With every passing year, the scale and impact of cybercrime continues to grow, posing a significant risk to businesses across all sectors. Conversely, the patience of the public and regulators is wearing thinner by the day, with expectations that any good corporate citizen will put in place measures to protect sensitive customer data. Cyber insurance is becoming an increasingly vital part of the mix, required to effectively mitigate some of the business risk.
The financial and reputational fallout of data breaches and cyberattacks is well-understood, and cyber insurance can be a very necessary safety net, helping businesses to recover from the financial and operational disruptions caused by unforeseen incidents. Still part of a broader cybersecurity strategy, and not a stand-alone solution in and of itself.
Recent data from OAIC (Office of the Australian Information Commissioner) shines a light on the problem. Between January and June 2024, 527 notifiable data breaches were reported—marking the highest number in a six-month period since 2020. If historical trends continue, 2024 is set to record the highest number of breaches since reporting began. And it’s likely that those reported numbers under-represent the true scale of the problem, as many larger organisations choose to invoke the ‘likelihood to cause serious harm’ loophole to avoid reporting. Plus, companies with a turnover less than $3 million are also excluded.
It may be why Australian Privacy Commissioner, Carly Kind, has signalled a tougher approach, saying ‘…we are moving into a new era in which our expectations of entities are higher, seen in our recent commencement of civil penalty proceedings against Medibank Private Limited and Australian Clinical Labs Limited. This enforcement action should send a strong message that keeping personal information secure and meeting the requirements of the NDB scheme must be priorities.’
In the United Kingdom, three major UK insurance associations have united with GCHQ’s National Cyber Security Centre to help reduce ransom payments made by victims of cyber crime, offering new guidance that seeks to improve market-wide ransomware discipline and undermine the profitability of the ransom business model to reduce harm to victim organisations. You can read their advice for 'Organisations considering payments in ransomware incidents' here.
The Role of Cyber Insurance in Protecting Businesses
With that backdrop, given the frequency and likely severity of cyber incidents, cyber insurance is an essential tool for any business. One single breach can lead to substantial costs, including regulatory fines, legal fees, customer notification expenses, and even ransom payments. Cyber insurance can help to cover these costs, offering businesses a crucial lifeline when the unexpected happens.
For business and IT managers, partners and resellers, it can relieve some of the pressure and allow them to focus on the incident response rather than scrambling to find and juggle the resources needed to manage the fallout. Insurance can help to mitigate the financial blow, allowing companies to recover more quickly and with less disruption to their operations. It’s particularly valuable for smaller organizations that may lack the financial reserves to absorb a significant loss, let alone the aftershocks of possible business down turns as consumer confidence wains, and legal action from aggrieved customers, supply chain partners and other key stakeholders.
However, it’s important to recognize that while insurance can address the aftermath, it cannot prevent a breach from occurring in the first place. To truly minimize the risk, businesses need a comprehensive strategy that includes both advanced preventive measures and the safety net provided by insurance.
The Need for a Holistic Approach: Why Prevention Still Matters
Incorporating cybersecurity insurance into your strategy is smart, but it shouldn’t be the only measure that a business relies on. Advanced cloud email security solutions like MailGuard are a critical complement to any insurance policy. In fact, many insurers will insist that businesses have protections in place.
Source: Photo courtesy of Advisor Voice
In an interview with AFR Boss, CEO of Honan Insurance, Andrew Fluitsma, is quoted as saying “There’ll be a number of insurance companies that won’t even look at a business that doesn’t have a bunch of security measures in place. They’ll just turn around and say, ‘we’re not going to insure you’.”
Mr Fluitsma estimates that 38% of cyber insurance claims were ransomware related, saying, ‘In real terms, an SMB wanting to purchase $10M in cyber cover is up for approximately $60,000, an increase of $33,000 on the prior year. And larger businesses who are considered a higher risk, are looking at $350,000 per annum for a $20M policy, up from $194,000 the year before.
As a business owner, or executive leader, that’s a high price to pay on top of the myriad other insurances that businesses are faced with, and they’re all increasing too.’
Consider that cybercriminals will often use email as a primary vector for attacks, including phishing and ransomware, and even robust platforms like Microsoft 365 can miss sophisticated threats, making specialised email security an essential part of the mix in an effective cyber defensive stance.
MailGuard’s cloud-based email security solution helps to prevent threats from reaching employee inboxes, reducing the likelihood of a breach that would otherwise trigger an insurance claim. So too do measures like multi-factor authentication and effective backups, among other fundamentals for keeping your business, people and data, safe.
By combining these preventive measures with the financial protection of cyber insurance, you’re addressing both sides of the equation: minimizing the risk of a breach and ensuring a swift recovery if one occurs.
The Benefits of a Dual Strategy: Proactive and Reactive Protection
A combined approach of cyber insurance and advanced security measures offers businesses the best chance of weathering cyber incidents with minimal impact. Cyber insurance helps cover costs like legal fees, customer notification, and PR efforts in the wake of a breach. Meanwhile, solutions like MailGuard offer protection against the most common entry points for cyberattacks, adding a crucial layer of defense.
This layered strategy not only reduces your financial risk but also helps build trust with your clients and stakeholders. When customers know that you’ve invested in both advanced security and a plan for recovery, it reassures them that their data is safe in your hands. It’s a proactive approach that shifts you from merely reacting to incidents to proactively anticipating and preventing them.
Source: Photo courtesy of Adobe Stock
Conclusion: Why Cyber Insurance Should Be a Priority
The OAIC’s latest findings underscore just how widespread the problem of data breaches has become—and hint that the reality might be even worse than the reported figures suggest. The risks are clear, and as these incidents grow more frequent and severe, the importance of cyber insurance becomes undeniable. Plus, regulators and customers will be unforgiving. In the US, T-Mobile has been fined $31.5 million for data breaches, and has agreed to invest a further $15.75 million in measures to boost its cybersecurity. Meta is still the largest fine for a data breach on record, at $1.3 billion by the EU, followed by a $1.2 billion fine by Chinese regulators for Didi Global. And Australian lawyers are speculating that Medibank cold be in for an even greater fine, with tongue in cheek remarks that ‘The maximum civil penalty order theoretically available under the Privacy Act in this case is a staggering AU$21.5 trillion.’
But it’s not about choosing between insurance and other protective measures—it’s about using them together. Cyber insurance offers peace of mind when the worst happens, but robust email security measures like MailGuard, as a part of a more holistic approach, can reduce the likelihood of needing to use that insurance in the first place.
By integrating cyber insurance with advanced security solutions, businesses are not just checking boxes—they’re building a resilient business capable of riding out the bumps when their systems are unexpectedly compromised. Isn’t that the kind of protection and confidence that your customers business’s deserve?
Keeping Businesses Safe and Secure
Prevention is always better than a cure, and one of the best defences is to encourage businesses to proactively boost their company’s cyber resilience levels to avoid threats landing in inboxes in the first place. The fact that a staggering 94% of malware attacks are delivered by email, makes email an extremely important vector for businesses to fortify.
No one vendor can stop all email threats, so it’s crucial to remind customers that if they are using Microsoft 365 or Google Workspace, they should also have a third-party email security specialist in place to mitigate their risk. For example, using a specialist third-party cloud email solution like MailGuard.
MailGuard provides a range of solutions to keep businesses safe, from email filtering to email continuity and archiving solutions. Speak to your customers today to ensure they’re prepared and get in touch with our team to discuss fortifying your customer’s cyber resilience.
Talk to us
MailGuard's partner blog is a forum to share information; we want it to be a dialogue. Reach out to us and tell us what your customers need so we can serve you better. You can connect with us on social media or call us and speak to one of our consultants.
Australian partners, please call us on 1300 30 65 10
US partners call 1888 848 2822
UK partners call 0 800 404 8993
We’re on Facebook, Twitter and LinkedIn.