Australian defence contractors are learning the hard way that in cyber, the weakest link in the chain can be a small supplier with an outdated firewall. The recent wave of attacks on defence‑sector supply chains – including IKAD Engineering, where an “external third party” accessed IT systems and exposed project information and employee files – is a reminder that what looks like a national security issue on the front page is also a pricing, coverage and distribution problem for cyber insurers and brokers. They also demonstrate that sophisticated threat actors are increasingly comfortable working through the supply chain, compromising small contractors to reach sensitive operational data.
For cyber insurers and brokers these attacks demonstrate a more fundamental actuarial problem. As broker‑turned‑managing director, Bryan Leibbrandt (main picture, left), from LML Insurance Group puts it, from an insurer’s perspective “it's a very difficult risk to price.” He sees a risk that is mutating in real time.
“We've seen a greater intensity on the cyberattacks and it's not just individuals attacking companies anymore,” he said. “It's AI running their program, trying to infiltrate the systems - and they're not picking individual companies, they're just trying to get into any one system.”
That kind of indiscriminate, automated targeting is exactly what keeps underwriters awake when they think about accumulation across sectors like defence, aerospace, engineering and OT‑heavy industrials, where segmentation between corporate IT, OT networks and defence project environments is often still a work in progress.
If insurers are wrestling with modelling and exclusions, brokers are wrestling with communication. Leibbrandt argues that the current climate is, paradoxically, a big opportunity at the coalface. With cyber in the news almost daily, he sees his role as fundamentally educational: explaining risk, security and policy mechanics so that clients understand what is – and is not – covered before an incident. For him, “It's not if it's going to happen; it's when it's going to happen these days.”
Michael Lewis (main picture, right), cyber development manager for CFC Underwriting, echoes that the core challenge for the market is not brand new technology, but basic messaging. “A massive part of my role is to educate and help brokers understand the value and the services that cyber insurance provides so they can convey that to their clients,” he said. In his view, large corporates already treat cyber as a board‑level necessity; the real friction sits at the smaller end of town, where owner‑managers still question whether they “need” cyber at all.
There are signs of progress. Lewis noted that long‑standing misconceptions – including suspicion from IT providers that cyber insurance would somehow interfere with their remit – are slowly being debunked. Managed service providers and IT consultants are increasingly seeing cyber policies as complementary, particularly where pre‑breach services, incident response and threat‑intelligence capabilities are bundled into cover. Government‑led awareness efforts are also nudging SMEs to engage - but he cautions, “there's still a lot of work to do.”
One of the more sobering lessons from the defence supply‑chain incidents is how easily cyber spills into the physical world – and how poorly some insureds, especially in regional Australia, understand that linkage. Leibbrandt points to his own client base to illustrate the point. For him, when recommending a program, “It's not always about the dollars; it's about the risk profile of the clients.”
In rural portfolios, he regularly encounters farming operations whose irrigation and other critical systems are run off IT without the owners fully appreciating the cyber dependency. A successful attack on those systems is not just a privacy incident; it is a direct hit to production and cash flow. The same logic applies, at larger scale, to OT environments in defence and industrial supply chains.
Against that backdrop, brokers are being pushed to move well beyond simple limit‑and‑premium conversations. They must help clients understand why policy wording around war and cyber operations matters if a nation‑state‑linked group hits a defence contractor; why segmentation between corporate and operational networks is not just a security aspiration but an underwriting expectation; and why coverage for incident response, forensics and business interruption can make the difference between recovery and existential threat.
Cyber, in other words, is no longer a niche add‑on. It is the lens through which systemic risk, geopolitical tension and day‑to‑day operational resilience now meet – and Australia’s defence‑sector breaches are only the latest and starkest, reminder.
