What’s Changing in the Cybersecurity Insurance Market for Australian Businesses?

Cybersecurity insurance, initially designed for large enterprises in the 1990s, has evolved to become a critical need for Small and Medium-sized Businesses (SMBs) in Australia. With the increasing frequency and sophistication of cyberattacks, Australian businesses are recognizing the importance of this insurance to cover the costs associated with data breaches, such as data recovery, system repairs, customer notifications, legal expenses, and even ransomware payments.

The Australian cybersecurity landscape has seen significant changes, impacting the insurance market, such as:

1. Rising Demand: As the global average cost of a data breach reaches around $4.35 million, Australian businesses are increasingly seeking cybersecurity insurance. This growing demand is leading to more policy options and availability, much like traditional business liability insurance.

2. Increasing Premiums: Reflecting global trends, Australian insurers are raising premiums due to the heightened risk and frequency of cyberattacks. In 2021, there was a reported 74% increase in cyber insurance premiums, driven by the rising costs of cyber incident responses.

3. Changing Coverage: Some insurers in Australia are becoming more selective about coverage. Coverage for nation-state attacks and ransomware payments is increasingly scrutinised or excluded, reflecting the global insurance trends. This change is significant given the prevalence of such attacks.

4. Stricter Qualification Criteria: Australian businesses are finding it more challenging to qualify for cybersecurity insurance. Insurers are meticulously evaluating applicants’ cybersecurity practices, including network security, use of multi-factor authentication, device security policies, and employee training. This scrutiny means businesses must demonstrate robust cybersecurity measures to be eligible.

5. Cybersecurity Hygiene as a Prerequisite: Insurers are expecting Australian businesses to maintain high standards of cyber hygiene. Factors like advanced threat protection, automated security processes, and effective backup and recovery strategies are crucial. Businesses may need to undergo a comprehensive cybersecurity review to qualify for insurance or to obtain more favorable premiums.

Navigating Cybersecurity Insurance in Australia:

Australian businesses considering cybersecurity insurance should approach the process with care. The complexity of policies and the detailed nature of application questionnaires require a thorough understanding of both your cybersecurity posture and the insurance requirements. Missteps in the application process can lead to higher premiums or inadequate coverage.

Given these complexities, it’s advisable for Australian businesses to seek expert guidance from their IT provider for a comprehensive report on what is and what is not covered.  This approach not only aids in securing appropriate insurance coverage but also strengthens your overall cyber defenses.