The cost of a cyber attack & how Cyber Insurance can protect you

What is the cyber risk to small and medium business?

Over the 2020–21 financial year, over 67,500 cybercrime incidents were reported to the Australia Centre for Cyber Security (ACSC). This is an increase of nearly 13 per cent from the previous financial year, and equates to one cyber attack every 8 minutes compared to one every 10 minutes last financial year.

Cyber-attacks are an extremely lucrative form of criminal activity, which is fueling a dramatic increase in the number of attacks on Australian businesses of all sizes.

  • 43% of reported data breaches involve small businesses (Verizon).
  • The average financial loss per incident in Australia is $6,000 (ACSC).
  • Nearly 50% of businesses do not spend more than $500 on IT security annually (ACSC).

Cyber-attacks & the cost to your business

Cyber-attacks on a business can involve costs that arise due to:

The cost of ceasing operations
Cyber-attacks can paralyse business systems, and cause mass loss of business records often rendering companies unable to operate. This can cause significant loss of income to your business.

Ransom payments
Ransomware attacks often see business systems shutdown, with access only granted once the ransom payment is made. This can occur multiple times in one
cyber incident, maximising the return for the perpetrator.

Data restoration & hardware replacement
IT specialists may be required to restore data, this can be extremely costly, particularly if hardware is irreparable and requires replacement.

Cost to investigate
Specialist forensic investigators are often engaged to ascertain what happened, if data has been stolen and to identify perpetrators. This is a costly
but necessary expense.

Third party damages
Compensation may be payable for any customers who suffer financially if their personal data is stolen in an attack.

Legal defence costs
If a third party launches legal action for damages incurred in an attack, you may need to engage legal services to defend yourself. This can amount to tens of thousands of dollars.

Statutory fines & penalties
Privacy laws can see businesses fined up to $1.8m and individuals $360,000 if they fail to report a data breach to the Office of the Australian Information

Reputational repair
If a cyber incident becomes public knowledge, it can be highly damaging for your brand. PR professionals are often required to manage the fallout and help you support customers who feel their personal data is not secure.


What is Cyber Insurance?

Cyber Insurance is designed to help protect your business from the financial impact of a computer hacking or a data breach. This risk exposure is not covered by a traditional business insurance policy.

Who needs Cyber Insurance?

Any business with a website or electronic records, or an IT system that connects to the internet is vulnerable. IT security systems are simply not enough in the digital era.

Like any vaccination, current antivirus software protects you from what is known, not what is not. That means SMEs need stronger protective measures to defend against everchanging and ever-present cyberattacks (Emergence).

What can Cyber Insurance cover?

First party losses

  • Business interruption losses, for the business and external suppliers
  • Cyber-extortion
  • Electronic data replacement

Third party losses

  • Security and privacy liability
  • Legal defence costs
  • Regulatory breach liability
  • Electronic media liability

Additional expenses

  • Crisis management expenses
  • Notification and monitoring expenses

Who would you call if your business suffered a Cyber-attack?

Cyber Insurance can assist in coordinating a cyber-attack response and recovery, engaging specialists to help your business return to normal as soon as possible.

For professional insurance advice, connect with a CBN Authorised Broker.

Connect with a CBN Broker


This article provides information rather than financial product or other advice. The content of this article, including any information contained in it, has been prepared without taking into account your objectives, financial situation or needs. You should consider the appropriateness of the information, taking these matters into account, before you act on any information. In particular, you should review the product disclosure statement for any product that the information relates to it before acquiring the product.  

Information is current as at the date the article is written as specified within it but is subject to change. Community Broker Network Pty Ltd and Community Broker Network Authorised Brokers make no representation as to the accuracy or completeness of the information. Various third parties have contributed to the production of this content. All information is subject to copyright and may not be reproduced without the prior written consent of Community Broker Network Pty Ltd.

Commuity Broker Network

The Community Broker Network (CBN) was formed following the acquisition of Westcourt General Insurance Brokers (WGIB), the subsequent merger with National Advisor Services (NAS) and the transfer of former CGU Authorised Representatives’s into NAS.

I’d like professional advice: