Cyber insurance: A new line of security defence

02 Jun 2020

Cyber attacks are on the rise, with this comes a lot of risk and anxiety.

In Australia alone cybercrime is estimated to cost the nation more than $1 billion each year. The real annual impact is thought to be as high as $17 billion.

As if this isn’t grim enough, consider the impact of recent compliance regulations, which threaten major fines in the wake of a data breach. Not to mention the associated costs related to detection and response; according to The 2019 Cost of a Data Breach report, the average organisational cost for a data breach in Australia is $2.13 million.

Then there’s the familiar mantra, ‘It’s not a case of if a breach will occur, but when‘.

It’s not hard to feel like we’re fighting a losing battle against cyber criminals. And in the case that a breach is in fact inevitable, what are we preventing against?

A new way of thinking, a new line of defence

One option organisations are increasingly adopting as part of their overall security strategy is cyber insurance.

The visual below from BDO’s 2018-2019 Cyber Security Survey shows strong uptake of cyber insurance in Australia between 2016 and 2018.

Cyber insurance - A new line of security defense

Also known as cyber liability insurance, cyber insurance provides an avenue to mitigate financial risk by offsetting the costs that are typically faced in the wake of a cybersecurity event.

While not a prevention tactic in the traditional sense of the word, cyber insurance enables organisations to prevent at least some of the financial damage caused by a cyber attack. In this sense cyber insurance offers a new way of thinking about cyber risk ‘prevention’.

What’s more, cyber insurance can inherently help organisations to become more aware and proactive about their data-handling protocols in order to avoid the problems from the outset.

Cyber insurance: What you need to know

The market for cyber insurance has been on the up owing to its focus on cyber incidents, which are often missing in standard insurance policies.

In fact Allianz forecasts the global cyber insurance market will grow to over US$20 billion by 2025.

While policies vary depending on the provider, most cyber insurance covers a range of cyber risk losses that may arise from a cyber attack. Some plans may even offer coverage for physical damage to hardware or business income loss.

In general, most providers will offer coverage for expenses and legal costs relating to:

  • Data breaches
  • Theft or loss of client information
  • Business interruption costs that resulted directly from a cyber attack (DDoS attacks, for example)
  • Forensic investigation
  • Data recovery
  • Extortion (ransomware, for example)
  • Fines and penalties
  • PR and crisis management
  • Legal costs by affected third parties.

The cost of cyber insurance

The cost of coverage will differ from organisation to organisation but is largely determined by their current security posture.

An organisation with a strong security posture will usually have better access to coverage, while an organisation with a fragmented security posture might be at a disadvantage; insurers might struggle to fully understand their security posture, which could result in inadequate insurance purchases.

Insurance: The safety net in your strategy

Cyber insurance should never replace cyber defence.

To think otherwise would only expose a business to future risk; should a breach occur and the insurance company finds the organisation hasn’t met a certain level of security, the business may be up for the costs.

That’s why cyber insurance should be considered as another layer of a broader and robust security strategy.

As a partner, you can help your customers define their cybersecurity goals and create a strategy that addresses their pain points and delivers on their objectives.

Creating a sound cybersecurity strategy is a key step in this endeavour, and it all starts with visibility.


Arrow’s approach to security emphasises visibility and control, because you can’t secure what you can’t see.

Our goal is to enable you to understand, execute and monetise security across each domain and their data points, regardless of existing skill or experience.

Talk to us for advice on building a robust security strategy to protect your customers’ data, reputation and bottom line.