Do SMEs Really Need Cyber Liability Insurance? 

If you’ve ever had a client tell you, “My business isn’t big enough to be hacked!” you’re not alone and by now you know this may not be a fact. Many brokers find Cyber Liability insurance a hard sell for their SME clients. 

There are several reasons why SMEs neglect cyber security beyond believing a cyberattack will never happen to their business, making the role of brokers essential. Brokers help SME clients understand their risks and how Cyber Liability insurance can be a vital tool for protecting their business operations.  

Small businesses, big cyber threats 

While cyberattacks on large corporations, hospitals, and government entities tend to make the news, they don’t tell the full story of these threats. According to a survey of SMEs conducted by the Australian Cyber Security Centre (ACSC), 62% of respondents had been victims of a cyber security incident.1 

In fact, small and medium enterprises may be more likely than big businesses to be targeted by hackers and cybercriminals because: 

  • They might not think they are a target. Cybercriminals often prefer quickly hitting multiple weaker targets (i.e., small businesses) rather than spending hours on a single, well-protected one. 
  • They may lack awareness of these threats. Many SMEs don’t have the time to educate themselves about commercial insurance, let alone common cyber threats like phishing, ransomware, and social engineering. 
  • They’re already spread thin. Cybercriminals can exploit busy SMEs focused on other areas of their business and who may have no one to turn to for help with cyber incidents. 
  • They often work with multiple third-party partners. SMEs tend to rely on outside suppliers and partners to help them run their businesses, which may leave them vulnerable to data breaches and false billing scams. Cybercriminals also often target small businesses lower down in the supply chain that service larger companies. 
  • They spend less time and money on countermeasures. Large corporations can afford to protect their systems and data in ways that SMEs often cannot, making SMEs a convenient target for a cyberattack. 

Cybersecurity incidents can be costly for SMEs. ACSC data for the 2021-22 financial year shows self-reported losses averaging $39,000 for small businesses and $88,000 for medium businesses.2 

Cyber Liability Insurance for your SME clients 

While preventative steps, like learning to recognise common threats, can help SMEs prevent many cyberattacks, nothing is foolproof. Cybercriminals are crafty. They are constantly working on new ways to breach systems and scam their victims.  

Most SMEs may lack the resources to fully protect themselves from cyberattacks. However, Cyber Liability insurance can help them access funds and assistance to recover after an incident. 

Cyber Liability policies typically cover: 

  • Business interruption costs – Cyberattacks can cause huge disruptions to an SME’s operations, which may translate to thousands of dollars in lost revenue.   
  • Investigation and data recovery costs – The cost of identifying how a breach occurred and restoring systems is cost prohibitive for many SMEs.  
  • Extortion costs – Ransomware is a growing threat to Australian SMEs, and some policies may pay a demanded ransom in some circumstances. 
  • Notification costs – SMEs may be required by law to notify their customers and partners of data breaches at their own expense. 
  • Fines and penalties – Businesses can face steep fines for failing to keep customer data private. 
  • Third-party compensation claims – A customer, supplier, or vendor could sue an SME for failing to prevent a data breach that exposes their information.  
  • PR and crisis management costs – SMEs might engage a public relations team to help them rebuild their professional reputation after a cyberattack. 

These resources can help SMEs get back to business with as little downtime as possible. This can provide invaluable peace of mind to busy small business owners. 

Cyber Liability in Action 

Here are two real-life Cyber Liability & Privacy Protection claim examples* from our insurer partners that illustrate how these policies can aid small businesses in very different industries: 

Mining Company (Industry: Agriculture, Mining & Farming) 

A disgruntled employee of a mining company used malicious software to corrupt the company’s server. Files containing personal information, including credit card information, were accessed. As a result, fraudulent credit card transactions were made in numerous locations around Australia. 

$1 million was paid for setting up a call centre to respond to enquiries, credit monitoring services for affected individuals and data restoration costs, together with legal fees incurred in reporting requirements to regulatory authorities. 

Hairdresser (Industry: Health Services) 

The Insured uses a VoIP telephone system. A hacker gained access to the telephone system and made multiple unauthorised calls to a premium number over the course of a month. At the end of the month, the Insured received their invoice, which included $30,000 of unauthorised calls. 

The Insured made a claim on their Cyber policy, which triggered the optional Social Engineering cover. The client was covered for $30,000 of direct financial loss because of the phreaking attack. 

Quote & bind Cyber Liability with B4B 

Curious how a Cyber Liability policy could help protect your clients? Login to BizCover for Brokers to instantly quote policies from three leading insurers—AIG, Chubb and DUAL. It only takes a few minutes to see how quickly and easily you can offer Cyber Liability options to your SME clients. 

1. ACSC, Cyber Security and Australian Small Businesses survey, July 2020 
2. ACSC, Annual Cyber Threat Report, 1 July 2021 to 30 June 2022 

BizCover for Brokers acts as agent of the insurer and not as the agent of you or your client. Any advice provided is general advice only and does not take into account the personal objectives, financial situation or needs of you or your client. Always read the Product Disclosure Statement or Policy Wording (available on our website). 

*The provision of the claims examples are for illustrative purposes only and should not be seen as an indication as to how any potential claim will be assessed or accepted. Coverage for claims on the policy will be determined by the insurer, not BizCover for Brokers. 

© Copyright 2023 BizCover Pty Limited. BizCover for Brokers is a business name of BizCover Pty Ltd (ABN 68 127 707 975; AFSL 501769).