Australian small and medium-sized enterprises (SMEs) are increasingly purchasing cyber insurance, with recent data from BizCover indicating a 50% rise in policy uptake over the past year.
The trend is part of a broader shift as SMEs respond to the growing prevalence and complexity of cyber threats, particularly as digital operations expand across the sector.
Over the last three years, BizCover reports an 85% increase in cyber insurance policies sold to small businesses.
The company attributes this growth to heightened awareness of the financial and operational risks posed by cyber incidents, which can include business interruption, legal expenses, data recovery costs, and reputational harm.
Akshaye Kalkura, virtual chief information officer at BizCover, said a cyber incident can significantly impact a small business.
“Without cyber liability cover, they are exposed to operational disruption if their systems are taken offline, financial losses from investigations, legal fees, data recovery, and lost income, as well as reputational damage if customer or supplier data is compromised,” Kalkura said.
Cyber incidents affecting SMEs range from ransomware and phishing to invoice fraud and accidental data exposure. Unlike general business insurance, cyber liability policies are tailored to address these specific threats and support recovery efforts.
Kalkura noted that many business owners still believe their size makes them less likely targets for cybercrime.
“One of the most common reasons that business owners don’t take out cyber liability cover is because they believe they’re ‘too small’ to be a target,” Kalkura said.
In reality, smaller enterprises often lack the robust cybersecurity defences of bigger companies, making them appealing targets. Issues such as compromised emails, fraudulent invoices, and basic mistakes can all lead to cyber incidents for SMEs, according to Kalkura.
BizCover anticipates continued growth in demand for cyber insurance, driven by increased regulatory scrutiny and the introduction of stricter penalties for data breaches.
Kalkura added: “With greater understanding of the threat landscape comes more focus on cybersecurity measures, including insurance; and heavier penalties for data privacy breaches mean that businesses aren’t willing to take chances when it comes to protecting customer data. They know what’s at stake.”
Recent cases involving Australian SMEs underscore the impact of cybercrime.
John Beaver, founder of Desky, described how a phishing email led to a $4,700 loss after a fraudulent invoice was paid.
“Good habits and clear SOPs protect a business more than depending on technology alone,” he said.
In Melbourne, Micko of Primal Recovery (office pictured) reported a $10,000 loss to a “man-in-the-middle” scam after hackers altered invoice payment details.
“The only way to play it safe is to confirm all details before paying – even I got caught out, and I’m a savvy tech junkie,” he said.
Sydney-based Daniel Vasilevski, owner of Pro Electrical, avoided a financial loss when a supplier’s invoice was spoofed.
“It was a wake-up call about how vulnerable we are when it comes to even the simplest transactions,” he said. “We used to assume if it looked like an invoice, it was legitimate. Now we have a two-step verification process for every transaction.”
The Insurance Council of Australia (ICA) has called for enhanced cybersecurity obligations for businesses, highlighting the risks posed by artificial intelligence and automated attacks.
In its submission to the Department of Home Affairs, the ICA recommended greater accountability for technology providers, workforce development programs to embed cybersecurity expertise in SMEs, and expanded ransomware reporting requirements.
The ICA also suggests leveraging insurance policy renewals as opportunities to reinforce government cybersecurity messages and promote best practices among smaller businesses.
Andrew Hall, CEO of the ICA, said: “SMBs are not as well-resourced as their large counterparts, with managers having to operate across all aspects of business, allowing limited time for cyber security. Improving cyber literacy will help SMB decision-makers balance insurance costs with preventive measures, which can positively influence their insurance premiums.”
