What is cyber liability insurance and how does it work?
Cyber insurance is a form of business insurance that can financially protect businesses in the event of a cyber attack. Cover usually includes:
First-party coverage for loss or damage that directly affects you or your business (e.g. loss of income from system downtime).
Third-party coverage for claims made against your business by someone that has been negatively affected by a cyber issue (e.g. legal and compensation costs following a data breach).
Incident response costs or management to help you quickly recover from an attack.
Cyber liability insurance in Australia provides you with both a safety net to minimise your out-of-pocket expenses when dealing with a cyber attack and access to a team of experts so you can focus on running your business.
Expert insight: Why every business needs cyber liability insurance
"A cyber crisis can damage a business in more ways than one. Think about how it can fracture your relationships with stakeholders and your reputation. It's a real nightmare. We also know that for businesses, a cyber crisis is not a matter of if, but when. Choosing the right cyber liability insurance is essential for any business in today's landscape."
Business interruption. Losses suffered by your business following an attack.
Electronic theft. Transfer of funds or property due to fraudulent input of data into a computer system or on the faith of fraudulent communication.
Electronic threat loss. This includes the cost of a negotiator or ransom payment.
Crisis expenses. Covers expenses incurred from incident management and public relations consultants following a loss.
Reward expenses. May include cost of paying an informant.
Disclosure liability. Claims from third parties following system security failure that result in unauthorised access to sensitive information.
Defence costs. Provides cover for costs that may be incurred defending claims.
Not Covered
Anti-competitive behaviour. Any false, deceptive or unfair trade practices advertising.
Security upgrades. Costs to improve your technology systems following a cyber attack.
Property damage. Any damage to physical property, including hardware.
Infrastructure failure. An outage or disruption of a power supply due to a physical event such as a fire, storm or earthquake.
Intellectual property. Loss of value due to theft of your intellectual property.
Make sure you read the PDS
2022 Finder research shows that 23% of Australians can't be bothered reading the product disclosure statement. It may be boring but it's worth it in the long run.
Is cyber Cyber insurance compulsory in Australia?
Cyber insurance in Australia is not compulsory.
But compulsory or not, falling victim to a cyber attack is a very real possibility. Australian Cyber Security Centre data shows that approximately one cybercrime report is made every eight minutes here in Australia alone.
The damage to your business’s income and reputation is not the only financial consequences that are at risk. If you are seen to be negligent in how you protect customers’ data and even in how you respond to a cyber attack, you may also be up for penalties reaching into the millions.
Optus’ September 2022 cyber attack – and Medibank's in October 2022 – are just 2 examples of how much of an impact cybercrimes have on Australians, and the industry is expected to tighten privacy and security laws in the future.
Sure, you might not be as big as Optus, but no matter the size of your business, here are some real risks to consider:
Data breaches, for example, your customers' information.
Fraud and theft, for example, getting your online store hacked.
Business interruptions such as your website getting taken down.
Traditional business insurance may fail to cover these risks or take longer to process.
60% of these are unable to recover within six months.
How can I compare cyber insurance?
When comparing cyber liability insurance policies, make sure to take the following factors into consideration:
Identify the risks your business faces. The biggest risk for one business might be completely different to the biggest risk for the next. Make sure the problems your business could face are covered under your policy.
What sort of cover do you already have? Some of the insurance you already have in place may provide some coverage for cyber risks. Speak to an insurance expert to understand how your business is placed.
Get the right level of cover. Cyber liability is not a "one size fits all" type of cover. Determine if the amount you're insured for will be enough to cover the costs you'll incur in the event of a data breach and assess whether some of the tailored options will be necessary.
Know what's excluded. Knowing what is and isn't covered on any insurance policy is always essential. Check your insurer's list of exclusions to prevent any nasty surprises at some stage in the future.
What about third-party negligence? If, like many businesses, you outsource tasks like data processing or storage to a third party, check whether negligence from that third-party will be covered by your insurance provider.
Talk to a broker about cyber liability insurance
Frequently asked questions
Depending on what’s lost, the cost of data breach or loss might include:
The value of the data itself. If data is corrupted, becomes unusable or is held for ransom, the cost might be the ransom paid, the business lost or other value in the data itself.
Potential liability costs. Businesses are often required to take appropriate steps to secure confidential customer information. A failure to do so may lead to lawsuits or penalties.
Indemnity costs. If data theft, loss or corruption leads to an inability to carry out your contracted job, you could be liable for related indemnity costs.
It’s important to note that stolen data can’t be returned the way physical goods can. Once it’s out there, you can only assume that it’s been replicated and that anyone might have access to it. In such circumstances, you might have no choice but to take drastic and expensive steps.
Yes. However, it depends on the type of breach or loss, the type of insurance and your situation. There are three main types of business insurance, each of which might cover a different situation.
This is the type of cover that might pay for a burned building, storm damage, or the destruction of data. Some policies might exclude cover for the loss of digital or electronic data, while others might offer it as an optional extra for a specific sum insured, and some might include it automatically. It can be worth checking how a business insurance policy covers data.
This type of cover protects your business against claims for loss or damage arising from the provision of your professional services. For example, if you collect confidential customer information that is hacked and used to commit identity theft and the customers sue you for the costs. You might find "cyber cover" excluded, offered as an optional extension or as an automatic inclusion depending on the policy.
This can cover you against unintentional loss caused to others, potentially including invasion of privacy, libel, slander, blackmail and other types of non-physical loss that may result from data theft. It's similar, but not identical, to professional indemnity insurance. The exact cover may vary between policies, and you'll often find exclusions for computer viruses and other "preventable" breaches.
Some insurers may offer cyber insurance bundled with other types of business insurance, while others may only have it available as a standalone option. Make sure to review your policy documents to ensure you’re covered for everything you might need.
The unfortunate truth is that 100% system security is impossible. If the day comes that your system has been compromised you’ll probably want to:
Be able to show that you’ve taken all appropriate precautions against hacking in order to protect yourself from penalties and lawsuits.
If you lack the technical expertise to ensure your system security, it’s a good idea to consult an expert. If you’re uncertain about your legal obligations to avoid liability, it’s wise to consult legal counsel.
In order to determine your eligibility, some cyber liability insurers will carry out a cyber insurance risk assessment. This could be in the form of an online questionnaire or a detailed analysis conducted over several weeks. As a minimum, policyholders will need to meet basic IT security standards to qualify for cyber insurance. This can include up-to-date antivirus software and a regular backup of business data.
Industries where cyber liability cover might be considered include:
Healthcare/medical
Financial Services
Retail/wholesale
Manufacturing
Real estate
Construction
Telecommunications or internet services
Travel sector
Education
Law firms
Insurance brokers
Telemarketing
Cyber liability insurance is just one piece of the puzzle when it comes to mitigating risk. Preventative methods should be your first step, but even with all the preparation in the world, it’s still possible for businesses to fall victim to a cyber attack. Cyber insurance mitigates risk by helping to cover the cost for your business to recover from an attack.
Was this content helpful to you?
Thank you for your feedback!
To make sure you get accurate and helpful information, this guide has been edited by Joelle Grubb as part of our fact-checking process.
Gary Ross Hunter was an editor at Finder, specialising in insurance. He’s been writing about life, travel, home, car, pet and health insurance for over 6 years and regularly appears as an insurance expert in publications including The Sydney Morning Herald, The Guardian and news.com.au. Gary holds a Kaplan Tier 2 General Advice General Insurance certification which meets the requirements of ASIC Regulatory Guide 146 (RG146). See full bio
Gary Ross's expertise
Gary Ross has written 647 Finder guides across topics including:
Liability insurance is a broad term that describes a few types of business insurance cover. The type you need will depend on the nature of your business.
How likely would you be to recommend Finder to a friend or colleague?
0
1
2
3
4
5
6
7
8
9
10
Very UnlikelyExtremely Likely
Required
Thank you for your feedback.
Our goal is to create the best possible product, and your thoughts, ideas and suggestions play a major role in helping us identify opportunities to improve.
Important information about this website
Finder makes money from featured partners, but editorial opinions are our own.
Finder is one of Australia's leading comparison websites. We are committed to our readers and stand by our editorial principles
We try to take an open and transparent approach and provide a broad-based comparison service. However, you should be aware that while we are an independently owned service, our comparison service does not include all providers or all products available in the market.
Some product issuers may provide products or offer services through multiple brands, associated companies or different labeling arrangements. This can make it difficult for consumers to compare alternatives or identify the companies behind the products. However, we aim to provide information to enable consumers to understand these issues.
We make money by featuring products on our site. Compensation received from the providers featured on our site can influence which products we write about as well as where and how products appear on our page, but the order or placement of these products does not influence our assessment or opinions of them, nor is it an endorsement or recommendation for them.
Products marked as 'Top Pick', 'Promoted' or 'Advertisement' are prominently displayed either as a result of a commercial advertising arrangement or to highlight a particular product, provider or feature. Finder may receive remuneration from the Provider if you click on the related link, purchase or enquire about the product. Finder's decision to show a 'promoted' product is neither a recommendation that the product is appropriate for you nor an indication that the product is the best in its category. We encourage you to use the tools and information we provide to compare your options.
Where our site links to particular products or displays 'Go to site' buttons, we may receive a commission, referral fee or payment when you click on those buttons or apply for a product.
When products are grouped in a table or list, the order in which they are initially sorted may be influenced by a range of factors including price, fees and discounts; commercial partnerships; product features; and brand popularity. We provide tools so you can sort and filter these lists to highlight features that matter to you.
Please read our website terms of use and privacy policy for more information about our services and our approach to privacy.
We update our data regularly, but information can change between updates. Confirm details with the provider you're interested in before making a decision.