What is Cyber Insurance?

Cyber Insurance for the construction industry has been specifically designed to protect businesses from a variety of risks associated with doing business online.

Every business that has an online presence or that uses technology as part of its day-to-day operations is potentially vulnerable to a cyber attack. These attacks can compromise personal or confidential data, cause financial loss and liability to third parties, and damage your business's reputation.

Key Highlights

No matter the size of your operation, cyber attacks can pose a significant risk to your business’s profitability. Cyber Insurance is designed to protect your business’s bottom line, as well as your reputation, by mitigating losses associated with cyber crime.

  • Protect your business against financial losses resulting from a cyber incident
  • Guard against common cyber threats that aren’t covered by traditional insurance policies 
  • Rely on a dedicated incident response team to help you tackle any situation head-on 
 

Why might I need Cyber Insurance? 

Australian businesses face increasingly sophisticated cyber attacks that target what matters most to them: their data, money and reputation. Cyber Insurance has become an important consideration for almost every business, largely because traditional insurance policies such as property insurance are not likely to provide cover for liabilities arising out of cyber-related incidents such as business interruption, damage to digital assets, or the costs associated with defending a cyber claim. Cyber crime is an unfortunate reality for Australian businesses – the Australian Cyber Security Centre (ACSC) reports that it receives approximately 144 reports of cybercrime every day1

What is covered?

Cyber Insurance policies can be divided into three main areas – First Party Cover, Third Party (Liability) Cover and Crime Cover.

First Party Cover

This provides cover for financial losses suffered by your business as a result of a cyber incident. This can include losses associated with computer system downtime (such as business interruption, loss of profits, claim preparation costs and damage to your business’s reputation). It may also cover your business for hardware replacement costs (limited) and data recovery costs.2

Third Party (Liability) Cover

This offers cover for liabilty to third parties (such as a client) as a result of a cyber incident in your business. For example, network security breaches, data and privacy breaches, virus and malware transmission, management liability and media liability.2

Crime Cover 

This cover helps assist in the event of fraud and identity theft. It can provide cover for funds transfer fraud, telephone fraud and hacking, identity fraud, invoice manipulation, cyber extortion and theft of funds. If your customers are victims of ‘push payment fraud’ (i.e. they pay money to a party that has impersonated you), they may also be reimbursed.2

Incident Response

A Cyber Insurance policy gives your business rapid access (24/7) to an incident manager to help your business recover from a cyber attack. It can cover costs associated with:

  • Obtaining legal advice
  • IT security and forensic services
  • Privacy breach management, including notification and identity monitoring
  • Post-breach remedial costs
  • Public relations services to help minimise damage to your business's reputation.
Related Products
Contract Works Insurance

Protect your assets against loss or damage by taking out Contract Works Insurance.

Find out more
Home Warranty Insurance

Mandatory insurance (with some exceptions) for residential building projects over a certain value.

Find out more

Why HIA Insurance Services?

HIA Insurance Services (HIAIS) is a joint venture between the Housing Industry Association (HIA) and Aon. The partnership means HIAIS can combine the construction industry expertise of the HIA with the risk and insurance knowledge of Aon to provide products and advice that are specific to the residential construction industry.

We understand the unique risk exposures of Australian builders, tradies and subcontractors, which means we can offer you policies that are tailored for risks commonly found in the construction sector, as well as fast and efficient claims processes.

Frequently Asked Questions

Cybercrime is a cyber security incident where cybercriminals target individuals, businesses, educational institutions or governments with a type of cyber threat.3 The Australian Cyber Security Centre has created a guide for some common cyber threats for small businesses, which includes: 

  • Malicious Software (Malware) – Unauthorised software designed to cause harm, including viruses, spyware, trojans and worms 

  • Phishing – Emails designed to trick recipients out of money and data by pretending to be a person, brand or company you are familiar with 

  • Ransomware – Certain malware that locks down your computer and files until a ransom is paid. 

Cyber insurance may assist your business from losses associated with cyber risks such as unauthorised system access, cyber attacks (including denial of service or hacking attacks), computer viruses and privacy breaches. There is a range of different types of cyber insurance cover, which can include: 

  1. IT Security and Forensic Costs 

  1. Privacy Breach Costs, including notification 

  1. Data Recovery 

  1. Business Interruption 

  1. Privacy Liability (i.e. your liability to third parties as a result of a privacy breach) 

  1. Network Security Liability (i.e. your liability to third parties as a result of cyber events) 

  1. Media Liability (i.e. your liability for intellectual property infringement or defamation) 

  1. Payment Card Industry (PCI) Fines, Penalties and Assessments 

  1. Regulatory Fines, including GDPR fines 

  1. Cyber Extortion 

  1. Cryptojacking and Telephone Hacking 

  1. Funds Transfer Fraud, including phishing or social engineering scams against your employees 

  1. Loss from theft of the policyholder's electronic identity.

Business Insurance generally includes damage to property (building and contents), business interruption and liability cover. However, insurers are increasingly applying broad exclusions to these policies for any cyber-related loss as they are only willing to provide cover for cyber-related risks on specialised Cyber Liability insurance policies.  

There may be some coverage for cyber-related losses in other insurance policies, but many cyber losses will only be covered under a dedicated cyber policy. Recent changes in insurance market conditions (particularly over the past 12 months) mean many insurers are also starting to apply cyber exclusions to non-cyber policies. 

Cybercriminals use malware and viruses, computer and network hacking, denial-of-service attacks, social engineering and online scams to commit their crimes. For cybercriminals, it can be relatively easy to access computers and networks inadequately protected by virus software or passwords. 

While a company can put various controls in place to protect their business, a significant number of cyber incidents are caused by human error. Mistakes such as clicking on a link or opening a malicious email can be enough to allow cybercriminals unlimited access to your data and infrastructure. A growing risk for small-to-medium-sized businesses is funds transfer fraud — i.e. a fraudulent request for an employee to send funds to a scammer's bank account. Depending on the Cyber Insurance policy taken out, such losses may be covered. 

Cyber incidents covered under cyber insurances are not all outsider attackers since many policies also cover privacy or security breaches from left laptops or mobile devices, programming errors or threats from rogue employees.

1Source: https://www.cyber.gov.au/sites/default/files/2020-07/ACSC%20Small%20Business%20Survey%20Report.pdf
2Subject to the full terms, conditions, exclusions and limits set out in the policy wording.
3Source: https://www.cyber.gov.au/acsc/report/are-you-a-victim-of-cybercrime