Business Insurance and coverage for cyber incidents

Cyber risk is one of the most dynamic challenges currently facing the insurance and reinsurance industries.

And many businesses that rely on a Business Insurance policy – such as those offered by GIO – face the risk of silent cyber. 

Know more about Business Insurance

What is silent cyber?

“Silent cyber” is a term used by some in the insurance industry. It refers to potential cyber-related losses stemming from incidents that traditional insurance policies don’t cover.

Many traditional insurance policies weren’t designed with cyber exposures in mind, so they don’t make any mention of including or excluding such risks – either implicitly or explicitly. This creates an ambiguity in coverage, leading both insurers and policy holders unsure about what can be claimed for and when an insurance payout is justified.

How is the insurance industry responding to cyber risk?

Insurers are taking steps – some required by regulators – to address this ambiguity and clarify their coverage. Some insurers have done this by defining cyber risk and then excluding it from non-cyber policies. Some are introducing new policy language and underwriting guidelines.

At GIO we’ve decided to exclude cyber risks in all our small business package policy wording. This is consistent with many other insurers, who have excluded such risks from their traditional policies to eliminate any ambiguity.

Are there cyber insurance policies?

Cyber insurance is a type of liability insurance that protects your business against cybercrime, the loss of data and some of the liabilities associated with those events.

A specialised cyber liability policy is the best way to protect your small business against the many risks associated with cyber-attacks.

Cyber liability is designed to cover losses suffered by third parties when your cyber security is breached, but instead of covering physical damage or injury it covers losses relating to cyber incidents.

As with all insurance policies, there are exclusions that are important to understand.

Cyber Insurance policies generally, do not cover:

• potential future lost profits;
• loss of value due to theft of your intellectual property; and
• the cost to improve internal technology systems, including any software or security upgrades after a cyber event.

How to build cyber resilience for your business

Cyber resilience is the ability to adapt to disruptions caused by cyber security incidents while maintaining continuous business operations. It’s essential for all small businesses operating in the digital economy.

There are some practices that can offer businesses the chance to develop highly adaptive and responsive cyber resilience processes.

For example, the Australian Securities and Investments Commission has published a Cyber Resilience Good Practices resource.

You can also register to receive alerts from the Australian Cyber Security Centre (ACSC).

The ACSC has a range of resources for small and medium businesses and large organisations, including useful tips, guides and assessment tools:

• Small Business Cyber Security Guide
• Step-by-step guides
• Cyber Security Assessment Tool

GIO’s approach to claims

Each claim is different. Whether or not a particular policy affords cover will be determined by the circumstances of the claim, and the specific terms and conditions set out in your business policy wording – that is, the Product Disclosure Statement (PDS).

The following are examples of cyber-related claim scenarios. They’re provided as a guide only to the types of incidents that our policies may, or may not, typically respond to.

Buildings, contents, and other property wordings

We don’t intend to provide cover for damage to any data that caused by a cyber incident, or where damage spreads digitally from one item to the next.

However, we may cover subsequent damage to other covered tangible property that arises as a result of the initial incident.

Public Liability

These scenarios would not be covered:

• Following a data breach, your business’ customer data was lost, and your customers suffered mental anguish as a result.
• Your customer is seeking compensation for a laptop, while in for repairs, was infected with a virus when connected to your business network.

To discuss what is and isn’t covered by a GIO Business Insurance policy, feel free to get in touch.

Contact GIO

Read more:

• The different types of business insurance
• What does Tradies Insurance cover?
• Why do I need Public Liability Insurance?

Insurance issued by AAI Limited ABN 48 005 297 807 trading as GIO. Consider the Product Disclosure Statement before making a decision about this insurance. This advice has been prepared without taking into account your particular objectives, financial situations or needs, so you should consider whether it is appropriate for you before acting on it.