affected customers of a data breach
• employing computer forensic experts to identify and restore data
• repairing damaged computer systems, both hardware and software, to enable the data and systems to operate.

What are the benefits of Cyber Insurance? 

Cyber insurance is a specialist insurance policy that provides cover against cyber incidents or attacks that aren’t covered by other insurance policies, such as professional indemnity, management liability, or business packs. This could potentially leave a gap in cover. A Cyber Insurance policy will pay for legal costs, crisis managers, and payment of credits and refunds to customers.

What is Business Interruption Insurance? 

Business interruption, also known as Loss of Profits or Consequential Loss Insurance, is a special insurance cover. It pays the business owner any fixed overheads and similar business costs following a fire, storm damage or other major events that prevent a business from trading. This insurance starts from the time of the fire until the business is back up and running to where it was before the damage occurred.  

Why is Business Interruption Insurance important?

Starting and running a business always carries risks. The key financial risks can be managed by buying insurance cover like Property Damage, Public and Product Liability, and Burglary. 

For businesses of any size, Business Interruption Insurance is essential to ensure that money continues to be received (from the insurer) to pay fixed expenses – such as lighting, power, bank loans, wages, transport, plus net profit related to a reduction in turnover.   

What does Business Interruption Insurance cover?

Business Interruption Insurance compensates business owners for:

• net profit expected to be earned during the time the business takes to get back up and operating to its pre-loss output
• any fixed expenses (interest on loans, wages etc.), that keep on being incurred, regardless of whether the business is operational or not. 

Variable expenses, like input purchases and delivery costs, would not be covered, as they won’t continue if the business isn’t operational and making goods or products. 

The time period for getting the business back up and running to pre-loss levels (plus any expected growth) may take a few weeks or many months, depending on how badly damaged the business was, the loss of customers, and other factors. Working out the maximum time you need insurance for is important – but 12 months is a good place to start.

Choosing your insurance policy

Key factors to consider when choosing the basis of cover, which will impact your premium, include:

• Indemnity period. How long do you need the cover for? Depending on the situation, how long will it take your business to return to pre-loss trading? 
• Payroll. How much of your payroll do you need to insure and for how long? Insurance companies won’t pay employees to sit at home for six months while the business is being rebuilt, but redundancy payments can be insured.
• Growth. Consider the trends in your business: is it growing rapidly, or is it a mature business?
• Economic cycles. Are there any major seasonal fluctuations or economic cycles?
• Suppliers and customers. Do you need to cover specific customers or suppliers that you rely on. If they couldn’t operate, would it impact your business?
• Additional or increased costs of working. Most businesses spend a lot more money in the short term to try and minimise the impact on their business. For outsourcing a valued customer's work to another business for a short while, or if you own a building that’s fire damaged when your business is located, and you need to rent premises for manufacturing, this will be a new additional cost of the rent.

Frequently Asked Questions 

●    How Is It Calculated?

There are two main ways to purchase this type of insurance:

1. Weekly income or Sales
2. Annual gross profit (being 12 months turnover less variable expenses, also insuring net profit).

Does it cover loss of profits for services firms?

For example, solicitors, investment consultants, and medical or dental practices. As many of these businesses can continue to operate from home or serviced offices, gross profits are generally not insured, only additional or increased working costs.

However, businesses that depend on their specific location, such as dentists or allied health, that have their customers in a specific area may consider Gross Profits Insurance. 
 
In Summary

Storms, natural disasters, and fires are regular occurrences in Australia. Major interruption to business, where there is no income for an extended time, is one of the most significant risks a business will face, regardless of its size or industry. A large percentage of businesses that don’t have Business Interruption Insurance never reopen. It’s difficult to pay employees or mortgage costs, suppliers or even the power bill if there is no sales or revenue. 

In addition, trying to get your business back on its feet can be overwhelming – taking management’s focus away from day-to-day business, as well as placing significant financial strain on you and the business.

We can help you find the best cover to keep your business running as smoothly as possible.