Cyber Insurance

Cyber insurance provides comprehensive protection across multiple critical areas of cyber risk. Data Breach and Privacy Crisis Management covers the full spectrum of breach response costs, including customer notification expenses, credit monitoring services, forensic investigation to identify the breach source, public relations to manage reputation damage, legal defence costs, regulatory fines and penalties, and complete data recovery services.

Business Interruption Coverage compensates for lost income when cyber attacks halt your operations. Whether ransomware locks your systems, a DDoS attack takes your website offline, or malware disrupts your network, you're covered for revenue losses while IT specialists work to restore your systems and get you back to business.

Cyber Extortion and Ransomware Protection covers the costs of ransom payments when hackers lock you out of your own systems, plus professional negotiator services to handle communications with cyber criminals. Social Engineering Fraud Coverage protects against human error exploitation, such as fraudulent invoices being paid, CEO fraud schemes, or staff manipulation by cyber criminals seeking to exploit your team's access to critical systems, payment processes, or sensitive data.

Cyber insurance premiums in New Zealand typically range from $50 to $100 per month, with costs determined by several key factors:

• Business size and revenue - Larger organisations with higher turnover face greater exposure and typically pay higher premiums
• Industry and data sensitivity - Businesses in finance, healthcare, and retail handling sensitive customer data face higher risk and premiums
• Cyber security measures - Strong security protocols, multi-factor authentication, regular backups, staff training, and updated systems can reduce premiums
• Data volume and type - The amount and sensitivity of electronic data you handle, store, and process directly impacts pricing
• Claims history - Previous cyber incidents or data breaches may increase premiums, while a clean record can secure better rates
• Coverage extent required - Higher policy limits, lower excess amounts, and additional coverage extensions increase premium costs
• System vulnerabilities - Outdated software, lack of encryption, poor password policies, and inadequate backup procedures increase risk and cost

What Is Cyber Insurance?

Cyber insurance — also known as cyber liability insurance or data breach insurance — is a specialist insurance product designed to protect businesses from the financial fallout of cyber incidents. These include data breaches, ransomware attacks, social engineering fraud, business interruption caused by cyber threats, and the associated costs of investigation, notification, and recovery.

In New Zealand, cyber insurance is fast becoming an essential cover for businesses of all sizes. As digital systems underpin almost every business operation — from customer databases and online payments to cloud-hosted software and remote work infrastructure — the exposure to cyber risk has never been greater. A single incident can cost tens or hundreds of thousands of dollars in direct losses, regulatory penalties, and reputational damage.

Gerrards Insurance Brokers works with 20+ trusted insurers to find the right cyber insurance policy for your specific business, industry, and risk profile. As independent brokers, we work for you — not the insurer — ensuring you get the cover you actually need at a competitive premium.

What Does Cyber Insurance Cover?

Cyber insurance policies typically provide two broad categories of cover: first-party cover (losses your business suffers directly) and third-party cover (claims made against your business by others affected by a cyber incident). Here is what a comprehensive cyber insurance policy typically includes:

• Data breach response costs — Customer notification expenses, credit monitoring services, forensic investigation, legal costs, and regulatory fines.
• Business interruption — Lost revenue and additional expenses incurred when a cyber attack disrupts your operations.
• Ransomware and cyber extortion — Ransom payment costs and professional negotiation support when hackers lock you out of your own systems.
• Social engineering and fraud — Financial losses from fraudulent payment instructions, CEO impersonation scams, and employee manipulation.
• Network and system damage — Costs to restore, repair, or replace data, software, and IT infrastructure damaged by a cyber attack.
• Public relations and reputation management — PR support to manage media, communicate with customers, and protect your brand after an incident.
• Third-party liability — Legal defence costs and compensation payments if a cyber incident results in claims from customers, suppliers, or regulators.
• Forensic investigation — Expert IT forensic services to identify the source and scope of a breach and prevent recurrence.

Who Needs Cyber Insurance in New Zealand?

The short answer: any business that uses a computer, handles customer data, or relies on digital systems to operate. However, certain businesses carry a higher level of cyber risk and should treat cyber insurance as a priority rather than an option:

• Healthcare providers — Clinics, medical practices, and allied health businesses holding sensitive patient records are prime targets and face strict regulatory obligations under the Health Information Privacy Code.
• Financial services and accountants — Businesses handling client funds, financial data, and banking access are highly attractive to cyber criminals seeking large-scale fraud opportunities.
• Retailers and e-commerce businesses — Online stores and businesses processing card payments face constant exposure to payment fraud and data theft.
• Professional services firms — Lawyers, consultants, and advisors holding confidential client information have significant third-party liability exposure from data breaches.
• Small and medium businesses — SMEs are disproportionately targeted because they typically have less sophisticated cyber security defences than large corporates.
• Businesses with remote workers — Remote and hybrid work arrangements expand the attack surface for phishing, credential theft, and unauthorised access.

If your staff use email, access online banking, log into customer management systems, or handle any form of sensitive data, your business is exposed to cyber risk. Cyber insurance ensures that exposure doesn't become a business-ending financial loss.

Common Cyber Threats Facing NZ Businesses

Understanding the threat landscape helps you appreciate exactly what cyber insurance protects against. New Zealand businesses face a range of sophisticated and evolving cyber threats:

• Phishing attacks — Deceptive emails designed to trick employees into revealing passwords, clicking malicious links, or transferring funds to fraudulent accounts. Phishing remains the most common initial entry point for cyber criminals globally.
• Ransomware — Malicious software that encrypts your systems and data, rendering them inaccessible until a ransom is paid. Ransomware attacks have escalated dramatically in frequency and demand size over recent years, with NZ businesses regularly targeted.
• Business email compromise (BEC) — Cyber criminals impersonate executives, suppliers, or trusted contacts to manipulate staff into making fraudulent payments or disclosing sensitive information.
• Data breaches — Unauthorised access to customer or employee data, whether through hacking, malware, or insider threats. Under New Zealand's Privacy Act 2020, businesses have mandatory notification obligations for serious privacy breaches, along with potential fines and penalties.
• DDoS attacks — Distributed denial-of-service attacks flood your website or systems with traffic, causing outages that result in business interruption and reputational damage.
• Supply chain attacks — Cyber criminals compromise third-party software or service providers your business relies on, using that access to breach your own systems.

The Real Cost of a Cyber Incident

Many business owners underestimate the true financial impact of a cyber incident. The visible costs — such as a ransom payment or system restoration — are often just the beginning. The full cost of a cyber event typically includes:

• Immediate incident response and forensic investigation costs
• System and data restoration expenses
• Business interruption losses — revenue lost while systems are offline
• Customer notification costs and credit monitoring services
• Regulatory investigation costs and potential fines under the Privacy Act 2020
• Legal defence costs if customers or partners make claims against your business
• Public relations and crisis communications
• Long-term reputational damage and customer churn

For small to medium businesses, a significant cyber incident can easily generate losses of $50,000 to $500,000 or more when all costs are tallied. Without cyber insurance, those costs fall entirely on your business. With cyber insurance, you have the financial support and expert resources to respond quickly and recover fully.

Cyber Insurance and New Zealand's Privacy Act 2020

New Zealand's Privacy Act 2020 introduced mandatory data breach notification requirements for businesses. Under the Act, if your organisation experiences a privacy breach that is likely to cause serious harm to affected individuals, you are legally required to notify both the affected individuals and the Office of the Privacy Commissioner as soon as practicable.

Failure to comply can result in fines of up to $10,000. Beyond the regulatory obligation, the practical costs of identifying affected individuals, drafting notifications, managing inbound enquiries, and providing support services can be substantial.

Cyber insurance directly addresses these costs. Data breach response coverage typically includes legal guidance on notification obligations, notification drafting and distribution, call centre services for affected customers, and regulatory liaison support — giving you expert help at a time when you need it most.

What's Not Covered by Cyber Insurance?

Understanding the exclusions in your cyber insurance policy is just as important as understanding what's included. Common exclusions to be aware of include:

• Pre-existing vulnerabilities — Incidents resulting from known security gaps that were not remediated prior to taking out cover.
• War and terrorism — Some policies exclude state-sponsored cyber attacks or those classified as acts of war, though this varies by insurer and is an evolving area of policy.
• Bodily injury and property damage — Physical damage caused by a cyber attack is typically covered under other policies such as property insurance.
• Intentional acts — Deliberate or fraudulent acts by the insured business or its directors.
• Infrastructure failure — Losses resulting from power outages or utility failures not caused by a cyber attack.

Gerrards will review your policy wording carefully to ensure you understand exactly what is and isn't covered, and advise on any coverage gaps that may need to be addressed.

How to Reduce Your Cyber Insurance Premium

Insurers assess the strength of your cyber security posture when calculating your premium. Businesses with robust security controls are seen as lower risk and can access more competitive pricing. Key measures that can help reduce your cyber insurance costs include:

• Implementing multi-factor authentication (MFA) across all email, banking, and critical systems
• Maintaining regular, tested, and offsite data backups
• Keeping all software, operating systems, and security tools up to date
• Running regular staff cyber security awareness training
• Using endpoint detection and response (EDR) tools
• Applying least-privilege access controls — staff only access the systems they need
• Having a documented and tested incident response plan

Even if your security posture isn't perfect, cyber insurance is still accessible and valuable. Many policies include access to pre-breach risk management resources and security tools as part of the coverage, helping you improve your defences while being protected.

Why Use Gerrards to Arrange Your Cyber Insurance?

Gerrards Insurance Brokers is an independent NZ brokerage with access to over 20 specialist insurers. When you work with Gerrards to arrange cyber insurance, you benefit from:

• Independent advice — We work for you, not the insurer. Our job is to find the best cover for your specific needs, not to sell you a particular product.
• Market access — We compare cyber insurance options across multiple A-rated insurers to secure competitive premiums and comprehensive coverage.
• Specialist expertise — Cyber insurance is a complex, fast-evolving product. Our team understands the nuances of policy wording and can explain exactly what you're buying.
• Claims support — If the worst happens, Gerrards advocates on your behalf to ensure your claim is handled efficiently and you receive the full entitlement under your policy.
• Tailored solutions — Whether you're a small professional services firm or a large retail operation, we build cyber insurance solutions around your specific risk profile and budget.

Don't wait until after a cyber incident to find out whether you're covered. Get in touch with the Gerrards team today for a tailored cyber insurance quote — and the peace of mind that comes with knowing your business is properly protected.