Australian companies must give cyber insurance proper consideration and understand that general business policies may not cover all losses, law firm Allens says.

The cost of cyber crime in Australia is more than $1 billion a year, with the average cost of a data breach $2.16 million, according to software security firm Symantec.

Allens says a range of first and third-party losses can result from a breach, and a typical suite of business insurance policies may leave significant gaps.

Some public and product liability policies exclude “information technology hazards”, and while commercial crime insurance indemnifies policyholders for losses resulting from criminal acts including computer fraud, often only direct financial loss is covered.

Consequential losses such as contractual penalties, legal expenses or the cost of hiring public relations consultants are generally excluded.

As a result, insurers have devised cyber policies to cover cyber-specific risks.

“Given the increasing prevalence of cyber losses and liabilities and the significant damage they can cause a company, companies should analyse the scope of their existing coverage and, as appropriate, take out cyber-risk insurance,” Allens says.

However, it warns cyber insurance should not lead to complacency, and must go hand in hand with proper risk management and security measures.

“A comprehensive insurance program, with appropriate cover for cyber risks, is a key element of a prudent risk management regime.”