News & Insights

Insurance market update: cyber risk evolving as fast as technology itself

Published 19 May 2020

In light of the prevailing COVID-19 pandemic and its impact on the delivery of knowledge, goods and services, the perceived value of data and information as a valuable commodity has grown along with the connected risk. Remote worker access to data and stricter device controls are the new security perimeter.

In 2020, for the first time ever, cyber risk was ranked the number one commercial risk globally[1] representing a significant shift in position when compared to 2013 where it was ranked as 15th.

Cyber-crime is effecting businesses both large and small, with an estimated cost to the Australian businesses community of more than $29 billion per year and more than 9.2 malware detections recorded by Australian businesses.

Unfortunately, even with the best security and expertise in place, breaches are not entirely preventable. Additional focus needs to be placed on detecting weaknesses, intrusions and the corresponding recovery and response plan.


Cyber incidents can take many forms, from hacking, ransomware and malware to business email and text message compromise through phishing, to IT outages or failures. This extends to lost passwords, credit cards, voicemail and ID cards that allow a perpetrator to access information that enables fraudulent activity.

We are seeing the use of COVID-19 themed alerts and phishing campaigns to obtain user credentials, with requests for information that leaves business and individuals susceptible to fraud and other crime. Retail banks, government departments and other legitimate sources are being used to front these operations, which include targeting remote working employees.

With the shift to remote working and the need to manage and maintain customer data off-site, small businesses are increasingly vulnerable to cyber-attacks, and are often viewed by perpetrators as ‘low hanging fruit’.

A recent survey on Australian small to medium-sized businesses' (SMEs) preparedness found that only 27% of respondents had cyber insurance in 2019, down from 34% in 2018[2]. Cyber insurance policies are evolving at a rapid pace to keep up with technological development but, as with many risks, insurance is only part of the solution. Perhaps, more worryingly, 49% of SMEs do not have a data breach response plan in place[3].

Defence is part of the response

As a minimum businesses should have automatic updates for computer operating systems and software turned on, apply software patches as they are released, lock unattended devices and automated data back-up processes in place.

Measures should be taken to limit access to sensitive information (customer, employees, financial), apply double factor authentication, mobile device encryption, and providing training to educate all employees on the risks of using public WiFi and the process to support suspected cyber incidents.

Help is available

If you or your business are the victim of a data breach, having stand-alone cyber insurance will generally provide you with an adequate safeguard and expert assistance. This includes restoring data and/or containing the privacy of company information, which is often more critical in the immediate term from a business continuity perspective than a monetary payout.

And if addressed quickly, data breaches can generally be triaged inexpensively and your IT security restored with minimal impact to your business. Support can also be provided to manage the mandatory breach reporting requirement.

Business Insurance and Risk Market Update

2677-Market overview-mockup with download icon

This article was originally published in the Business Insurance and Risk Market Update May 2020.

In this report you will find additional insights on current market conditions and the effects of unprecedented impacts from extreme weather catastrophes, political and economic turbulence and the significant blow dealt to the recovery process dealt by the COVID-19 pandemic, including

  • business continuity — what's your Plan B?
  • professional and financial risks — board governance and directors' liability 
  • food production — challenging times remain from farm to table
  • claims —preparing for a new normal.

Contact us

We strongly encourage any business owner with prevailing concerns around the adequacy of their insurance cover to speak with Gallagher subject matter experts at the earliest opportunity. We are here to help and, through our strategic partnerships and access to exclusive markets, we may be able to present an improved course of action for your business.


Connect with an expert



[1] Allianz Global Risk Barometer 2020, Allianz Global Corporate and Specialty, January 2020.

[2] Australia SME Cyber Preparedness Report 2019, Chubb Insurance, September 2019.

[3] Australia SME Cyber Preparedness Report 2019, Chubb Insurance, September 2019.

Gallagher provides insurance, risk management and benefits consulting services for clients in response to both known and unknown risk exposures. When providing analysis and recommendations regarding potential insurance coverage, potential claims and/or operational strategy in response to national emergencies (including health crises), we do so from an insurance and/or risk management perspective, and offer broad information about risk mitigation, loss control strategy and potential claim exposures. We have prepared this commentary and other news alerts for general information purposes only and the material is not intended to be, nor should it be interpreted as, legal or client-specific risk management advice. General insurance descriptions contained herein do not include complete insurance policy definitions, terms and/or conditions, and should not be relied on for coverage interpretation. The information may not include current governmental or insurance developments, is provided without knowledge of the individual recipient’s industry or specific business or coverage circumstances, and in no way reflects or promises to provide insurance coverage outcomes that only insurance carriers’ control.
Gallagher publications may contain links to non-Gallagher websites that are created and controlled by other organisations. We claim no responsibility for the content of any linked website, or any link contained therein. The inclusion of any link does not imply endorsement by Gallagher, as we have no responsibility for information referenced in material owned and controlled by other parties. Gallagher strongly encourages you to review any separate terms of use and privacy policies governing use of these third party websites and resources.
Insurance brokerage and related services to be provided by Arthur J. Gallagher & Co (Aus) Limited (ABN 34 005 543 920). Australian Financial Services License (AFSL) No. 238312
Legal penalty highlights businesses’ cyber security obligations
Cyber | Article

Legal penalty highlights businesses’ cyber security obligations

21 June 2022
Adapting your risk management protections to match evolving cyber cover
Cyber | Report

Adapting your risk management protections to match evolving cyber cover

31 May 2022
On-Demand Webinar: What Really Happens When You Negotiate with a Hacker: An Insider’s View
Cyber | Webinar

On-Demand Webinar: What Really Happens When You Negotiate with a Hacker: An Insider’s View

21 April 2022