NIBA / Special Feature
We all know about the threat cyber crime poses to businesses of all shapes and sizes across the world.
“In Australia, small and mid-sized businesses are now among the most targeted by cybercriminals,” says Adam Kallergis, Chief Technical Officer at Metrix Insurance Group. “The Australian Signals Directorate’s most recent cyber threat report says cybercrime reports now exceed 94,000 incidents annually, with small businesses making up a significant proportion of victims. Many attacks are opportunistic rather than targeted, with attackers looking for easy entry points, not household names.” Aaron Langmaid, Head of Cyber at Blue Zebra Insurance, says this lack of appreciation of the exposure businesses have leads to an apathy that cyber criminals are taking advantage of. “Cutting through the apathy in the SME space has been the biggest challenge for several years now. Unfortunately, it is that apathy that threat actors are leveraging at the moment. It’s a tactic. They know Australian SMEs are less protected and it is an angle they will manipulate. In 2025, Australia became the third most attacked region in the world.”
Kallergis says that to break through this apathy, we need to change the conversation. “We need to change how cyber insurance is framed. Education should move away from fear-based messaging and towards business continuity and survival. The reality is that the average cost of a cyber incident for an Australian SME can run into hundreds of thousands of dollars once downtime, lost revenue, reputational damage and recovery costs are factored in, often far exceeding the annual premium.” Creating a new era of insurance As well as changing the conversation with clients, the cyber threat has changed the way insurance is offered and delivered, with many cyber insurance offerings reimagining what an insurance policy delivers, with active risk mitigation and prevention at the core. Kallergis says, “Most modern cyber policies increasingly bundle incident response, forensic support, legal advice and business interruption assistance.
Or do we really?
Because while the threats are seemingly well known, there’s still a lack of understanding among some businesses – and perhaps some brokers – about just how necessary cyber insurance is. “We’re observing the same challenge as we’ve seen for the past couple of years, in that 80% of SMEs aren’t buying cyber insurance,” says Con Bakas, Chief Underwriting Officer at cyber insurance agency Cylo. “Businesses don’t appreciate the exposure they’ve got. We’re seeing a lot of new enquiries come in after a business has suffered a cyber event without insurance. It’s now not a ‘can this happen’ conversation – it’s a conversation of ‘how long can you survive without cyber insurance’.” There’s undoubtedly been increased media talk around cyber threats businesses face over recent times, and the reality is important to reiterate.
48 / INSURANCE ADVISER FEBRUARY/MARCH 2026
Made with FlippingBook Digital Publishing Software