Cyber Insurance Guide

Cyber Insurance Guide — guidance and information from Ipswich Insurance Brokers, a Steadfast and CBN member broker.

What is cyber insurance?

Cyber insurance covers financial losses from cyber incidents — data breaches, ransomware, business email compromise, system outages and related events. It covers both first-party losses (your own recovery costs) and third-party losses (claims from customers or parties affected by a breach of your systems). Cover availability and conditions vary significantly between insurers.

What this cover may include

Cover availability and terms vary between insurers and depend on individual circumstances. Subject to acceptance, a policy may include:

• Data breach response costs — notification, forensic investigation
• Ransomware (subject to significant conditions and government restrictions on payments)
• Cyber business interruption — lost income during system recovery
• Third-party liability for breach of customer data
• Social engineering and funds transfer fraud (where available, with sub-limits)

Common exclusions to be aware of

The following are commonly excluded under standard policy wordings. Specific exclusions vary between insurers — always review the Product Disclosure Statement before purchasing.

• War and nation-state attributed attacks
• Unencrypted data on portable devices
• Pre-existing vulnerabilities known at inception
• Infrastructure not maintained to required security standards

How to arrange cyber insurance through Ipswich Insurance Brokers

1. Submit a quote request or contact us directly to discuss your requirements
2. We collect relevant information and approach appropriate markets
3. We compare policy terms and conditions across insurers and present options
4. We arrange binding and issue documentation once you confirm instructions

As a Steadfast and CBN member broker, Ipswich Insurance Brokers has access to a broad panel of approved insurers. We act on your behalf — not on behalf of any insurer. Our remuneration is disclosed in our Financial Services Guide.

General guidance — not personal advice

The information on this page is general guidance only. It does not constitute personal advice and does not take into account your individual circumstances. Before arranging any insurance, you should consider your specific needs and read the relevant Product Disclosure Statement. Our Disclaimer applies to all content on this site.

Frequently asked questions

Is cyber insurance covered in my existing business policy?
Many business package policies include a cyber extension with sub-limits. These sub-limits are often inadequate for a meaningful cyber incident — particularly ransomware or business email compromise events that can result in significant losses. Standalone cyber policies provide more comprehensive cover. We review cyber extensions during placement and renewal.

What security measures do insurers require?
Requirements vary between insurers and are increasingly stringent. Common requirements include multi-factor authentication on email and remote access, current anti-malware software, regular data backups (including offsite or cloud), and documented security practices. Failure to meet conditions at inception or during the policy period can affect claim response.

Can I insure a ransom payment?
Ransom cover is available under some cyber policies, subject to significant conditions. Australian law restricts payments to sanctioned entities — compliance with these restrictions is a condition of cover. Insurers typically require involvement in the negotiation process before any payment is made. Contact us immediately if a ransomware event occurs.

What to look for when comparing cyber insurance policies

When reviewing options, the following points are worth considering. This is general guidance — the right approach depends on your specific situation.

Review the sub-limits carefully — particularly for business interruption, ransom payments and notification costs. Confirm what security conditions apply and that your business currently meets them. Check whether social engineering and funds transfer fraud are included and on what terms. Understand the waiting period for business interruption — typically 8 to 12 hours before BI payments begin. Consider whether the standalone cyber policy or a package extension is more appropriate for your exposure.

For more detailed information, see our Cyber Insurance page.

About Ipswich Insurance Brokers

Ipswich Insurance Brokers is a Steadfast and CBN member broker operating under an Australian Financial Services Licence. We act on your behalf — not on behalf of any insurer. We compare options across a broad panel of approved insurers, arrange cover, provide documentation and support claims. We are remunerated by commission from the insurer, disclosed in our Financial Services Guide. All information on this page is general guidance only — see our Disclaimer. Contact us on 07 3503 1404 to discuss your current cyber risk profile and whether your existing cover is structured appropriately for current insurer expectations.

Cyber risk is one of the fastest-evolving insurance categories. Policy terms, security requirements and insurer appetite change frequently. Annual renewal reviews are particularly important for cyber — a policy that was appropriate last year may not reflect current market conditions or your current risk profile. See our Cyber Insurance page for more on our approach to cyber placement.

Related pages