Cart
13 Jun 2025

Australian SME Cyber Targets Want Simple Insurance Solutions

Source: Gallagher - 13 May 2025

 

Australian small business owners are seeking insurance protection as awareness of cyber threats accelerates with the incidence of attacks, according to Gallagher SME risk specialists. This is confirmed by a survey conducted with a mixed cohort of SMEs, including Australians, with 71% naming cyber security as a significant risk1.

Three factors have driven SMEs to a heightened focus on cyber risk:

  • around half of all cyber attacks target small businessesdue to their comparative lack of advanced cyber security and continued use of vulnerable legacy systems
  • clients and customers serviced by SMEs are making cyber security measures a condition in contractual agreements such as business tenders
  • the costs of sustaining a cyber attack, both in dollars and down time, are increasing.

The fallout from cyber attacks goes beyond the business's financial losses and includes operational impacts, exposure and loss of customers' personal (private) data which erodes trust and damages reputation.

Why SMEs are seeking cyber insurance protection

According to the research most SME cyber security breaches are due to human error: someone in the business mistakenly clicking on a phishing link or opening a harmful attachment, which is what happened in this case.

Case study 1

How cyber insurance saved an SME's server crisis

A small, specialised manufacturer who believed they had minimal exposure to cyber risk was grateful they had nevertheless taken out a cyber policy when a seemingly innocuous email unleased mayhem.

The malware took out the server, leaving the business with no visibility over stock, pending orders or deliveries and no email communications, but the cyber insurance cover enabled a speedy response.

Within two and a half hours of notification the insurer provided a cyber expert who collaborated with the server provider to investigate the damage and restore service.

Most of the data and network were restored in less than two weeks, limiting down time to the minimum and enabling the business to carry on trading.

Scamming attempts are increasing rapidly as artificial intelligence (AI) allows cyber criminals to broaden phishing and text message scams.

To avoid cyber scams through social engineering attacks businesses should adopt practical protocols such as:

  • verifying the identity of the sender of an email
  • separating work functions between key staff to ensure access to sensitive systems data such as customer databases with personal and private information and bank accounts, is restricted and on a needs-only basis
  • using different, strong multifactor identification across various business areas and regularly changing authentications.

Case study 2

Insurer provided tech experts to retrieve business victim's encrypted data

A small auto parts retailer that used a centralised warehouse and call centre service and delivery model was paralysed when a hacker managed to penetrate the company's computer systems through the remote desktop protocol that enabled the business's computer network to share internet access.

The hacker then encrypted the business's multiple servers and sent a ransom note for millions in bitcoin. When the business reported the breach the insurer called on IT experts who used the business's offline USB flash drive data backups to restore functionality and connectivity, bypassing the need to respond to the extortionate ransom demand.

How can SMEs access insurance cyber protection?

Cyber insurance is now accessible via a simple form and affordable to businesses of all sizes. Our cyber insurance brokers can submit and manage your cyber insurance application quickly and can provide pre-assessment of your cyber risks via a service to scan your IT environment to help identify where the risks are. Without insurance your business will bear all the costs involved with a data breach, which can escalate very quickly.

Cyber cover supports small business owners by providing 24/7 access to a panel of experts, including legal, public relations and IT forensic specialists to work with you and your business and providing ongoing advice to help control, contain and coordinate your response to a cyber incident from when you first suspect you have a problem until you're back to business as usual.

Cyber insurance is designed to cover a range of threats and outcomes including:

  • impacts from a variety of cyber attacks, from ransomware to phishing
  • forced closure/downtime for your business/revenue loss
  • government notification requirements and ongoing reporting of the event
  • incident response and investigation costs
  • loss, recovery and decontamination of data.

Our specialists can help small businesses seeking access to cyber insurance protection via a simple broker-managed process to access affordable cover.

Connect with Gallagher

 

Sources

1"71% of Australian small businesses view cyber attacks as major risk," Security Brief Australia, Jan 2024.

2"Australia ‒ Small businesses vulnerable to rising cybercrime," Export Finance Australia, Mar 2023.

3"Preventing business email compromise," Australian Cyber Security Centre, accessed 30 Apr 2025.

  • © 2025 Queensland Trucking Association Ltd