Small and mid-sized businesses across Australia are showing increasing interest in cyber insurance as they confront a rising tide of cyber threats, according to Gallagher.
Gallagher noted in a recent blog that this shift is being driven by heightened awareness of digital vulnerabilities, particularly among SMEs that often operate without advanced security infrastructure.
Based on findings from a recent McAfee Corp survey that included Australian respondents, 71% of SME participants cited cyber security as a major risk factor for their operations.
This figure mirrors other reports’ findings. A recent report by Rubrik Zero Labs, which surveyed over 1,600 IT and security professionals in 10 countries, revealed that 90% of organisations experienced a successful cyberattack in 2024. One in five reported more than two dozen breaches in the same year. Meanwhile, the Allianz Risk Barometer 2025 ranked cyber incidents as the top business risk globally for the fourth year in a row, with 38% of respondents naming it their leading concern.
According to Gallagher, three primary factors are prompting SMEs to prioritise cyber protection:
A significant portion of cyber incidents stem from basic operational errors, often involving employees who unknowingly open malicious emails or attachments.
Gallagher emphasised the need for simple preventative practices, including verifying sender information, controlling internal access to sensitive data, and using robust multi-factor authentication systems.
In one example shared by Gallagher, a manufacturing SME that had limited perceived exposure to cyber threats suffered a malware attack triggered by a phishing email. The business temporarily lost access to key systems, including inventory and communications platforms. Thanks to their cyber insurance policy, a specialist was deployed within hours to coordinate recovery efforts. The business resumed near-normal operations within two weeks.
A separate case involved an auto parts retailer whose centralised network was compromised through remote access. The attack resulted in multiple servers being encrypted and a substantial ransom demand issued. However, with insurer support, the business used offline backups to restore operations, avoiding payment.
Gallagher noted that cyber insurance has become more approachable for smaller enterprises.
Application processes have been streamlined, and some policies offer IT environment scans to help identify system vulnerabilities.
Additionally, insured businesses often gain access to a 24/7 panel of legal, IT, and crisis communication professionals who assist from the moment an incident is suspected through to post-event recovery.
