Cyber Insurance Costs Spike 113 Percent in a Year in Australia: Report

By Daniel Y. Teng
Daniel Y. Teng
Daniel Y. Teng
Daniel Y. Teng is based in Sydney. He focuses on national affairs including federal politics, COVID-19 response, and Australia-China relations. Got a tip? Contact him at
February 28, 2022Updated: February 28, 2022

Insurance costs have doubled for cybersecurity breaches amid an onslaught of ransomware attacks globally, according to global consultancy AON.

The report, Cyber Insurance Market Insights, found that average premiums rose 113 percent from 2020 to 2021, with AON Australia expecting costs to continue to rise in 2022.

“Ransomware has been, and will continue to be, a plague on organisations and insurers alike, across all industries and segments—equally challenging for small to medium enterprises, as well as large corporates and the public-government sector,” the report stated.

“Insurers have been grappling with understanding the threat vectors that organisations face and the control frameworks that reduce, minimise or eliminate these threats,” it continued.

Ransomware attacks involve hackers or syndicates freezing or encrypting a victim’s files until a ransom is paid, often in the millions.

In recent years several high-profile attacks have occurred targeting major organisations such as the Colonial Pipeline Company, JBS Foods, SolarWinds, and Kaseya Limited. The latest global brand to be targeted is Toyota which has had to suspend production after a supplier was hit by a cyberattack on March 1.

AON’s report noted that while other concerns such as data or privacy breaches were still present, ransomware had outpaced these other cyberattack mediums by “leaps and bounds,” causing “havoc” across all industries and jurisdictions.

“The impacts are truly being felt by all, and compared to traditional data breaches, the financial consequences of such matters take effect immediately (typically within a 12-month period),” the report stated, saying it marked a significant shift for the cyber insurance market, which has traditionally been a “long-tail class of insurance”—complex matters generally settled over more extended periods.

Australian insurers have reacted by reducing their “line size” or coverage by 50 percent, while placing greater scrutiny on a business’s attention to cybersecurity, including their implementation of multi-factor authentication, endpoint protection software, privilege access management and network security, and disaster recovery plans.

Authorities in Australia, the United Kingdom, and the United States have jointly issued guidelines encouraging organisations to adopt robust cyber defence measures.

Further, experts have warned that democratic countries could be caught in the crossfire of Russian-backed hacker groups currently targeting Ukrainian government websites and infrastructure.

“Malicious cyber activity could impact Australian organisations through unintended disruption or uncontained malicious cyber activities,” the Australian Cyber Security Centre said in an alert.