Apps, ZOOM, instant invoicing and the pressure to adapt to online operations quickly are all on the increase, unfortunately so is cybercrime. Businesses need to take the time now to understand their risk and to focus on risk mitigation and elimination, as well as explore the options for insurance and coverage for when those elimination and mitigation strategies are not enough to foil the criminals in this space.

Technology is transforming the modern business landscape — not only speeding up innovation and productivity but also widening the door to cyber threats. This means that every business, regardless of industry, geography or size, is exposed to cyber risk. And the stakes are escalating: the global cost of cybercrime is estimated at more than $1 trillion[1] and is expected to rise with the growing use of technology and internet-connected devices.

The ever increasing numbers and sophistication of cyber-attacks have led to a shift in the approach to cyber risk management across many Australian businesses. Cyber risks are not restricted to companies with IT departments but companies of all sizes. From owners to store managers and even employees, cyber risk is now a business-wide concern given the potential consequences — lost revenue, response and recovery costs, damage to or loss of intellectual property, business relationships, job security and customer confidence – and requires a cohesive approach both in prevention as well as management through dedicated insurance.

How can cyber insurance assist?

Every company should have a comprehensive cyber risk management strategy, including executive-level governance, appropriate investment in technical controls and effective business continuity procedures, of which cyber insurance should be a core component. An essential financial instrument in the risk management toolbox, cyber insurance is complementary to cybersecurity, not an alternative.

Cyber insurance should ideally be tailored to the unique cyber risk profile of an individual business, which is shaped by the firm’s use of technology in its operations; interactions with vendors, suppliers, customers, and other third parties; and how it collects, handles, stores, and transmits confidential information. Generally, however, most cyber policies will contain a range of basic first and third party coverages, including:

  • Network Business Interruption
  • Data Restoration
  • Event Management/ Breach Response
  • Cyber Extortion
  • Privacy Liability
  • Network Security Liability
  • Privacy Regulatory Defence Costs
  • Media Liability

Cybercrime – some policies also provide an option to include cybercrime cover. This is designed to provide broad protection for a range of third-party electronic crimes involving theft of money and fraud incidents, including phishing scams, social engineering and electronic wire transfer fraud.

Specialist Incident Response – one of the most valuable features of cyber insurance is the direct and immediate access an insured has to specialist vendors, who can provide important assistance in managing and containing a cyber event. Often this specialist knowledge does not exist within an insured’s business and the ability to access these vendors can help reduce the severity and length of a cyber event. Engaging with a specialist can protect a company’s reputation, mitigate legal liability, or isolate and remove malicious code before it causes widespread damage. For high-severity cyber events where the financial impact is significant, cyber insurance is a cost-efficient risk transfer tool that can help companies lessen cyber-attack cash outflows and losses.

Marsh Cyber Services

New technologies present enormous new opportunities for Australian businesses, but also creates exposure to new and potentially catastrophic risks which businesses can no longer afford to ignore.

Cyber risk can be effectively managed through a programme of continuous improvement and vigilance that combines technology with risk transfer. Cyber risks are not technical problems that firewalls and patches (though important) can solve alone. Marsh delivers risk solutions to help you protect your business and enable confident risk-taking. Marsh’s approach to cyber risk management is comprehensive and employs techniques that Understand, Manage and Quantify the unique cyber risks affecting Australian businesses.

For any cyber or general insurance enquiries please contact the ACAPMA Insurance team on 1300 193 297 or email

“Marsh Pty Ltd (ABN 86 004 651 512, AFSL 238983) (“Marsh”) arrange this insurance and is not the insurer. The information contained in this publication provides only a general overview of subjects covered, is not intended to be taken as advice regarding any individual situation and should not be relied upon as such. Insureds should consult their insurance and legal advisors regarding specific coverage issues. All insurance coverage is subject to the terms, conditions, and exclusions of the applicable individual policies. Marsh cannot provide any assurance that insurance can be obtained for any particular client or for any particular risk. LCPA 20/492