Cyber insurance in Australia: what the 2026 claims data shows

The latest cyber claims data is out. Here's what Australian business owners should know.

One of the world's largest cyber insurers just published their 2026 Cyber Claims Report, drawing on data from over 100,000 policyholders across the US, UK, Canada, Australia, and Germany. It's one of the more useful datasets available because it's based on real claims — not surveys or estimates.

A few findings are worth paying attention to if you're an Australian business owner.

1. Email fraud is still responsible for most claims

Business email compromise and funds transfer fraud made up 58% of all claims last year. These are incidents where an attacker gains access to — or impersonates — a business email account, then redirects a payment or tricks someone into transferring funds.

The average loss from a funds transfer incident was ~AU$199,000.

What's notable is that email-based attacks aren't just a direct threat — they're often the starting point for more serious incidents. More than half of all funds transfer fraud claims last year originated from a compromised email account.

Our tip: Email filtering and multi-factor authentication on your email accounts are two of the most effective controls you can put in place. Our EmailSafe service addresses both.

2. Ransomware demands jumped 47% — but most businesses refused to pay

Initial ransom demands rose 47% year-on-year in 2025. Attackers are pushing for larger, seven-figure payouts.

Despite that, a record 86% of affected businesses refused to pay. That's a meaningful shift. Businesses that had working backups and a response plan in place were able to restore their systems without meeting the attackers' demands.

The data suggests that preparation — not payment — is what determines how well a business recovers.

Our tip: A tested backup and recovery plan is what gives you the option to say no. Our DataSafe service protects your data in the cloud and on-premise, so you're not negotiating from a position of desperation.

3. When ransomware involves data theft, costs more than double

The dominant ransomware pattern in 2025 was dual extortion — attackers encrypting your systems and stealing your data at the same time. This gives them two points of leverage: pay to get access back, and pay again to prevent your data being published.

Ransomware incidents that involved data theft were more than twice as expensive as encryption alone. It changes the calculation significantly, and it's a pattern that's becoming more common, not less.

4. Speed is the difference when funds go missing

~AU$30.7 million in stolen funds was recovered on behalf of policyholders last year, averaging ~AU$285,000 per incident. The common factor in successful recoveries was fast reporting. The sooner suspicious activity was flagged, the more likely investigators were able to intervene before funds moved beyond reach.

This applies whether you're dealing with a compromised payment or a fraudulent transfer. Time matters.

What this means for cyber insurance

The data makes one thing clear: cyber insurance works better when it's combined with good security controls. Insurers look at what you have in place when assessing your policy, and businesses with multi-factor authentication, email filtering, and regular staff training typically get better terms and premiums.

Insurance also changes your recovery options. A business without coverage faces the full cost of an incident (legal costs, data recovery, downtime, and potentially lost funds) on its own.

If you haven't yet obtained cyber insurance, or if you have a policy but haven't reviewed it recently, we can help. We work with a local insurance partner who specialises in cyber cover for Australian businesses. Contact our team and we'll make the introduction.