LOG IN

Cyber Security is not Insurance

Let’s get it straight, Cyber Security (IT Security) is not the same as Insurance (sometimes named “Cyber Security Insurance”).

What is Insurance

Insurance is a post-incident payment to counter the impact of a negative event. In other words, you will get money if you are insured when the insured item goes wrong.  However, insurance won’t protect, stop or prevent things from going wrong and a negative event occurring. If anything, it has been found in certain cases, that holding insurance actually increases the frequency of a negative incident as some insured people take greater risks than if they were not insured.

What is Cyber Security

Cyber Security is is about the protection of your Cyber assets. This would be the stopping and prevention of things going wrong to your IT data such as an Anti-Virus, Firewall or a SPAM filter. So, in theory, if you had perfect Cyber Security with 100% protection then you could prevent any negative event from occurring and you would never need to use or purchase insurance. The reality is that there is no such thing as perfect Cyber Security due to the constantly evolving digital landscape. There will always be a chance of a negative event, but good Cyber Security can reduce this chance dramatically.

How do cyber security and insurance Align ?

As the diagrams show below, Cyber Security is aimed to be at the Preventative stage of a negative event (aka incident). Without any Cyber Security there is no protection to prevent the incident from occurring.

without_cyber_security

Hacking icon credits

with_cyber_security

For completeness Cyber Security actually continues on after the Incident with Detection and Response because if you can reduce the time it takes to detect and to respond to an incident you can reduce the impact of the incident.

Costs of an Incident

Why do the costs of an incident matter, if the insurance company will pay to resolve the incident anyway?
The truth is, there are a lot of “hidden” costs that money can’t buy like trust, reputation or lost business. It is also easy to under value the cost of an incident and hence the amount of insurance required. Here is a nice graph on the size of costs associated with a Cyber Security Incident:

incident_cost_acsc2016

Diagram Credit from ACSC Report

Which is better ?

If the prevention is better than the cure, then Cyber Security is the prevention and Insurance is the cure.
This suggests Cyber Security is better than Insurance, but both are necessary.
Using an analogy in the form of a car: Which is better? Car protection (seat belts, headlights, air bags, horn, automatic emergency braking, ..) or car insurance?
As the driver of the car, protection is better as it will reduce the chance of a car incident occurring and reduce the damage in the event of such an incident. But car insurance is designed to provide money to compensate for the car incident, but it wont undo the damage.

This means you should get both Cyber Insurance and Cyber Security.

Cyber Security and Cyber Insurance actually work together.  It is common for an Insurance company to perform an assessment prior to providing an insurance quote. Hence, it is possible, that an Insurance company will assess the Cyber Security of an organisation before providing insurance. It then makes sense to have good Cyber Security so you can potentially reduce your insurance premiums just as it is in the interest of the Insurance company to reduce the number of incidents that occur. 

Going back to the car analogy, a good example is that a car fitted with Automatic Emergency braking (AEB) is cheaper to insure than a car without AEB.

So now what?

If you are an organisation looking to get “Cyber Security Insurance”, then that is a great idea! You understand that no level of Cyber Security can provide 100% protection.  Just make sure you also implement Cyber Security (prevention) beyond just an AntiVirus as AntiVirus is not enough protection.
We can assist with your Cyber Security.  We perform Cyber Security Reviews, Health Checks, Advice and Audits.  Contact us to see how we can help. The advantage of knowing your Cyber Security Risks is that it enables a reduction of risks through your own actions or through the use of our Cyber Security services. In turn, reduced risks can then potentially result in a reduced Cyber Insurance premium.

CATEGORIES

-

TAGS

- - - - - - - -

SHARE

Follow Us!

Facebook Twitter Linkedin Instagram
Cyber Security by Vertex, Sydney Australia

Your partner in Cyber Security.

Terms of Use | Privacy Policy

Accreditations & Certifications

blank
blank
blank
blank
blank
  • 1300 229 237
  • Suite 13.04 189 Kent Street Sydney NSW 2000 Australia
  • 121 King St, Melbourne VIC 3000
  • Lot Fourteen, North Terrace, Adelaide SA 5000
  • Level 2/315 Brunswick St, Fortitude Valley QLD 4006, Adelaide SA 5000

(c) 2025 Vertex Technologies Pty Ltd.

download (2)
download (4)

We acknowledge Aboriginal and Torres Strait Islander peoples as the traditional custodians of this land and pay our respects to their Ancestors and Elders, past, present and future. We acknowledge and respect the continuing culture of the Gadigal people of the Eora nation and their unique cultural and spiritual relationships to the land, waters and seas.

We acknowledge that sovereignty of this land was never ceded. Always was, always will be Aboriginal land.