Cyber-insurance trends in Australia for 2024

Global overview: Why businesses need more than just security

Why stable premiums make cyber insurance a smart move

At the end of 2022, Zurich’s CEO warned that cyber risks were becoming ‘uninsurable’ due to their uncertain nature. Premiums shot up as insurers tried to clarify ‘silent cyber’ coverage gaps with tighter policy terms.

However, the picture is different in 2024. Cyber insurance prices are beginning to settle down. Howden’s Global Insurance Index shows prices down 15% after peaking in mid-2022, thanks to better security practices by businesses and more competition among insurers.

But don’t be fooled into thinking lower premiums mean less risk. Even with reduced costs, cyber insurance remains crucial for managing risks that stronger security alone can’t cover. Lance Rubin, Founder of Model Citizn, found this out the hard way when his business was hit by a cyber attack. “I was hoping [cyber insurance] wouldn’t just be another policy that sits there, but when that day came, I realised it’s actually valuable,” he told us on our On the Defence podcast. “Cyber insurance isn’t just about covering direct losses; it’s about managing the broader risks that can sink your business.”

Meeting security requirements to get the coverage you need

During the premium hikes of 2023, insurers started demanding stronger security measures to reduce incident risks and offer better coverage.

This trend continues in 2024, with insurers setting clearer cybersecurity standards as conditions for coverage. A recent Sophos study shows insurers are increasingly requiring companies to adopt risk management frameworks and cybersecurity measures like multi-factor authentication and endpoint protection. Stricter underwriting processes and tailored policies are emerging, especially for industry-specific risks.

Rubin’s experience is a good example of why businesses need to stay on top of their security measures. “You think about the costs — not just the immediate ones, but the ripple effects to your brand, your clients, your staff. The forensic investigation was covered by insurance, but without it, the damage would’ve gone far beyond what we could manage ourselves,” he shared.

What does this mean for you? You need to keep investing in security. But even then, cyber insurance is still crucial as a backup plan. It’s your safety net against the attacks that slip through.

Combating FFT: Prevention and insurance as dual defences

Fraudulent fund transfer (FFT) was a significant threat in 2022, overtaking ransomware as the most common type of claim and making up 36% of all cyber insurance claims in Q3.

According to Coalition, FFT continued to be a major concern in 2023, accounting for 28% of all claims, with the frequency of these claims up 15% year over year. FFT is often linked to Business Email Compromise (BEC) attacks, with 56% of all claims involving either BEC or FFT.

For Rubin, this lesson hit home hard: “I didn’t think I was going to be at risk, and that was the real big takeaway… it’s not just about you as a business; it’s about how you’re connected to the broader industry. Even a small business can be a target because of who they do business with,” he explained.

The takeaway is clear: focus on stronger payment fraud prevention, especially around email security protocols. But even the best prevention strategies aren’t foolproof. If an attack gets through, you still need insurance to cover recovery and losses.

Australia insights: Rising threats demand smarter insurance choices

Cybercrime is costing Australian businesses — don’t risk going without insurance

Australia is dealing with a wave of cybercrime, from tax scams to data breaches, affecting businesses of all sizes. Recent incidents like the $2 million lost in tax scams and a $4.3 million healthcare data breach show the financial and reputational damage that’s possible, no matter how big or small you are.

The lesson? Even the best cybersecurity measures won’t always protect you against sophisticated attacks. For Australian businesses, cyber insurance is becoming essential—not just for compliance, but to shield against the financial fallout of breaches.

How smart cybersecurity investments can lower your premiums

Some Australian businesses are finding that investing in robust cybersecurity helps them secure affordable cyber insurance. A report from Insurance Business Magazine found that companies using advanced security practices, like threat detection and incident response plans, have cut their premiums by up to 30%.

But don’t see these savings as an excuse to go without insurance. Instead, use the cost savings to get more comprehensive coverage. This dual strategy protects you upfront and provides a safety net for what you can’t predict.

Avoid coverage gaps and “silent cyber” risks

The Australian insurance market is getting more complex, with insurers addressing “silent cyber” risks — where policy language doesn’t cover certain cyber events. Insurers are making moves to update policies with clearer terms, but gaps still exist.

To fully benefit from cyber insurance, audit your existing policies to identify any ambiguous coverage areas and consult with brokers or legal experts to ensure you’re adequately protected against all potential threats.