16 Apr 2020

Cyber breach risks 04: Insurance issues

Cyber insurance is a crucial part of your preparedness for a cyber incident. Lucy Terracall sets out the key elements and considerations in this specialised area.

Other Cyber breach risks videos

Related Knowledge

Get in Touch

Get in touch information is loading


Clayton Utz communications are intended to provide commentary and general information. They should not be relied upon as legal advice. Formal legal advice should be sought in particular transactions or on matters of interest arising from this communication. Persons listed may not be admitted in all States and Territories.


Cyber insurance is unique because it offers first party cover as well as third party cover.  What that means is that you are covered for the losses that your business sustains after a cyber incident including forensic specialists to come in and help fix the issues you are having.  But it also covers the liability loss that you might have if a third party customer, for example, issues proceedings against you as a result of the cyber incident. 

One of the interesting things about cyber insurance, because of the nature of the insurance is that it is an insurance policy that needs some TLC at the outset.  The negotiation process with your insurers, usually through your brokers, is really important to make sure that the cyber insurance cover is tailored to your specific needs.  What that requires is a bit of time and effort when you are either first purchasing the policy or when you are renewing your policy, to make sure that you are explaining to your broker and your insurers the sort of losses that you will suffer if you have a cyber incident that shuts your business down or interrupts your business for a particular period. 

Once you do have a cyber incident within your business, it is really important to notify your insurer as early as possible.  You should build notification to your insurer into your crisis management plan.  For cyber insurance policy covers, mandatory breach reporting - in other words, when you have an incident that needs to be notified to the Privacy Commissioner, it will cover those costs, and it also covers the costs of having external consultants in, for example forensic technology specialists to help you contain the situation from an IT perspective. 

One of the most important areas of cover under most cyber insurance policies is business interruption.  This varies dramatically across the different types of insurance policies on offer for cyber risks.  It is really important that you engage with your broker and your insurers to make sure that you are getting the right level and the right type of business interruption cover.  The question you must be asking yourself is - what will happen to my business and what loss will I suffer if my business is shut down, for example, for a period of 10 days?