Cyber Insurance

Get a quote Get a quote Or Call
Or Call 1300 836 028
Mon – Fri 8:30am - 7:00pm AET

What is Cyber Insurance?

Cyber insurance is designed to protect your business against a wide range of internet-based risks, and risks relating to information technology infrastructure and activities. Although it was largely unheard of 20 years ago, cyber crime has also become more prevalent as we’ve evolved into a digital society.

To demonstrate how easily a cyber attack can occur, here is a claim story from an Aon client who fell victim to a cyber attack... 

Why do I need Cyber Insurance?

You’ve worked hard to get your business to where it is today, but one successful cyber-attack could be all it takes to cause significant damage to your organisation and reputation. Cyber threats are becoming more sophisticated with advances in hacking, malware and social engineering techniques. A security breach could corrupt your business’s critical data, causing financial loss, reputational damage and liability to third parties. Cyber-attacks can be very expensive with the current average cost of an attack on a small to medium sized business estimated at $1.9m.

Now let’s be clear - a cyber incident does not need to involve complex hacking – it can be as simple as having your phone stolen, attaching the wrong file to an email, or clicking on a malicious link in an email.

Why Aon?

Cyber Liability Insurance. Easy.

Easy to Understand

  • Easy to digest information about insurances your business needs
  • Experienced, friendly brokers on 1300 836 028

Easy to Buy

  • Quick quotes online
  • Purchase in just a few clicks
  • Pay monthly options available

Easy to Manage

  • Manage your renewals easily
  • Adjust your policy anytime
  • Request certificates of insurance quickly and easily
  • Assistance in complex claims

Why choose Aon for Cyber Insurance?

Aon is committed to making life easier for small and medium business owners with insurance that’s easy to understand, buy and manage. If you’re a small business owner, your job is anything but small, so when it comes to protecting your business with the right cover, it helps to have an expert on your side.

You can compare covers and take out a policy online in just a few clicks. But if you need help, our team of friendly experienced brokers are a phone call away; helping give confidence you’re making a better decision for you and your business.

What does Cyber Insurance typically cover?1

First Party Coverage
This provides cover for financial losses suffered by your business as a result of a cyber incident. This can include business interruption (loss of profits, extra expense, subsequent reputational harm and claim preparation costs) from computer system downtime, as well as the cost of regulatory investigations and fines.2 It may also include cover for payment card breaches (PCI fines), and costs to restore lost data.
Incident Response
A cyber insurance policy gives your business access to an incident manager to help your business recover from an attack. This cover may also pay costs for 1) IT security and forensic services; 2) legal advice; 3) privacy breach management, including notification and identity monitoring; 4) responding to regulatory investigations; and, 5) public relations to help minimise damage to your reputation.1
Third Party (Liability) Coverage
Cyber insurance may include cover for third party liability, where a client or third party suffers a loss that you or your business are held liable for. This coverage seeks to indemnify you against loss from
  • Privacy breaches;
  • Virus & malware transmission;
  • Unauthorised access to your or a third party’s computer system;
  • Identity theft;
  • and, Media liability.1
Crime Insurance may cover your business against losses from
  • funds transfer fraud;
  • cyber extortion;
  • identity theft against your organisation; and,
  • telephone hacking.
If your customers are victims of ‘push payment fraud’ (i.e. they pay money to a party that has impersonated you), they may also be reimbursed.1

Frequently Asked Questions
Here are some questions commonly asked by clients.
How can a cyber criminal attack my business?
Cyber criminals use malware and viruses, computer and network hacking, denial of service attacks, social engineering and online scams to commit their crimes. For cyber criminals, it can be relatively easy to access computers and networks inadequately protected by virus software or passwords.

Whilst a company can put in place various controls to protect their business, a significant number of cyber incidents are caused by human error. Mistakes such as clicking on a link or opening a malicious email can be enough to allow cyber criminals unlimited access to your data and infrastructure. Furthermore, small businesses see a higher rate of malicious emails than larger companies. A growing risk for SMEs is funds transfer fraud, i.e. a fraudulent request for an employee to send funds to a scammer's bank account. Depending on the Cyber Insurance policy taken out,such losses may be covered.

Whilst many small businesses believe they won’t be targeted, there has been a 434% increase in new breaches to SME businesses since 2017 and companies can be ‘collateral damage’ in larger attacks such as NotPetya or WannaCry.

Cyber incidents covered under cyber insurances are not all outsider attackers, since many policies also cover privacy or security breaches from left laptops or mobile devices, programming errors or threats from rogue employees.
Doesn’t my Business Insurance include everything I need to be covered for cyber crime?
Business Insurance generally includes two parts: liability cover and damage to property (building and/or contents). For an incident to be covered under the Property section of a Business Insurance policy, there would likely need to be damage to physical property. So, while there is limited cover for damage to hardware, the policy may not cover your data, network infrastructure, or other losses from a cyber attack. Furthermore, both liability and property covers are likely to have broad exclusions in connection with corruption, deletion, theft or inability to use Electronic Data.

There may be some coverage for cyber-related losses in other insurance policies, but many cyber losses will only be covered under a dedicated cyber policy. Many insurers are also starting to apply cyber exclusions to non-cyber policies.
How can Cyber Insurance help?
Cyber insurance can help protect your balance sheet from the costs associated with cyber losses. These can be large, particularly if personal data is breached, you lose data or suffer downtime. For small businesses, the assistance an incident response team can provide is also of particular benefit. Hiring an incident response provider can be expensive, time-consuming and might not offer the suite of services you would have with an insurer’s incident response panel to tackle the situation head on.
Explore more FAQs
We are a Not-For-Profit (NFP) organisation, what does cyber mean for us?

As an NFP, your relationship with the community is based on trust. If you’re storing personal or confidential information, have a payment system to accept donations or offer online ticketing, you could be vulnerable to cyber-attacks and privacy breaches, while your donors could be victims of identity theft. If your donors don’t feel they can trust you with their personal information, they’re unlikely to trust you with their money.

Subject to the full policy terms, conditions and exclusions, a cyber policy can help by:
  1. Providing services to respond to a cyber-attack, privacy breach or identity theft.
  2. For privacy breaches, paying notification costs, credit monitoring services and covering your liability to third parties, including fines imposed by regulators;
  3. Paying costs to restore data lost as a result of a cyber-attack; and,
  4. If your computer systems or a service provider’s computer systems are interrupted, covering your loss of profits and extra expense, and subsequent reputational losses.1

What about Business Interruption?

Business Interruption cover is a feature of Cyber Insurance, and helps provide cover in response to a cyber event or a ‘system failure’. The term ‘system failure’ means any sudden, unexpected and continuous downtime of your computer systems which renders them incapable of supporting their normal business function and is caused by an application bug, an internal network failure or hardware.

You may also be covered for Business Interruption if a supply chain partner of yours experiences a cyber event or system failure.1

What is funds transfer fraud?

Funds transfer fraud can take the following forms:
  1. An unauthorised electronic transfer of funds from your bank;
  2. The theft of money from your bank by electronic means;
  3. The theft of money from your corporate credit cards by electronic means; and,
  4. Any phishing or social engineering attack against any employee or officer that results in the transfer of your funds to an unintended third party.
Cyber Insurance arranged by Aon gives you the option to be covered for fraud transfer fraud (up to a specified limit).

What is push payment fraud?

‘Push payment fraud’ occurs when a third party issues fraudulent electronic communications or uses a website to impersonate you or your products. Under the Cyber Insurance policy arranged by Aon, cover for push payment fraud (up to a specified amount) can be selected as an optional extra . Should you choose this option, you will have cover for the following:
  1. the cost of reimbursing your customers for their financial loss as a result of the fraudulent communications, including fraudulent invoices manipulated to impersonate you; and,
  2. following your discovery of the fraudulent communications, your loss of profits from the fraudulent communications.1
What’s not covered under Cyber Insurance? 
There are exclusions in Cyber Insurance policies which are important to understand. For example, Cyber Insurance will not cover any criminal activities or deliberate acts of wrongdoing by you. As another example, Cyber policies typically exclude claims arising out of bodily injury or property damage.
Some events may not be covered under Cyber Insurance if they are instead covered under other insurance policies. For example, if a client suffers a financial loss as a result of a service or advice provided by you, they may take legal action against you. Typically, this kind of claim would not be covered under Cyber Insurance but may instead be covered under Professional Indemnity Insurance. 
To put it simply, an event not related to any internet/cyber activities would usually not be covered under a Cyber Insurance policy.
Cyber Insurance can also take many forms depending on your industry and/or broker. For example, some providers offer a ‘Cyber Liability Insurance’ policy which only covers your liability to third parties as a result of a cyber incident but does not cover losses suffered by your business. 


Ways to get in touch

Call 1300 836 028

8:30am - 7:00pm AET
Mon - Fri (except public holidays)

Find your local branch

Coast to country, covered.
Explore Now
1Subject to the full terms, conditions, exclusions and limits of the policy.

2Cover for loss of profits and extra expense is limited to the period that computer systems are interrupted. Cover for subsequent reputational losses are also limited to a fixed period.