Navigation

Cyber Liability Insurance for SMEs


Get a quote

What is Cyber insurance?

Cyber insurance is designed to protect your business against a wide range of internet-based risks, and risks relating to information technology infrastructure and activities. Although it was largely unheard of 20 years ago, cyber crime has also become more prevalent as we’ve evolved into a digital society.

Why do I need Cyber insurance?

You’ve worked hard to get your business to where it is today, but one successful cyber-attack could be all it takes to cause significant damage to your organisation and reputation. Cyber threats are becoming more sophisticated with advancements in hacking, malware and social engineering techniques.

A security breach could corrupt your business’s critical data, causing financial loss, reputational damage and liability to third parties. Cyber-attacks can be very expensive with the current average cost of an attack on a small to medium sized business estimated at $1.9m.

Now let’s be clear - a cyber incident does not need to involve complex hacking – it can be as simple as having your phone stolen, attaching the wrong file to an email, or clicking on a malicious link in an email.

Cover benefits of Cyber Insurance*

First Party Coverage
First Party Coverage
This provides cover for financial losses suffered by your business as a result of a cyber incident. This can include business interruption (loss of profits, extra expense, subsequent reputational harm and claim preparation costs) from computer system downtime, as well as the cost of regulatory investigations and fines. It may also include cover for payment card breaches (PCI fines), and costs to restore lost data.
Incident Response
A cyber insurance policy gives your business access to an incident manager to help your business recover from an attack. his cover may also pay costs for 1) IT security and forensic services; 2) legal advice; 3) privacy breach management, including notification and identity monitoring; 4) responding to regulatory investigations; and, 5) public relations to help minimise your reputational damage.
Third Party (Liability) Coverage
Cyber insurance may include cover for third party liability, where a client or third party suffers a loss that you or your business held are liable for. This will likely indemnify you against loss from 1) privacy breaches; 2) virus & malware transmission; 3) unauthorised access to your or a third party’s computer system; 4) identity theft; and, 5) media liability.
Crime
Crime Insurance may cover your business against losses from 1) funds transfer fraud; 2) cyber extortion; 3) identity theft against your organisation; and, 4) telephone hacking. If your customers are victims of ‘push payment fraud’ (i.e. they pay money to a party that has impersonated you), they may also be reimbursed.

*Subject to the full terms, conditions, exclusions and limits of the policy. 

What could go wrong?

Frequently Asked Questions

How can a cyber criminal attack my business?

Cyber criminals use malware and viruses, computer and network hacking, denial of service attacks, social engineering and online scams to commit their crimes. For cyber criminals, it can be relatively easy to access computers and networks inadequately protected by virus software or passwords.

Whilst a company can put in place various controls to protect their business, a significant number of cyber incidents are caused by human error. Mistakes such as clicking on a link or opening a malicious email can be enough to allow cyber criminals unlimited access to your data and infrastructure.

Furthermore, small businesses see a higher rate of malicious emails than larger companies. A growing risk for SMEs is funds transfer fraud, i.e. a fraudulent request for an employee to send funds to an incorrect bank account. Depending on the Cyber Insurance policy taken out,such losses may be covered by cyber poilcies.

Whilst many small businesses believe they won’t be targeted, there has been a 434% increase in new breaches to SME businesses since 2017 and companies can be ‘collateral damage’ in larger attacks such as NotPetya or WannaCry.

Cyber incidents covered under cyber insurances are not all outsider attackers, many policies also cover privacy or security breaches from left laptops or mobile devices, programming errors or threats from rogue employees.

 
Doesn’t my Business Insurance include everything I need to be covered for cyber crime?

Business Insurance generally includes two parts – liability cover and damage to property (building and/or contents). For an incident to be covered by a Business Insurance policy, there likely needs to be damage to physical property, for example, a theft claim would have to have led to damaged premises as well as theft. While there is limited cover for damage to hardware, the policy may not cover your data, network infrastructure, or any other losses from a cyber attack.

There may be some coverage for cyber-related losses in other insurance policies, but many cyber losses will only be covered under a dedicated cyber policy. Many insurers are also starting to apply cyber exclusions to non-cyber policies.

How can cyber insurance help?

Cyber insurance can help protect your balance sheet from the costs associated with cyber losses. These can be large, particularly if personal data is breached, you lose data or suffer downtime.

For small businesses, the assistance an incident response team can provide is also of particular benefit. Hiring an incident response provider can be expensive, time-consuming and might not offer the suite of services you would have with an insurer’s incident response panel to tackle the situation head on. 

We are a Not-For-Profit (NFP) organisation, what does cyber mean for me?

As an NFP, your relationship with the community is based on trust. If you’re storing personal or confidential information, have a payment system to accept donations or offer online ticketing, you could be vulnerable to cyber-attacks and privacy breaches, while your donors could be victims of identity theft. If your donors don’t feel they can trust you with their personal information, they’re unlikely to trust you with their money.

Depending on the policy you take out, a  cyber policy can help by:

  1. Providing services to respond to a cyber-attack, privacy breach or identity theft;
  2. For privacy breaches, paying notification costs, credit monitoring services and covering your liability to third parties, including fines imposed by regulators;
  3. Paying costs to restore data lost as a result of a cyber-attack; and,
  4. If your computer systems or a service provider’s computer systems are interrupted, covering your loss of profits and extra expense, and subsequent reputational losses.[1]
What about Business Interruption?

Business Interruption cover is a feature of Cyber Insurance, and provides cover in response to a cyber event or a ‘system failure’.

The term ‘system failure’ means any sudden, unexpected and continuous downtime of your computer systems which renders them incapable of supporting their normal business function and is caused by an application bug, an internal network failure or hardware.

You are also covered for Business Interruption if a supply chain partner of yours experiences a cyber event or system failure.

How much are the fines and penalties for privacy breaches?

The Australian government has announced that it will increase the maximum penalty for misuse of personal information under the Privacy Act 1988 (Cth) to the greatest of:

  1. $10,000,000;
  2. Three times the value of any benefit obtained; and,
  3. 10% of annual domestic turnover.

Furthermore, the Office of the Australian Information Commissioner (OAIC) will be able to impose penalties of up to $63,000 for companies for failure to cooperate with efforts to resolve minor privacy breaches.

Under the General Data Protection Regulation (GDPR), the maximum penalty for a company’s breach of privacy is EUR20,000,000 or 2% of annual global turnover.

What is a funds transfer fund?

Funds transfer fraud can take the following forms:

  1. An unauthorised electronic transfer of funds from your bank;
  2. The theft of money from your bank by electronic means;
  3. The theft of money from your corporate credit cards by electronic means; and,
  4. Any phishing or social engineering attack against any employee or officer that results in the transfer of your funds to an unintended third party.

Cyber Insurance arranged by Aon gives you the option to be covered for fraud transfer fraud (up to a specified limit).

What is push payment fraud?

‘Push payment fraud’ occurs when a third party issues fraudulent electronic communications or uses a website to impersonate you or your products. Under the Cyber Insurance policy arranged by Aon, cover for push payment fraud (up to a specified amount) can be selected as an optional extra . Should you choose this option, you will be covered for the following:

  1. the cost of reimbursing your customers for their financial loss as a result of the fraudulent communications, including fraudulent invoices manipulated to impersonate you; and,
  2. following your discovery of the fraudulent communications, your loss of profits from the fraudulent communications.

*Cover for loss of profits and extra expense is limited to the period that computer systems are interrupted. Cover for subsequent reputational losses are also limited to a fixed period. 

Find the business insurance thats right for you