Getting your Trinity Audio player ready...
null

Australian small business owners are seeking insurance protection as awareness of cyber threats accelerates with the incidence of attacks, according to Gallagher SME risk specialists. This is confirmed by a survey conducted with a mixed cohort of SMEs, including Australians, with 71% naming cyber security as a significant risk1.

Three factors have driven SMEs to a heightened focus on cyber risk:

  • around half of all cyber attacks target small businesses2 due to their comparative lack of advanced cyber security and continued use of vulnerable legacy systems
  • clients and customers serviced by SMEs are making cyber security measures a condition in contractual agreements such as business tenders
  • the costs of sustaining a cyber attack, both in dollars and down time, are increasing.

The fallout from cyber attacks goes beyond the business's financial losses and includes operational impacts, exposure and loss of customers' personal (private) data which erodes trust and damages reputation.

Why SMEs are seeking cyber insurance protection

According to the research most SME cyber security breaches are due to human error: someone in the business mistakenly clicking on a phishing link or opening a harmful attachment, which is what happened in this case.

Case study 1

How cyber insurance saved an SME's server crisis
A small, specialised manufacturer who believed they had minimal exposure to cyber risk was grateful they had nevertheless taken out a cyber policy when a seemingly innocuous email unleased mayhem.
The malware took out the server, leaving the business with no visibility over stock, pending orders or deliveries and no email communications, but the cyber insurance cover enabled a speedy response.
Within two and a half hours of notification the insurer provided a cyber expert who collaborated with the server provider to investigate the damage and restore service.
Most of the data and network were restored in less than two weeks, limiting down time to the minimum and enabling the business to carry on trading.

Scamming attempts are increasing rapidly as artificial intelligence (AI) allows cyber criminals to broaden phishing and text message scams.

To avoid cyber scams through social engineering attacks businesses should adopt practical protocols such as:

  • verifying the identity of the sender of an email
  • separating work functions between key staff to ensure access to sensitive systems data such as customer databases with personal and private information and bank accounts, is restricted and on a needs-only basis
  • using different, strong multifactor identification across various business areas and regularly changing authentications.

Case study 2

Insurer provided tech experts to retrieve business victim's encrypted data
A small auto parts retailer that used a centralised warehouse and call centre service and delivery model was paralysed when a hacker managed to penetrate the company's computer systems through the remote desktop protocol that enabled the business's computer network to share internet access.
The hacker then encrypted the business's multiple servers and sent a ransom note for millions in bitcoin. When the business reported the breach the insurer called on IT experts who used the business's offline USB flash drive data backups to restore functionality and connectivity, bypassing the need to respond to the extortionate ransom demand.

How can SMEs access insurance cyber protection?

Cyber insurance is now accessible via a simple form and affordable to businesses of all sizes. Our cyber insurance brokers can submit and manage your cyber insurance application quickly and can provide pre-assessment of your cyber risks via a service to scan your IT environment to help identify where the risks are. Without insurance your business will bear all the costs involved with a data breach, which can escalate very quickly.

Cyber cover supports small business owners by providing 24/7 access to a panel of experts, including legal, public relations and IT forensic specialists to work with you and your business and providing ongoing advice to help control, contain and coordinate your response to a cyber incident from when you first suspect you have a problem until you're back to business as usual.

Cyber insurance is designed to cover a range of threats and outcomes including:

  • impacts from a variety of cyber attacks, from ransomware to phishing
  • forced closure/downtime for your business/revenue loss
  • government notification requirements and ongoing reporting of the event
  • incident response and investigation costs
  • loss, recovery and decontamination of data.

Our specialists can help small businesses seeking access to cyber insurance protection via a simple broker-managed process to access affordable cover.

connect with us

Sources

1"71% of Australian small businesses view cyber attacks as major risk," Security Brief Australia, Jan 2024.

2"Australia ‒ Small businesses vulnerable to rising cybercrime," Export Finance Australia, Mar 2023.

3"Preventing business email compromise," Australian Cyber Security Centre, accessed 30 Apr 2025.

Disclaimer

Gallagher provides insurance, risk management and benefits consulting services for clients in response to both known and unknown risk exposures. When providing analysis and recommendations regarding potential insurance coverage, potential claims and/or operational strategy in response to national emergencies (including health crises), we do so from an insurance and/or risk management perspective, and offer broad information about risk mitigation, loss control strategy and potential claim exposures. We have prepared this commentary and other news alerts for general information purposes only and the material is not intended to be, nor should it be interpreted as, legal or client-specific risk management advice. General insurance descriptions contained herein do not include complete insurance policy definitions, terms and/or conditions, and should not be relied on for coverage interpretation. The information may not include current governmental or insurance developments, is provided without knowledge of the individual recipient's industry or specific business or coverage circumstances, and in no way reflects or promises to provide insurance coverage outcomes that only insurance carriers' control.

Gallagher publications may contain links to non-Gallagher websites that are created and controlled by other organisations. We claim no responsibility for the content of any linked website, or any link contained therein. The inclusion of any link does not imply endorsement by Gallagher, as we have no responsibility for information referenced in material owned and controlled by other parties. Gallagher strongly encourages you to review any separate terms of use and privacy policies governing use of these third party websites and resources.

Insurance brokerage and related services to be provided by Arthur J. Gallagher & Co (Aus) Limited (ABN 34 005 543 920). Australian Financial Services License (AFSL) No. 238312