How To Create a Cyber Security Insurance Business Plan

Being cyber aware and needing to protect your business against cyber-attacks is a modern reality. Cyber threats are the fastest growing risks to businesses in this digital world and organisations of all sizes need to prepare themselves.

One way to do this is through cyber insurance cover.

Mitigating cyber risk is so vitally important that it’s now a top agenda item for the Australian Federal Government and ASIC. But small to medium-sized businesses need to take heed too. Cyber risk affects all businesses of any size and industry sector.


What is cybercrime?

Cybercrime is a deliberate act conducted through cyberspace with the intent to manipulate, destruct, deny, degrade or destroy networks or the information in them.

Ransomware is the most reported form of a cyber incident. It’s a type of computer virus that prevents users from accessing their data and then threatens permanent encryption or deletion of that data unless a ransom is paid.

Most ransomware is hidden and spread within Word documents, PDFs and other files commonly sent via email.

Cyber incidents can result in network loss, leading to loss of income plus expenses incurred to maintain business operations, such as payroll. It’s similar to a business being destroyed by fire as it causes major interruption and forces the business to shut down until the issue is resolved.

Cybercrime includes:

  • Computer system attacks
  • Online scams and fraud
  • Cyber-bullying
  • Email spam and phishing
  • Identity theft
  • Offensive and illegal material
  • Online trading issues


Cybercrime is on the increase

According to the Australian Institute of Criminology, in 2019, the national economic impact of cybercrime was $3.5 billion.

Cybercriminals pose one of the highest risks to Australian businesses in the 21st century. Our reliance on technology means the frequency and effects of cybercrime will continue to rise.

However, the uptake of cyber insurance in Australia is worryingly low.

The reality is, businesses are almost certain to experience a cybersecurity incident, such as a data breach or ransomware attack. Without a sound risk management plan and business insurance, an attack could seriously threaten your ability to do business.

Individuals and businesses can report cybercrime through the Australian Cyber Security Center ReportCyber page. ReportCyber has replaced ACORN, the original Australian cybercrime reporting system which was launched in late 2014.


Create a cyber security business plan

The unfortunate truth is that any business, large or small, can experience a cyber breach.

If an unsuspecting employee opens a contaminated email, the virus can potentially spread through your network. With the increase in ransomware, businesses need to ensure they are protected against potential attacks that could ultimately cost them dearly.

To help reduce or prevent cyber attacks in your business:

  • Ensure information is regularly backed up
  • Utilise the latest security technology
  • Have internal procedures in place
  • Include cyber security in your business plan
  • Consider cyber insurance


What is cyber liability insurance?

Cyber liability insurance is designed to protect individuals and companies against internet and technology-based attacks from cybercriminals.

Insurance for cyber security can cover crisis management costs including:

  • Data Liability: the financial cost of loss or misappropriation of customer data
  • Data Recovery: the cost of reinstating, recreating lost data
  • Crisis Management: consultants’ fees for public relations, crisis management
  • Fines: cover for any regulatory investigations and fines for security breaches
  • Business Interruption: covers the loss of profit caused by interruption of networks
  • Privacy Extortion: covers ransom payments


5 reasons why you should invest in insurance for cyber security


1. Your staff rely on computers to get their jobs done

If your business uses any internet-connected devices for work, on or off your network, accessing the internet on computers or smartphones puts your business at risk of cyber threats.

Every company using technology and the internet needs cyber insurance as part of an effective risk management plan.


2. Your company handles and/or stores personal data from clients and customers

Personal information about customers is a valuable commodity for hackers. So, if your business collects information about customers, you’re a target for data breaches and other cybersecurity incidents.

The Privacy Act stipulates businesses are responsible for ensuring the safety of people’s personal information. To protect themselves, businesses should create a risk management plan and invest in cyber insurance.


3. You use cloud services

The cloud is great for file sharing and collaboration, but it can expose your business to a data breach without proper governance and steps towards preventing cyber attacks. If you use the cloud in your business, you should consider cyber insurance.


4. Your business couldn’t financially survive a cyber attack

According to CNBC, in 2019, cyberattacks cost businesses on average $200,000 – enough to cripple a small business.

This doesn’t account for the indirect costs of a cyber-attack which can include:

  • Business interruption or destruction
  • Reputational damage and loss of customer trust
  • Insurance premium increases
  • Lost contract revenue and loss of IP
  • Damage to share price


5. Your existing insurance policies may not cover losses from a cyber attack

Some general business liability policies include cyber liability insurance, but many don’t. If cyber liability isn’t included in your current business insurance, speak to an experienced insurance broker about cyber security insurance options.

Insurance won’t protect businesses from a cyber-attack, but it can protect the businesses finances in the case of a cyber incident. To protect an organisation and valued clients, a comprehensive risk management plan is required.


Learn more about cyber liability insurance

Contact your local Phoenix Insurance Broker today to talk about insurance for cyber security.

Your broker can help with a complete risk mitigation strategy to assist in preventing cyber-attacks – including risk assessment, basic security measures involving cyber security training, efficient backup procedures and data restoration plans. They can also assist with disaster planning, including reputation management, professional indemnity and data breach obligations.


Frequently Asked Questions

What is cyber security insurance?

Cyber security insurance is a type of insurance specifically designed to protect businesses from the financial losses associated with cyber-attacks or data breaches. It covers the costs of investigation, repair and recovery, as well as any legal expenses incurred in cases where negligence can be proven.

Who needs cyber security insurance?

Businesses that rely heavily on technology or store large amounts of customer data should consider getting cyber security insurance to ensure they are protected against unexpected losses due to cyber risks.

Why do you need cyber security insurance?

Having cyber security insurance helps to minimise the financial losses resulting from a cyber-attack or data breach so that businesses can continue operating.

Please contact Phoenix Insurance Brokers Pty Ltd today to discuss your Insurance needs.