Cyber protection insurance
One click, one breach and your business could be done.
Affordable cyber insurance for small businesses. Cover data breaches, ransomware attacks, business interruption, and legal costs from cyber incidents. Protect your business reputation and your bottom line.
Who this is for?
This policy is designed for any business that:
- Stores customer data (names, emails, payment details)
- Accepts online payments or processes credit cards
- Uses cloud software or online systems
- Has a website or e-commerce store
- Sends emails to customers
- Relies on computers or digital systems to operate
Reality check
If you use email, a website, or cloud software (Xero, Google Workspace, Shopify, etc.), you face cyber risk. This isn’t just for tech companies anymore.
Real scenarios
Where this cover protects you:
Scenario 1: The ransomwhere attack
You open an email attachment that installs ransomware. Your entire system locks. Hackers demand $50,000 to unlock your files. You can’t access customer data, invoices, or operate your business. Lost revenue: $15,000/week. Ransom: $50,000. IT forensics and recovery: $25,000.
What Cyber Protection covers: Ransom payment (up to limits), IT forensics, system restoration, business interruption loss, PR costs to manage reputation damage.
Scenario 2: The data breach
Your website is hacked. Customer credit card details are stolen. You’re legally required to notify 5,000 customers and offer credit monitoring. Privacy regulator launches investigation. Legal costs: $45,000. Notification costs: $30,000. Regulator fine: $50,000.
What Cyber Protection covers: Legal defence, notification costs, credit monitoring for affected customers, regulatory fines and penalties, PR crisis management.
Scenario 3: The phishing scam
An employee clicks a phishing link, giving hackers access to your accounting system. They transfer $80,000 to fake supplier accounts before you notice. Your bank won’t reverse the transfers.
What Cyber Protection covers: Cyber theft/fraud cover, forensic investigation, and legal costs to pursue recovery.
Scenario 4: The system downtime
A cyberattack takes down your e-commerce site for 3 weeks during your peak sales period. Lost revenue: $120,000. IT restoration: $35,000. You’re haemorrhaging cash while systems are down.
What Cyber Protection covers: Business interruption losses, IT restoration costs, extra expenses to maintain operations (temporary systems, manual workarounds).
What's covered
Undertsanding your cover
First-party costs (your costs):
✓ Cyber extortion/ransomware:
Ransom payments and negotiation costs
✓ Data breach response:
IT forensics, legal advice, and notification costs
✓ Business interruption:
Lost income when systems are down
✓ System restoration:
Costs to restore, repair, or replace systems and data
✓ Cyber theft:
Fraudulent fund transfers or digital asset theft
✓ Extra expenses:
Costs to keep operating during recovery
✓ PR and crisis management:
Reputation protection services
✓ Credit monitoring:
For affected customers/employees
Third-party liability (claims against you):
✓ Privacy breach liability:
Legal costs when customer data is compromised
✓ Regulatory defence:
Defence costs for Privacy Act investigations
✓ Regulatory fines and penalties:
OAIC or other regulator penalties
✓ Network security liability:
Claims of spreading malware to others
✓ Media liability:
Defamation, copyright infringement online
What's not covered
Knowing the limits
✗ Physical damage:
Cyber is digital only; physical damage needs Property Insurance
✗ Pre-existing breaches:
Incidents that occurred before you bought the policy
✗ Intentional acts:
If you deliberately cause a cyber incident
✗ Unencrypted devices:
Lost laptops without encryption may not be covered
✗ Poor security practices:
If you ignored basic security standards
✗ War and terrorism:
Nation-state cyberattacks (though this is evolving)
✗ Infrastructure failure:
General power outages or ISP downtime
How to claim
If a cyber incident happens:
1. Contain the breach immediately.
- Disconnect affected systems from the internet
- Don’t delete anything (forensics need evidence)
- Change all passwords on unaffected systems
- Contact your IT provider
2. Notify us within 24 hours
There are three ways you can log the claim:
- Log it online
- Email claims@withpocket.com.au
- Call 1300 475 092
Time matters: Early notification improves recovery and reduces costs
3. Don’t pay ransoms without approval
We work with specialist negotiators. Paying independently may void your claim.
4. Preserve evidence
- Take screenshots
- Save all emails and communications
- Keep logs and system records
- Don’t “clean” or “fix” systems until forensics are complete
5. We assemble your response team
- IT forensics experts
- Legal counsel
- PR crisis managers
- Notification specialists
- Regulatory advisers
6. Follow the response plan
We guide you through:
- System restoration
- Customer notification (if required)
- Regulatory reporting (if required)
- Media management
- Business continuity
Average claim response time:
- Incident response team deployed: Within 4 hours
- System restoration begins: 24-48 hours
- Business interruption payments: 7-14 days
- Full claim settlement: 30-60 days
Get covered now
Answer 4 quick questions. Get an instant quote. Bind online.
- Quote takes: 2 minutes
- Certificate issued: Instantly upon payment
- Coverage starts: Immediately (or future date of your choice)
Frequently asked questions
Get your answers to Cyber Protection Insurance here
Do I really need cyber insurance if I'm just a small business?
Yes. 60% of cyberattacks target small businesses because they have weaker security. The average cost of a cyber incident for SMEs is $50,000-$100,000. Most small businesses can’t absorb that cost.
I use cloud services (Xero, Google, Shopify). Aren't they responsible?
What if I have good IT security already?
Does this cover our website being down?
We process credit cards. Do we need this?
What's the difference between this and Professional Indemnity?
Do you cover social engineering fraud (fake invoices)?
Still not sure?
Get in touch and we can help you.
Not sure what cover you need?
Not sure what cover level you need?
Most small businesses start with $500k cyber liability + 60 days business interruption. This covers the majority of SME cyber incidents.
Want a cyber risk assessment?
Speak to a Pocket broker. We can review your:
- Data holdings and customer records
- Security controls
- Industry compliance requirements
- Business continuity planning
A simple guide
Reduce your cyber risk
Essential (required by most insurers):
- Multi-factor authentication (MFA) on all systems
- Regular software updates and patches
- Anti-virus and firewall protection
- Daily backups (stored offline or in separate systems)
- Staff training on phishing and cyber threats
Recommended (reduces premiums by 10-20%):
- Endpoint detection and response (EDR) software
- Email filtering and spam protection
- Password manager for all staff
- Incident response plan documented
- Annual penetration testing or security audit
Advanced (reduces premiums by 20-30%):
- Security Operations Centre (SOC) monitoring
- Encryption of all sensitive data
- Zero-trust network architecture
- Cyber security insurance compliance audit
- Regular tabletop exercises
How to stay compliant
Australian Privacy Act
If your business stores personal information, you must:
- Implement reasonable security measures
- Report eligible data breaches to OAIC within 30 days
- Notify affected individuals
- Provide statement about the breach
Failure to comply results in:
- OAIC investigation and penalties (up to $50M for serious breaches)
- Reputation damage
- Customer lawsuits
Cyber insurance covers:
- OAIC notification costs
- Legal defence against OAIC investigation
- Regulatory penalties and fines
- Customer notification and credit monitoring