Select how you’d like to proceed with your insurance needs.
Talk to a real insurance expert on your time.
15-minutes consultation with licensed advisors
Perfect if you’re unsure about coverage needs
Get personalised recommendations
Already have coverage? Let’s simplify your service
Keep your current carriers & policies
Simple digital authorisation process
Seamless transition to better service

Cyber insurance is business insurance that may help cover costs when something goes wrong digitally: a data breach, a ransomware attack, a scam that redirects a payment, or a system outage that stops you trading.
Think of it this way. Cyber security reduces the chance of an incident. Cyber insurance may help with the cost of responding and recovering if one still happens.
It is sometimes called cyber liability insurance, cyber risk insurance, or cyber and technology insurance. A policy may cover forensic investigation, legal fees, customer notifications, system recovery, lost income during downtime, and claims from people affected by a breach at your business. The exact cover depends on the insurer, policy wording, limits, sublimits, and exclusions. Cyber insurance does not prevent attacks. It does not replace multi-factor authentication, tested backups, or staff training. It sits behind your security controls, not instead of them.
Most cyber policies cover three categories of loss. Not every policy includes all three.
First-party cover helps when the damage hits your business. Third-party cover helps when someone else says your breach hurts them. A single incident can trigger both at the same time.
Data breach risk is not theoretical. OAIC's January to June 2025 reporting found that malicious or criminal attacks remained the largest source of notifiable data breaches, with cyber security incidents the predominant source within that category.
The fake invoice: Someone compromises your supplier's email and sends an invoice with new bank details. Your accounts team pays $85,000 to a scammer's account. The money is gone. Cyber insurance may cover part of the loss under the social engineering or funds transfer fraud section, subject to a sublimit and verification conditions.
The ransomware lockout: A staff member clicks a link in an email. Within hours, every file on the network is encrypted. The business cannot operate for two weeks. Cyber insurance may cover forensic investigation, system restoration, and lost income during the outage.
The customer data breach: A laptop containing 15,000 customer records was stolen from a car. The business must notify affected customers under the Notifiable Data Breaches scheme, engage lawyers, and arrange credit monitoring. Cyber insurance may cover these response costs.
These scenarios are not unusual. The Medibank breach affected 9.7 million Australians and cost the company over $126 million, with further legal proceedings ongoing. The MediSecure breach exposed 12.9 million patient records. Most cyber incidents that trigger insurance claims are far smaller, but the response costs follow the same pattern: investigation, legal, notification, recovery, and lost revenue.
If you have ever sent an invoice by email, stored a customer's phone number, or taken a payment online, your business has cyber exposure. You do not need to be a technology company to face a technology risk.
Cyber insurance is also increasingly specified in enterprise vendor contracts, government tenders, and healthcare or finance sector agreements.
Every policy has limits. Common exclusions include:
Many cyber policies also have a waiting period for business interruption, typically 8 to 24 hours. If your systems are back online within the waiting period, the business interruption section may not respond.
Paying a ransom to a sanctioned entity may breach Australian financial sanctions law, regardless of insurance. Most policies cover ransomware negotiation and system restoration. Coverage of the ransom payment itself varies. Some reporting business entities may also need to report ransomware or cyber extortion payments within 72 hours under the Cyber Security Act 2024. Home Affairs guidance refers to an AUD $3 million annual turnover threshold.
The most common reason cyber claims face problems is a mismatch between the application and reality. If your application says you use MFA and you do not, the insurer may dispute the claim. For more, see why cyber insurance claims get denied.
Do not only ask whether the policy includes cyber cover. Check how it responds to the incidents your business is most likely to face.
If your business sends invoices by email, check business email compromise, invoice redirection, and funds transfer fraud. If you run an online store, check customer data breach, website downtime, payment systems, and cyber business interruption. If you provide technology services, check whether the policy includes technology liability or claims from clients.
Then check the sublimits. A policy may advertise ransomware, phishing, or BEC cover, but the amount payable for that section may be lower than the overall policy limit. A $1 million policy with a $50,000 social engineering sublimit pays $50,000 for BEC, not $1 million.
Before buying, look at the policy wording, schedule, and any security conditions. Make sure the application answers match how the business actually uses MFA, backups, payment approvals, cloud systems, and data storage.
Many small businesses may find cyber insurance costing between $300 and $2,000 per year, depending on occupation, cover limit, revenue, and security controls. Higher-risk industries and higher limits cost more. Common factors that may reduce premiums: documented MFA, tested backups, a written incident response plan, and endpoint protection.
For help choosing the right cover level, see How Much Cyber Insurance Do I Need?. For what underwriters check, see Cyber Insurance Requirements in Australia.
upcover arranges Cyber and Technology Insurance for eligible Australian businesses with selected insurers and underwriters. Depending on your occupation, revenue, and data exposure, you may be able to compare options, choose a limit, and access a Certificate of Currency on policy confirmation.
For a deeper guide, see the Cyber Insurance Guide for Small Businesses. upcover Pty Ltd ABN 17 628 197 437 is a Corporate Authorised Representative (CAR 1299211) of Experience Insurance Services Pty Ltd ABN 41 657 596 506, AFSL 539078.
Business insurance that may help cover costs from cyber incidents such as data breaches, ransomware, business email compromise, and system outages. Includes first-party cover (your costs) and third-party cover (claims from others).
First-party covers your own costs: investigation, recovery, downtime. Third-party covers claims from others: notifications, legal defence, compensation.
Many policies cover ransomware response, negotiation, and system restoration. Coverage of the ransom payment itself varies. Often subject to a sublimit.
Many policies cover BEC and funds transfer fraud, but often with a sublimit and verification conditions. BEC is one of the most common cyber claim types in Australia.
No general legal requirement. However, contracts, tenders, enterprise clients, and industry agreements increasingly specify it.
No. Cyber security reduces the chance of an incident. Cyber insurance may help with response and recovery costs after one happens. Businesses need both.
Many small businesses pay between $300 and $2,000 per year, depending on occupation, revenue, data exposure, security controls, and cover limit.
In many cases, yes. The previous incident must be disclosed in the application. The insurer may exclude the known incident from the new policy or adjust terms. Not disclosing a prior breach can affect future claims.
The information in this article is general in nature and provided for informational purposes only. It does not constitute personal insurance, legal, financial, tax or business advice. Cyber insurance coverage, limits, sublimits, and exclusions vary by insurer and policy wording. Statistics sourced from ASD/ACSC Annual Cyber Threat Report 2024-25 and OAIC Notifiable Data Breaches Report January to June 2025. Before purchasing or relying on an insurance product, consider the relevant Public Disclosure Statement, Target Market Determination, policy wording, and Financial Services Guide. upcover Pty Ltd ABN 17 628 197 437 is a Corporate Authorised Representative (CAR 1299211) of Experience Insurance Services Pty Ltd ABN 41 657 596 506, AFSL 539078. upcover arranges insurance products with selected insurers and underwriters and does not compare all general insurers or insurance products available in the market.
We are digitising commercial insurance and risk management for small, mid-market and technology businesses. We work with a global network of underwriters, challenging legacy brokers and delivering market leading coverage to our customers.