Hit enter to search or ESC to close



Cyber insurance

Cyber insurance

Technology is at the heart of almost every business. As a result, data protection and network security are leading risks for all organisations. Hackers don’t discriminate, and anyone with a website, computer, email address, phone or EFTPOS terminal is a target.

Cyber insurance can help businesses manage and recover from a cyber liability such as ransomware, a virus, malware infection, DDoS (denial of service) attack, or loss of data and privacy breach.

Policies can cover business income loss and help minimise reputational damage after you’ve experienced an attack. 

CL647C CLMB Cyber social image 1200pxw x 630pxh V1

Anyone's a target

Cyber attacks happen to businesses of any size, in every industry. Our cyber insurance brokers help companies identify and assess cyber risks, provide insurance advice, and arrange the most suitable cyber protection.

Contact a broker

Who needs cyber insurance?

All businesses, regardless of industry or size use technology to operate, and therefore face a range of cyber risks.

A business could be exposed to cyber risk if it:

  • Engages vendors, independent contractors or additional service providers
  • Gathers personal or corporate information
  • Relies on computers and other electronic processes
  • Uses online applications
  • Has an online presence and/or point-of-sale machines
  • Has remote working outside a central place of business

Updated anti-virus software, two-factor authentication, robust firewalls, backups and staff education are all important risk management tools. However, none of those measures provide 100% security. Some hackers take advantage of vulnerabilities in systems, while others rely on human error to gain access to systems via phishing or social engineering scams. 

What does cyber insurance cover?

Cyber security insurance is designed to fill the gaps in traditional insurance programmes. Policies will generally respond to both your own losses and also your liability to others as a result of a breach in your network security.  While a cyber liability insurance policy cannot prevent a breach of your network security, it can assist you to manage and recover if you suffer a cyber attack. 

Cybersecurity insurance can cover your own direct losses and costs for:

  • Loss of business income
  • Forensic costs to determine the extent of the event
  • Extortion costs incurred in the threat of an event or a ransomware assault
  • Costs to restore the network
  • Costs to replicate/replace lost data
  • Public relations costs to minimise reputational damage

Cyber insurance can cover privacy breaches, and security liability, as well as third party costs that you, as the insured, become liable for ie:

  • Regulatory fines and penalties
  • Third-party damages
  • Public relations costs
  • Forensics costs
  • Claims for compensation from customers or other third parties such as banks or suppliers
  • Costs of investigations instigated by privacy regulators
  • Associated legal defence costs

Cyber liability insurance can also provide you with access to experts to help you restore your network and minimise exposure to loss or liability.  This includes specialists in data recovery, forensic engineering, crisis management, public relations and legal advice.


Ransomware victim - professional services firm

A business found that its systems had been infected by ransomware malware. All IT services were outsourced to reputable firms and up-to-date anti-virus systems were in use. A branded backup product was making full image-based backups of the system every hour. Despite this protection, the malware encrypted 18 months of data, including the backup files. This data was locked for 6 days while every effort was made to restore it. Eventually, when all options had been exhausted, the ransom of 5 bitcoins had to be paid to restore the data. Costs were met by cyber insurance.

Phishing - data loss victim – technology company

The victim’s head office is based in New Zealand however it has sales staff based in USA. Just before a long weekend in the States, the New Zealand head office received an email from one of its senior staff in the USA requesting urgent transfer of US$35,000 for a significant deal that was closing imminently. A second email followed, chasing the payment and stressing the urgency. The criminals had clearly used social media engineering to profile the business and used this to target the right people in the firm. Unfortunately, the funds were paid but insurance was available to reimburse the victim’s loss (less their excess).

Virus infection -professional services firm

The victim had a network of 22 desktop workstations, two virtual servers and ancillary devices including printers. Anti-virus software installed on the servers was up to date and there was an overnight virus scan run once a week, although most desktops were switched off when it was scheduled. A virus was detected on the system infecting multiple computers and spreading through the network. Initial attempts to eradicate the virus were unsuccessful and eventually the only way to clean the system up was to wipe and re-install all the computers and devices on the network leaving the insured unable to use their system for several days. The victim was able to recover the costs of restoring the network from their cyber insurance policy.

Phishing - data loss victim – large membership association

The victim held details of several thousand members on its database. In a spear phishing attack, an association staff member received an email purporting to come from the body’s CEO. The email requested contact details for the members. Because the email looked authentic, the details were sent. As a result, the association was exposed to potential liability to its members for a privacy breach. It also faced reputational issues and costs associates with notifying both members and the appropriate authorities.