Some insurance industry stakeholders are reporting a recent surge in cyber insurance claims in Australia compared to other countries. The surge is attributed to factors including Australia’s lower baseline of cyber maturity and also mandatory reporting. Industry experts say brokers can help by educating clients about the importance of risk visibility and pushing for basic but effective controls.
“The surge in claims in Australia can be attributed to several key factors,” said Jason Hart (pictured), managing director of Proactive & Global Security Services for CFC Underwriting.
Hart said during the first half of 2025 threat actors increased their focus on Down Under. “Australia has seen heightened targeting from ransomware groups and financially motivated threat actors,” he said. “This includes opportunistic exploitation of known vulnerabilities, often within smaller or mid-sized businesses that may have weaker cyber hygiene.”
For years, the Insurance Council of Australia (ICA) and local industry players have reported a low uptake of cyber insurance by SMEs. Some reports suggest uptake is under 20% and dominated by larger corporate firms. Smaller businesses are often unable to afford the cost of the insurance and, according to brokers, are unaware of the full scale of the risks to their business.
Hart said part of the claims surge can also be attributed to Australia’s strong cyber regulatory environment and mandatory reporting. “The Notifiable Data Breaches (NDB) scheme has driven increased awareness and mandatory breach disclosures,” he said.
As a result, incidents that might previously have gone unreported are now formally lodged as claims. Another prime driver of these cyber claims is connected to the relatively low uptake of cyber insurance. “Compared to the US and UK, many small to mid-sized Australian firms are still maturing their cybersecurity posture,” said Hart. “This creates greater exposure to preventable incidents, especially business email compromise (BEC), credential theft, and ransomware.”
However, Hart said that data he’s seen shows a “rapid growth in cyber insurance adoption across Australia.” However, he said an issue is emerging because this hasn’t always been matched, he said, with equal investment in controls or preparedness.
“This misalignment increases the volume and severity of claims,” said the cyber expert.
Another important surge factor: the targeting of managed service providers (MSPs). These are the third-party companies that remotely manage an organization’s IT infrastructure and end-user systems, including services and help desk support.
“Threat actors have exploited Australian MSPs as a pivot point into multiple insured businesses,” said Hart. “These supply chain attacks lead to larger volumes of simultaneous claims.”
“Ultimately, brokers are in a unique position to move the conversation from, ‘How do we respond to an incident?’ to ‘How do we reduce the likelihood of one happening at all?’” Hart said.
He recommended five steps brokers can take:
“Help clients understand their external attack surface and key exposures at the quote or renewal stage not just after a claim,” he said.
“Promote practical controls such as multi-factor authentication (MFA), regular backups with offline storage and privileged access management,” said Hart. He said these are still the most effective defences against ransomware and BEC and many claims still stem from these gaps.
Hart said brokers should encourage their clients to have an incident response (IR) plan, even a lightweight one.
“Knowing who to call and what to do in the first hour of an incident dramatically reduces impact,” he said.
Hart said one way brokers can coach this to clients is by positioning it as part of overall risk preparedness.
“Support the insured in assessing who they’re connected to: vendors, platforms, MSPs and what access those partners have,” he said.
Hart said many incidents now originate through the supply chain, not direct compromise.
A relatively easy way for brokers to differentiate themselves, he said, is by ensuring clients actually use the proactive threat intelligence, phishing simulation and breach notification tools that are often included with cyber policies.
Are you an insurance broker? How are you helping your clients deal with cyber risks? Please tell us below.
