Understanding Cyber Risks to Business

It’s no secret that cybercrime is increasing across Australia, and its risks to businesses are significant. In the Annual Cyber Threat Report 2022, the Australian Cyber Security Centre received over 76,000 cybercrime reports, an increase of nearly 13% from the previous financial year. It’s not just the volume of cyber-attacks increasing, with the University of New South Wales estimating that cyber-attacks cost Australia’s economy about $42 billion a year1.


“The University of New South Wales estimates that cyber-attacks cost Australia’s economy about $42 billion a year.”


With these increases, particularly considering many workers continue to work remotely, cybercrime is regarded as one of the most significant risks to businesses and is growing at the fastest rate.

Cyber insurance is a product that aims to respond to these increasing risks and can generally be divided into two policy types. The first is Cyber Crime Insurance, or a Cyber Crime Policy Extension, which seeks to cover financial losses due to a cybercrime event. This type of policy responds only to the actual financial loss incurred and does not provide cover for associated costs.

The second type of policy is a Cyber Liability and Privacy Protection Insurance policy, which can provide protection for managing the impact of a cyber event or a breach of privacy, which depending on the wording of the policy, could include the cost of recovering data, business interruption costs, fines and penalties and third party costs. The 2022 Optus data breach is a well-publicised example of this type of cyber crime.

The financial response to a cybercrime event can be significant for small and medium-sized businesses, including loss of income, legal fees, and IT expenses. It is worth noting that traditional lines of insurance may not cover cyber risks. Many expressly exclude or limit how they will respond to cyber crimes.

And it’s not only financial risk that cyber insurance can address: reputational damage following a data breach or cyber attack that affects consumers can devastate a business. A data breach or cyber attack can damage a business’s reputation and erode customer trust. Some cyber insurance policies can provide public relations and crisis management support to help businesses respond to a cyber attack and minimise the damage to their reputation.

It is worth noting that in 2018, the Notifiable Data Breaches Scheme came into effect, which made it compulsory for qualifying businesses to notify a cyber breach to all affected parties, as well as the Australian Privacy Commissioner. This legislation applies to all Australian Government agencies, businesses and not-for-profit organisations with an annual turnover of $3 million or more, providers of health services, credit reporting agencies, and TFN recipients, among others.

An additional benefit of cyber insurance is that it can provide risk management support: many policies include this type of support, which can consist of vulnerability assessments and employee training, to help businesses strengthen their defences against cyber criminals in the first place.

It is also worth noting that cyber security is a crucial concern for the federal government, with more than $23 million allocated in the recent federal budget to assist small businesses. A fundamental commitment of the announcement was appointing the Council of Small Business Organisations Australia to roll out the ‘Cyber Wardens’ program, which aims to train 60,000 wardens in small businesses to assist businesses in preventing and mitigating cyber-attacks.

As we remain more connected than ever, cyber insurance is becoming an essential aspect of risk management for Australian businesses as cybercrime continues to rise. Cyber insurance policies can provide financial protection, risk management support, and crisis management assistance to companies in the event of a cyber-attack.

Connect with one of our brokers today to discuss how comprehensive cyber insurance coverage can protect your business from the growing threat of cyber-attacks and secure your financial and reputational future.


  1. Phair, N 2023, ‘Cybercrime an estimated $42 billion cost to Australian economy’. University of New South Wales Media News Room, accessed 29 May 2023, <https://www.unsw.adfa.edu.au/newsroom/news/cybercrime-estimated-42-billion-cost-australian-economy>.



Important notice – Steadfast Group Limited ABN 98 073 659 677 and Steadfast Network Brokers

This article provides information rather than financial product or other advice. The content of this article, including any information contained in it, has been prepared without taking into account your objectives, financial situation or needs. You should consider the appropriateness of the information, taking these matters into account, before you act on any information. In particular, you should review the product disclosure statement for any product that the information relates to it before acquiring the product.

Information is current as at the date the article is written as specified within it but is subject to change. Steadfast Group Ltd and Steadfast Network Brokers make no representation as to the accuracy or completeness of the information. Various third parties have contributed to the production of this content. All information is subject to copyright and may not be reproduced without the prior written consent of Steadfast Group Limited.

More articles

Search our website