CGU Cyber Defence

The answer to protecting your business from all things cyber.

Why do I need cyber insurance and what will CGU cover me for?

The Australian Government estimates almost 700,000 businesses have experienced a cybercrime.  60% of these attacks were targeted at small to medium size businesses with the average cost of a cybercrime attack costing more than $275,000.*

CGU protects your business against cyber exposures that can impact your business from direct costs to your business, and claims from third parties. Costs associated with defending cyber claims are also covered. Our incident response team is on alert and ready to take action 24/7.

An incident can be as simple and innocent as attaching the wrong file to an email or using an image on your website which has been copyrighted by another entity to more complicated situations such as a hacker attack and loss of customer information.

Cyber events can result in thousands of dollars in remediation costs, customer notification costs, hefty fines from regulators, extortion costs or being sued by customers or employees for loss of personal information as a result of a cyber incident

Some things you're covered for

  Privacy protection against third party claims for loss of employee/personal/corporate information
  Lost damaged or destroyed  IT systems, IT records and ITdata
  Business interruption caused by a cyber event that affects profits
  Liability arising from hacker attack or virus
  Protection against libel, slander or defamation
  Liability arising from hacker attack or virus
  Infringement of copyright, trademarks & trade names
  Breach of statutory duty from eCommerce Business
  Costs of negotiating, mediating due to an extortion attempt
  Fines and penalties incurred due to a privacy breach as well  cover for your defence and investigation costs

In the event of a Cyber event, loss or claim contact the CGU CYBER INCIDENT RESPONSE TEAM on 1800 696 773 or email

CGU Cyber Defence has a 24/7 incident response team ready to manage all cyber incidents and data breaches from initial notification through to resolution. Our team includes IT forensic investigators, lawyers, credit monitoring specialists, public relations consultants and call centre / mail house services.

Claims Examples

  • EMPLOYEE ERROR (First Party & Third Party Claim)

    A retailer emailed a group of customers to promote a sale with special discounts available to them. The retailer intended to attach a copy of the flyer detailing the discounts but instead attached a copy of a spreadsheet that contained a customer list, including customer names, addresses and credit card information. RESULT The retailer was required to notify all affected customers of the error and offered credit monitoring services. Several of the affected individuals began legal proceedings against the retailer. The notification and credit monitoring costs totalled $50,000, and the amount to settle the legal proceedings with the retailer’s customers combined with the associated legal costs and expenses totalled $100,000. CGU SOLUTION CGU Cyber Defence Insurance Policy provides coverage for breach of privacy which includes legal costs, indemnification of third parties and crisis management costs.

  • HACKER ATTACK (First Party Claim)

    A transport company discovered its servers had been infiltrated by an unidentified third party, allowing the third party to access files. This included accessing personal identifiable information including credit card information. Unauthorised and fraudulent transactions were made on the transport company’s customers’ accounts in multiple states and countries. RESULT The transport company was required to notify all affected customers, their personal information had been compromised and offered affected individuals credit monitoring services. The transport company was also concerned about the possible reputational damage they could suffer, so a public relations expert was brought in to assist. • The breach resulted in costs and expenses of approximately $100,000 to identify the affected individuals, notify them, set up a call centre and respond to customer enquiries. • Another $150,000 was incurred in legal costs and expenses to determine reporting requirements and respond to regulatory investigations into the privacy breach. In addition $29,000 was spent on IT forensics costs incurred to restore the data and stop the breach, and a business income loss of $250,000 was also suffered – totalling $529,000. CGU SOLUTION CGU Cyber Defence provides coverage for all elements of the loss including customer notification costs, establishment of call centre for customer support, credit monitoring expenses, brand protection costs and business interruption loss.


    A leading provider of Managed Services including IT platform hosting, infrastructure and support services to numerous customers, experienced a cyber attack where malicious software was implanted and ‘masking techniques’ were used on the company’s mainframe. As a result, the company’s customer data was stolen. RESULT It cost over $2,100,000 to resolve the issue including $1,200,000 incurred for data recovery and business interruption loss. CGU SOLUTION CGU Cyber Defence provides coverage for the cost of the data recovery and the loss of profits caused by the business interruption.


    A company accountant of a local manufacturing firm received an email from her boss asking her to transfer $120,000 to a supplier abroad. Because this was a common type of request, she processed the payment before realising that the tone of the email wasn’t right and the domain name was a single letter off. Upon further investigation, it was found that cyber thieves had infiltrated their systems and grew knowledgeable enough about company dealings to send a convincing phishing email that lost the company thousands of dollars. RESULT The company lost the $120,000 and incurred costs to secure their IT system. CGU SOLUTION CGU Cyber Defence provides coverage for the loss of money caused by phishing scams and the costs to secure IT systems.

  • MULTIMEDIA LIABILITY (Third Party Claim)

    A hotel started a blog to convey information to customers and the public. The blog page contained a logo/image that was similar to a design that had been copyrighted by another entity. That entity sent a letter demanding the company remove the image. Negotiations between the parties failed and the other entity began legal proceedings against the hotel. RESULT The entity (plaintiff) demanded more than $5 million in damages. Defence costs and expenses incurred so far exceeds $1 million, and the case has not yet gone to trial, so it’s expected these costs will increase. CGU SOLUTION CGU Cyber Defence provides coverage for breach of copyright under the Multimedia Insuring Clause.

  • PRIVACY FINES & INVESTIGATIONS (First Party & Third Party Claim)

    An IT company misplaced multiple drives that contained personal information for over one million customers. It was unknown whether the drives were lost, stolen or destroyed. The IT company was required to notify the affected individuals, as well as the privacy regulator. The regulator conducted an investigation into the incident and fined the company for failing to have appropriate safeguards in place to protect customer information. RESULT The company incurred legal fees of $1,000,000 in connection with the regulatory investigation and defending legal actions brought by affected customers and for the costs and expenses in notifying customers their personal information had been lost, stolen or destroyed. The company was also fined $75,000 by the privacy regulator. The total loss to the company exceeded $5,000,000. CGU SOLUTION This type of scenario triggers multiple Insuring Clauses under the CGU Cyber Defence policy including privacy fines and investigations.

  • BRAND PROTECTION (First Party Claim)

    A leading software provider breached its obligations to Australian customers when hackers broke into its systems in 2013 and made off with loosely encrypted passwords and credit card details. The Australian Privacy Commissioner investigated the issue and ruled the company failed to take ‘reasonable steps’ to protect the personal information of 1.7 million Australians to the level demanded by domestic privacy legislation. RESULT The company engaged the services of a public relations consultancy firm to limit the brand/reputation damage associated with the findings. CGU SOLUTION CGU Cyber Defence provides coverage for the costs associated with regulatory privacy investigations and costs to engage a public relations firm to protect the company brand.

  • EXTORTION (First Party)

    A small accounting firm’s client records were locked by ransom software. The company was only able to get files released after paying a ransom of $50,000 to hackers. RESULT The firm contacted law enforcement and working with law enforcement, determined the payment should be made. • $150,000 was paid for business interruption loss, the ransom demand ($50,000) plus consultants costs to advise on handling and negotiating the ransom, and the costs to restore the network as the hackers refused to release the files despite the ransom payment. CGU SOLUTION CGU Cyber Defence provides coverage for the payment of extortion monies and costs involved in negotiating, mediating and crisis managing to end the security threat. CGU1920




Speak with a business insurance specialist

Our team of friendly business insurance specialists can help you understand what covers are available for your business.