Best Cyber Insurance Providers in Australia |
5-Star Cyber 

“The trends we are observing suggest the threat of data breaches, especially through the efforts of malicious actors, is unlikely to diminish, and the risks to Australians are only likely to increase,” Privacy Commissioner Carly Kind stated. 

That warning has not gone unnoticed. Brokers surveyed for this year’s IB 5-Star Cyber report say clients are asking harder questions, and many now treat breach response, real-time support and prevention tools as must-haves. 

Comprehensive coverage and claims handling remain essential, but they’re no longer differentiators. In a competitive market, brokers are looking for partners who offer expertise, consistency and meaningful protection across every stage of the cyber life cycle. 

Coalition’s 2025 Cyber Claims Report reinforces the urgency. Claims frequency jumped 15% in the past year, hitting small and midsize businesses the hardest. Phishing remains the top entry point, often leading to ransomware or funds transfer fraud, now the most expensive type of cyber loss. The report also found that clients using endpoint detection tools were far less likely to suffer severe claims, highlighting the value of proactive protection. 

Kieran Doyle, head of cyber, privacy and technology at Wotton Kearney, points out that ransomware actors remain the top concern in 2025. “Threat actor tactics are continuing to evolve,” he says. “We’ve recently seen the impact Scattered Spider can have, which has evolved to using social engineering tactics such as impersonating the IT help desk to gain access.” 

Australian Broker Network director Tremayne West cautions that simple tactics are still causing the most damage, such as the catastrophic incident Qantas suffered with its Loyalty program.  

“The risk planning to separate the confidential passport and credit card details was clever risk mitigation,” he says. “The penetration is still simple phishing via email with fraudulent bona fides that convince staff to open, access sites, or amend bank account numbers.” 

Marsh’s Australian mid-year insurance market update 2024 showed conditions improved considerably over the last 12 months. Easing of terms and pricing was driven by general improvements in cyber hygiene and an uplift in insureds’ cyber risk maturity. 

But ransomware events continue to dominate the claims space globally and in Australia, resulting in significant financial losses for businesses. Locally, SMEs have been particularly impacted by business email compromise and social engineering fraud. 

Notable cyber claims trends in the first half of 2024 included:  

• decline in frequency of ransomware claims 
   

• increased frequency of business email compromise events, for example, funds transfer fraud primarily impacting small businesses 
   

• increased claim notifications in healthcare and professional services sectors 
   

• downward trend in companies electing to pay a ransom  
   

  • increased overall loss costs related to ransomware events due to third-party liability costs 

Globally, the healthcare, communications, retail/wholesale and media and technology sectors reported the most cyber claims in 2023, with healthcare consistently ranking in the top position in recent years. 

To identify the best-performing insurers, Insurance Business Australia worked with top industry professionals over a 15-week process. The research team interviewed specialist brokers and surveyed thousands more to understand how insurers are performing in today’s market. Brokers identified the features that matter most in a cyber policy, then rated the insurers they work with on those attributes. Performance was assessed across coverage, flexibility, claims handling, pricing and, most critically, the strength of the individual products on offer. 

According to Doyle, the risk management services available from a number of insurers provide real value to clients and often for a significant discount from vendors that know what they are talking about. “It’s quite unique in insurance to see such value being provided pre-claim, and those insurers that offer pre-incident services have become game-changing,” he says. 

Brokers’ priorities in cyber cover haven’t changed. But as clients become more knowledgeable and expectations change, some features carry more weight than others. 

IB’s data from 2023 to 2025 reveals which preferences still lead and which are starting to slip. Coverage has topped brokers’ priority list each year, though the peak is beginning to taper. Brokers still see it as essential, but they’re giving more attention to other factors in client conversations. Comprehensive coverage remains the backbone of placement decisions, but it’s no longer enough on its own. 

Claims payment and processing followed a similar trend. After peaking the previous year, scores declined in 2025. Brokers still consider it critical, but many now view reliable claims service as a table stake, not a differentiator. 

“It’s all about support in a time of need, including speed of response and reassurance when it matters most,” Doyle adds. 

Underwriting expertise was a standout in 2024 but dropped off noticeably this year. Brokers may be responding to growing frustration with inconsistency or simply refocusing on broader policy fundamentals. 

Breach response has increased over the past three years, although not dramatically, yet enough to demonstrate its continued importance. It’s no longer a standout feature because brokers now expect it to be standard in any serious cyber policy. 

The demand for real-time support and risk prevention has grown in urgency in the wake of the record-breaking breach activity. Doyle believes this is where insurers can stand out. “The true value in the insurance is the real-time incident response,” he says, especially for companies not well-drilled to respond. “Even for those that are prepared, there’s still an underestimation of the strain and stress the company is under, particularly if the incident becomes public quickly.” 

The second half of 2024 alone saw 595 breaches, most the result of malicious attacks, with phishing and impersonation tactics the most common. The ASD also noted that 11% of all cyber incidents they responded to involved ransomware, a 3% increase over the prior year. Top threats reported by businesses included email compromise (20%), online banking fraud (13%) and business email compromise fraud (13%), patterns that align with broker concerns and claims data from Coalition. 

That spike in incidents may help explain why access to risk mitigation tools, which slipped in 2024, regained ground this year. Brokers are looking for more than insurance; they want partners who can help clients reduce risk before a breach happens. 

Meanwhile, price, policy customisation and extras such as vendor management and scanning remained mid- to low-tier priorities. Brokers are still cost-conscious, but they won’t trade meaningful protection or dependable service for a lower premium or technical bells and whistles. 

In a market where threat levels continue to rise, the best cyber insurance providers prioritise protection and help clients stay prepared. 

Brokers report that demand for cyber insurance is increasingly broad-based, with no industry exempt from exposure. 

• “Cyber is already embedded in the fabric of society. It is not going to slow down.” 

Doyle agrees that cyber coverage is no longer seen as optional. “Companies are starting to see cyber insurance as another tool in their armoury to assist in the response to an incident. It’s much more than a risk transfer tool like other types of insurance.” 

Growth is expected in areas such as operational efficiencies, breach response and real-time incident management that help reduce claim costs. Small and medium enterprises are seen as a key growth area, with brokers noting that cyber cover is becoming an essential purchase as awareness rises. Some brokers point out that take-up remains slow in many sectors, leaving opportunities among the uninsured and underinsured. 

• “There are no pockets. We, as brokers, need to sell it more across all of our clients.”

Social engineering and crime are perceived as specific risks that drive demand. And education and awareness remain priorities. Several brokers stress that many businesses still underestimate the need for coverage or are unsure of where to begin. 

• “Everyone needs it, but don’t yet take it; they just need to know they shouldn’t be operating without it.” 
   

• “Ongoing education for brokers is key.” 

Doyle adds that while awareness is rising, cyber cover hasn’t yet reached the maturity of traditional products such as fire or flood insurance. “That’s simply because the insurance is still in its infancy compared to more established products,” he says. “The understanding of cyber insurance and the value it provides is still not well known in comparison. More education on the benefits of cyber insurance, both to large and small companies, is required.” 

Brokers believe changes would make it easier to sell cyber policies if insurers were more consistent, straightforward and supportive throughout the process. Many point to the value of more practical tools and training to help clients understand what they’re buying and why it matters. 

• “Providing claims settlement examples would assist in adequate coverage conversation.”

West agrees that early support is where insurers can stand out. “The ability of the insurer to assist the client, their IT team and the broker in the management and rectification of the incident and its public relationship management is the real proof of excellent claims management and remediation speed.” 

“In 2025, providing risk mitigation and education is almost as essential as the coverage itself,” says Doyle. “The policy is now as much a preventative and preparation tool as it is a reactive one, and we have seen insurers evolve their proposition to include both technology and professional service-led value, regardless of whether a claim materialises.” 

However, he emphasises that the core value in the policy is still immediate access to experts to assist in recovery, investigation and mitigating the impact of business interruption, along with the ever-evolving legal risks. 

Simplifying underwriting and proposal processes is also a common ask. Brokers say this would reduce friction and help clients feel more confident about purchasing cover. 

• “Use the same terminology. And work off a coalition proposal form. There are too many differences, which is frustrating to brokers and clients.” 

Many brokers highlight the need for more accessible support, including risk experts and dedicated BDMs, to guide both them and clients through complex topics. 

• “Having experts to talk through potential risk is excellent. I rely on their knowledge in this area, not being particularly IT savvy.” 

There’s also a call for meaningful, well-structured policies that offer real value, rather than low-cost products that don’t deliver sufficient protection.

• “Provide a foolproof policy and charge for it accordingly. One insurer came out with a quasi-$200 policy some time ago – it was useless. That sort of thing should be banned.” 

Some brokers encourage insurers to take a more proactive stance on education, including creative approaches such as simulated breaches to demonstrate risk. 

• “Proactively run ethical hacks on potential clients to show how easy a target they are and how much damage they could cause if compromised.” 

Doyle echoes this: “A growing number of insurers are providing their clients with products or services … such as incident simulations, which are a great way to test the organisation’s response to cyber incidents, including how the incident response available under the policy responds.” 

Emergence Insurance has passed the decade mark, and that milestone sparked reflection for COO Colin Pausey. “We’ve just hit 10 years,” he says. “Our products have been award-winning since our first year in 2015. The one thing that’s defined us is consistency. We’ve provided consistent service, and we have consistently upgraded our policy. It doesn’t sound very exciting, but it’s a big part of why we’ve stayed strong and continued to grow.” 

It’s not just the passage of time that matters, but how the Emergence Insurance team has adapted. Over the past 12 to 18 months, Emergence has updated its policy wording, simplified its underwriting question set, added smarter cyber services for pre-loss support, and continued to expand its underwriting and incident response capabilities.  

All of it, says Pausey, ties back to the singular focus of removing pressure from clients at their most vulnerable moment. 

When a cyber event hits, timing is everything. Pausey says Emergence works off a simple mantra: every second counts. The company’s incident response and claims teams aren’t outsourced; they are Emergence employees, trained to manage a crisis from the first call. That internal model is part of what enables fast decision-making and seamless handoffs. 

“The minute they make a call, they’re talking with someone who all they do is incident response,” he explains. “It’s a stressful time for any insured. Our role is to take as much pressure as we can off them by marshalling the response and getting the right experts involved.” 

It’s not just clients who trust that process. Brokers, as the insured’s key advisor, have also learned to rely on the repeat 5-Star winner. “The broker has confidence in what Emergence does,” Pausey says. “That’s significant. We often get emails from our insureds thanking our claims and incident response team. And we always make sure to recognise that work internally.” 

Cyber risk changes on a constant basis. With cloud-based systems, outsourced IT providers, and increasing privacy exposures, Emergence has taken steps to ensure its coverage remains relevant and unambiguous. 

It adapted its policy wording to reflect modern businesses, ensuring clarity around coverage. The updated version covers system failures that occur at the: 

• client’s own business 
   

• client’s IT contractor 
   

• third-party data processor 

“There’s an argument that this was always covered, but we’ve made it explicit,” says Pausey. “It’s about removing any room for dispute.” 
 

Emergence also introduced optional cover for directors and officers arising out of a cyber event, responding to rising accountability risks. That provides: 

• protection for directors facing investigations, litigation, or regulatory action 
   

• coverage for personal defence costs 

Pausey describes this as another timely shift. “It’s not just about protecting the business anymore. It’s about protecting the individuals behind the business, too.” 

With 10 years of internal data, Emergence prices based on what it sees in the market: 

• claims patterns by industry 
   

• data volumes held and managed 
   

• risk exposure based on business type 

“We’ve adjusted our pricing to reflect risk,” says Pausey. “But we’ve also kept it simple. For smaller businesses, we ask fewer questions. We’re trying to remove friction.” 

In a softer, more competitive market, Emergence hasn’t raced to the bottom, nor did it surge prices during the hard market years across its portfolio. Instead, the company adopts a measured approach to ensure sustainability. 

“During the hard market, we tried to do what was fair,” adds Pausey. “Now, we’re offering flexible products, optional covers, varying excesses, and a range of limits. That way, brokers can match the budget and still meet client needs.” 

Emergence’s next stage is to come to clients’ aid before a breach occurs. “We’re calling it smarter cyber services,” says Pausey. “It is real-time risk management. The more we can help clients strengthen their IT security before a loss, the less likely the loss is, or the lower its likely severity. It’s all about what we can do pre-loss to improve outcomes.” 

Emergence already offers these services to policyholders, but take-up is uneven. Brokers play a key role in changing this, in Pausey’s view. “We encourage brokers to get their clients to take it up.” 

The Emergence team is also developing new underwriting technologies designed to enhance engagement for both brokers and clients. What’s on the 5-Star winner’s radar is: 

• rolling out platform improvements that make it faster and easier for brokers to quote and transact 
   

• continuing development of the policy wording 

“We’ve had at least seven iterations of our wording over the past decade,” Pausey says. “And we're already working on the next one.” 

With wide-ranging coverage, direct support during crises, and pricing that brokers can stand behind, Liberty Specialty Markets continues to earn accolades for a product known for its reliability, well-structured design, and strong service backing. 

“Brokers value our consistent, long-term underwriting approach, coupled with Liberty’s strong reputation for delivering on its promises, especially through the claims process,” explains David Gallagher, vice president and head of cyber and IT liability, professional and financial risks, Asia-Pacific. 

Liberty’s AUS Cyber policy (09-24) offers end-to-end cyber coverage and comprehensive protection across first-party losses, third-party liabilities, regulatory exposures, and reputational risks. It is supported by underwriters, engineers and claims professionals who stay involved at every stage of a cyber event. 

The policy includes coverage for: 

• damage to digital assets 
   

• network interruption and voluntary shutdown expenses 
   

• cyber extortion 
   

• reputational harm 
   

• computer crime  

Liability protection extends to: 

• privacy breaches 
   

• confidentiality and security incidents
   

• payment card data breaches  

Coverage also includes regulatory defence, notification costs, multimedia liability, and a suite of extensions such as counselling expenses, customer care, cryptojacking, emergency response, hardware replacement, and reputation protection. 

What sets Liberty apart in a crowded market is its response to clients when they experience a cyber event. The claims team takes a hands-on, collaborative approach to every incident, from initial triage calls directly with affected clients, including small businesses, to guiding them through complex and tailored recovery steps. 

A notable cyber event illustrates that approach in action, with the team providing immediate support and clarifying coverage within 24 hours of notification. 

“We also provided access to mental health and wellbeing services, giving our clients support not just technically, but personally,” Gallagher adds. “Our proactive involvement made a tangible difference in both the speed and confidence of their personal and business recovery.” 

Cyber risks continue to change, and Liberty has adjusted its policy wording and endorsements to reflect that. The leading cyber insurer updated its policy wording in October 2024 with several enhancements. 

“Additionally, we’ve introduced endorsements to further strengthen coverage, including expanded social engineering fraud protection and supply chain business interruption cover, addressing the increasing demand for a comprehensive cyber risk solution,” says Gallagher. 
 

Liberty takes a cross-portfolio approach to managing silent cyber risks, working across PI, financial institutions, and general liability. Its underwriters collaborate to pre-agree on how they will respond in the event of a cyber incident.  

Specialist underwriters, strong claims support, and a trusted vendor network support this. Bespoke endorsements are available when clients need tailored coverage. 

Liberty’s in-house cyber risk engineering team helps assess client risk and improve controls. For SMEs, Liberty expects strong basic protections such as multi-factor authentication and segmented backups.  

For larger organisations, engineers conduct detailed reviews of technical controls and governance frameworks. “A key innovation enhancing our product is the new cyber risk engineering function, which currently supports internal risk reviews and will soon expand to offer loss control services to insured clients,” adds Gallagher. 

IB presented two cyber insurance leaders with a realistic, anonymised breach scenario to explore how their claims and policy teams would respond in practice.

A national retailer suffers a major ransomware attack, bringing online operations to a halt. Malicious actors exfiltrate a large volume of sensitive customer and employee data, including contact details, dates of birth and order history. 

The retailer suspends all online and app-based ordering, including food and apparel, while working with cyber specialists to restore systems. Public confirmation of the breach comes days after customers began reporting issues. The company’s share price drops by a mid-single digit in the wake of the announcement, before recovering. 

Roughly a quarter of the retailer’s total revenue comes from online sales. The criminals also used malicious software known as ransomware, causing the company’s IT networks to become unusable until they paid a ransom. 

From your perspective, if this were your insured: 

• How would your claims team respond during the first 48 hours? 
   

• What support or guidance would you typically provide on regulatory, reputational or legal exposure? 
   

• Would coverage typically respond to this scenario under a standard cyber policy? 

Pausey explains: “When a cyber event happens, every second counts. Emergence encourages all insureds, whether large or small, to immediately contact our 24/7 incident response hotline if they suspect a cyber incident. No matter when our Incident Response Team (IR Team) is called, they are ready and able to handle the cyber incident. 

“In the initial call to our IR Team, they will triage the incident and work with the insured client to contain the breach. Within an hour of the first call, the IR Team will assemble digital forensic as well as legal and crisis communication experts (if necessary, as would likely be the case in this scenario). Our IR Team and appointed experts liaise with the insured’s management and any other service providers appointed by the insured. 

“In the first 48 hours of an incident, our IR team can be on many calls with the insured and the assembled panel of experts. Daily or more frequent updates are provided to the insured leadership team with all or selected experts, orchestrated by the IR team. Each matter differs. 

“At the same time, the claims team is aware of the claim and will be assessing an early coverage position. Once the root cause of the incident is known, a preliminary coverage position can usually be communicated to the insured and their broker.” 

Within an hour of the initial call and the triage of the incident, relevant experts are engaged, and a call with those experts is held with the client. The experts include DFs experts, lawyers and crisis communication experts. As a ransom demand is involved, whether there is consideration of paying the ransom or time is being bought, a specialist ransomware negotiator would be engaged. 

The DFs expert advises on containment and the root cause of the incident, lawyers advise on potential regulatory issues and crisis communication, and PR experts work on messaging with both internal and external stakeholders. Effective messaging after a cyber incident is pivotal to lessening any reputational impact and the public management of the incident. 

The involvement of the Emergence IR team is at no cost to the insured. 

The costs of the DFs experts, lawyers and crisis communication experts are generally covered under the policy if there has been a cyber incident, as is a ransom negotiator if engaged. If affected individuals have to be notified of the incident, that cost is also covered, as is the cost of data restoration and data security. 

Subject to any sanctions being imposed on the threat actor, if ransom payment is made, that is likely to be indemnified under the Emergence cyber policy. If there is a reduction in revenue or net profit (whichever metric the policy prescribes), as is likely with online sales being down, and that is directly as a result of the cyber incident, then the business interruption loss will be indemnified under the Emergence cyber policy. 

Any regulatory investigation or third-party legal action arising out of the cyber incident is generally covered under a cyber policy. 

Angela Messih, Liberty’s senior claims specialist and tech lead for professional and financial risks, explains: “The first 48 hours after a ransomware event is critical. In 48 hours, the Liberty claims team would: 

• acknowledge receipt of the ransomware event notified to Liberty 
   

• convene and participate in the incident response triage meetings with the insured ensure the establishment of a protocol to enhance the prospects of legal professional privilege 
   

• work with the insured to engage key incident response vendors from the Liberty provider panel, including for the purposes of this claim scenario:
   

  • a legal team experienced in handling cyber matters and ASX disclosure
   

  • DF investigators
   

  • specialist public relations consultants to manage internal and external communications
   

  • expert cyber extortion incident response consultants
   

• provide the insured with a prompt grant of indemnity for incident response vendor costs under the cyber policy”
   

In the event of a ransomware event, Liberty’s cyber claims specialists take a proactive and coordinated approach to support the insured. 

We immediately triage the details of the cyber incident, engage experienced breach counsel and incident response experts to guide the insured through regulatory notification obligations, data breach disclosure requirements, and any legal or contractual exposures. 

In this claim scenario, the primary regulatory risks arise from the Privacy Act 1988 (Cth) and continuous disclosure obligations under the Corporations Act and as articulated in the ASX Listing Rules. 

If a ransom is paid, the company will also have obligations to notify the ACSC pursuant to the Cyber Security Act 2024 (Cth). 

From a reputational standpoint, we would also facilitate access to crisis communication services to help manage public messaging and media coverage, as the insured is an ASX-listed company. Our goal is to help the insured protect their brand and minimise customer harm and stakeholder impact. 

From a claims perspective, Liberty provides clear and early guidance on how our cyber policy responds to the ransomware event, including coverage for initial and significant costs relating to legal breach response, regulatory fines (where insurable), third-party demands for compensation and business interruption losses, so the insured can make informed decisions from the outset. 

Where a ransomware event disrupts business operations, we work closely with the insured to assess the financial impact and support the insured’s return to business as usual through interim payments, where the claim is supported, under the cyber business interruption cover, intending to help manage cash flow during the recovery period. 

Our cyber claims specialists remain actively involved throughout the lifecycle of the ransomware claim to ensure a timely, commercially pragmatic, strategic and well-supported response for the insured. 

Yes, this is the precise type of scenario that a standard cyber policy would respond to. Coverage may extend to some (or all) of the following: 

•  response vendor costs – incident response, legal (incident response and responding to third-party claims or a regulatory investigation), public relations to mitigate reputational harm and ransom negotiators 
   

• business interruption and reputational harm 
   

• cyber extortion, including ransom demands 
   

• damage to digital assets and data restoration 
   

• third-party liability claims for compensation 
   

• regulatory fines and penalties 
   

• counselling expenses for mental health support during the incident response process, which is a new coverage included in our updated policy  

Both insurers emphasise the critical role of immediate triage, coordinated vendor support, and clear communication in the wake of a ransomware event. 

Emergence prioritises rapid access to its 24/7 incident response team, with coverage that typically includes forensics, legal and crisis communications support. Liberty highlights early legal privilege protections, ASX-specific disclosure obligations, and mental health support as part of its updated cyber policy. 

While their tactical approaches differ, both offer a structured, high-touch response designed to contain damage, support recovery and ensure coverage certainty within hours, not days. 

In a market flooded with risk, brokers want substance. Cyber is no longer a niche. It’s a test of how well insurers back brokers and their mutual clients when it counts. 

The best cyber insurers deliver: 

• breach response that’s fast, expert-led, and dependable 
   

• prevention tools that clients understand and actually use 
   

• clean wording, no runaround 
   

• support that starts before the claim and continues after 

 

Best Cyber Insurance Providers in Australia | 5-Star Cyber

• 
  Emergence Insurance
   
  

• 360 Cyber
• AIG
• ATC
• CFC
• Chubb
• Coalition
• Dual
• Liberty Specialty Markets
• SURA