Do I need Cyber Insurance for my SME business?

In 2021, a cyber-attack was reported every eight minutes to the Australian Cyber Security Centre (ACSC) and surprisingly 75 per cent of reported ransomware attacks were on companies with less than 1000 staff. Those statistics alone should be enough to convince you that you need cyber insurance, however only 20% of small to medium enterprises (SMEs) do – compared with up to 70% of larger organisations.

With the business world today so heavily reliant on technology, small businesses face increasing threats from cyber criminals that could not only disrupt your operations but could also put at risk any sensitive information you hold for yourself or your clients.

In this article I will walk you through a series of questions that will help you work out whether you really do need cyber insurance. Keep in mind that insurance will only help limit the financial and reputational damage that could result from a cyber-attack on your business.

Ask Yourself These Questions

What type of data do you handle?

Have a think about the sensitivity and the nature of the data you handle in your business. If you deal with personal customer information, financial records, medical records, proprietary business data, or any confidential data for that matter, your risk of cyber threat increases.

Cyber insurance can provide you with financial protection if a data breach or a cyber-attack compromises the security of this information.

Are you online business or do you carry out an e-commerce business?

If you have a website that allows you to capture customer data, accept online payments, or offer e-commerce transactions, your site is an attractive target for cybercriminals.

The increased risk of cyber-attacks for anyone with a strong online presence makes having cyber insurance an essential element of your business. Imagine the possible financial losses that could result from a cyber-criminal accessing your website data.

How much do you rely on technology?

To what extent does your business rely on technology? If you depend heavily on computer systems, databases, or cloud services; the potential impact of a cyber-attack can be severe.

Cyber insurance can mitigate financial losses, ensuring your business can recover and resume operations swiftly.

What will a data breach potentially cost you?

If you were to suffer a data breach, consider what the potential cost implication would be. Estimates have the average cost of a cyber-attack on a medium sized business at $88k per incident. This includes the cost of forensic investigations, notifying affected parties, legal fees, regulatory fines, public relations impacts, and potential legal settlements.

Having adequate cyber insurance can provide coverage for these expenses, as well as help you to navigate the results of a cyber-attack without suffering additional financial burden.

Are the right level of security controls in place?

What controls against cyber-threats do you have in place, and are they enough? Some important controls include strong password encryption protocols, firewalls that are robust and maintained with updated security patches, up-to-date antivirus software, and regular backups of your important data. Having these preventive measures are crucial, however they don’t provide you with 100% guarantee against being breached.

Cyber insurance won’t help prevent an attack; however it will give you additional coverage if you do get breached.

Are your employees trained in cybersecurity best practices?

How aware of cybersecurity are your staff, and how often do they get trained in how to help prevent attacks? Falling for a phishing scam, accidently exposing sensitive information, or simply human error can significantly increase your vulnerability.

It is worth investing in regular training and awareness campaigns for your team and if there is an employee-related error or breach, cyber insurance can provide some protection against any losses.


Having cyber insurance won’t protect you against the threat of cyber-crime but it will reduce the financial impact if you are breached. Cyber threats are continuing to increase and evolve and it is up to you to determine whether you need cyber insurance for your business.

The questions posed above can help you make an informed decision whether to protect your business from the financial fallout of a cyber-attack by taking out cyber insurance. You can also improve your chances of getting insured by carrying out a Cyber Security Assessment. Not only will an assessment identify your key risks areas, it will also provide advice on how to improve your various controls so you can reduce the chances of being breached.

Contact me directly or click on this LINK if you want to arrange an assessment for your business.

Book A Free Consultation

Please enter your details below and click SUBMIT.
We'll get back to you in the next 24 hours to schedule a 30-minute phone call or online meeting.

Alternatively, if you would like to book directly into my calendar, please click the BOOK NOW button --->