3 days ago
Australasian firms face tougher cyber cover rules than global peers
Australian and New Zealand businesses are being subjected to stricter cyber insurance requirements compared to their global peers, according to the 2025 Cyber Insurance Report from Arctic Wolf.
The report, based on research involving 400 professionals from cyber insurance broker and carrier companies worldwide, identifies that organisations in Australia and New Zealand must satisfy higher security standards to qualify for coverage. The average business in these markets must now have a minimum of six security controls in place, whereas the global average is five.
The findings suggest the more rigorous scrutiny is a result of the elevated risk profile in the region, where businesses are 9% more likely to experience a 'significant' cyberattack compared to the global average. This has prompted insurers to tighten eligibility criteria in an effort to protect themselves from mounting risks.
Insurers have reported a growing expectation that cyber insurance premiums will rise, with 72% of global respondents anticipating increased rates in the coming year. This follows an intensification of the threat landscape globally, driven chiefly by the adoption of artificial intelligence systems, large language models, and mounting data privacy concerns, all of which are contributing to more sophisticated attacks.
Regional requirements
For businesses located in Australia and New Zealand, the report notes email security (87%) and identity and access management (84%) as the two most commonly required solutions for cyber insurance eligibility. These requirements sit considerably above the survey's global averages, with email security at 66% and identity and access management at 53% worldwide.
Despite the prominence of these foundational controls, the survey highlights that advanced protections – such as round-the-clock Security Operations Centres (SOC) and managed detection and response solutions – are viewed as the most impactful measures for enhancing security postures.
Common claims and causes
Globally, ransomware remains the most frequent type of incident prompting claims, with 18% of insurance professionals reporting that their clients were affected in the last 12 months. Data breaches, theft of funds, and phishing incidents follow in frequency.
Artificial intelligence is cited among leading contributors to changing the nature of cyber threats. The research shows that increased adoption of AI and LLMs (large language models) are raising the complexity of attacks, posing new challenges for businesses and insurers alike.
Insurance gap and hesitancy
The survey also identifies that, despite the rising frequency of attacks, only 12% of policyholders have submitted claims in the last year. A notable finding is that a quarter of incident claims were rejected due to policy gaps, highlighting that many policies contain exclusions that are not fully understood by businesses until after incidents occur. Steve Hunter, Director of Engineering, ANZ at Arctic Wolf said: "In one of the world's most targeted cyber markets, businesses in Australia and New Zealand face insurance scrutiny like never before. Six security controls are now the entry ticket for coverage in ANZ, higher than the global average. High-profile attacks and the heightened risk of regulatory action, as seen in the Optus case, is raising the stakes for insurers and forcing local organisations to prioritise security operations as a critical business function. Insurance is no longer a financial safety net – it's a test of cyber readiness and business resilience."
The report finds that with these evolving conditions, both insurers and policyholders in Australia and New Zealand are having to adapt to an environment where robust cyber defences are not just advised, but required, for coverage eligibility. The full impact of these changes is expected to continue unfolding as both regulatory expectations and threat actors' capabilities evolve.
