Australian Cyber Security Centre research has found that small businesses, in particular, are targeted by themed phishing emails. The evolving cyber threats facing companies demonstrate how easily a compromise can impact core functions and services. 

Companies in Australia have to comply with the Notifiable Data Breaches (NDB) scheme, which makes it mandatory for businesses to report data breaches to the Government and their customers if the data breach is likely to result in data being misused.

Accountants are a highly targeted profession due to the sensitive data often kept on file, such as tax file numbers.

Manage your cyber risks

Exposure risks

Any company which holds information has a risk exposure. This can be demonstrated by the claims examples detailed:

Law firm

$1.8 million turnover

7 employees

Background: A CPA firm used a third party cloud-based software provider to hold confidential information. The cloud provider advised the CPA firm their account had been accessed by an unauthorised identity who had deleted data relating to 5,000 clients. As a result of the hack, the client was unable to trade due to the missing data and limited access to their software.

Outcome: The insurer appointed IT forensic consultants to assist the client to investigate whether the systems had been compromised. The insurer assisted the client in notifying the data breach to the Privacy Commissioner under the Notifiable Data Breaches Scheme. The total cost of the claim was $124,000, including business interruption costs, forensics and legal costs.             

$200,000 turnover

5 employees
Background: After a public holiday, a bookkeeper experienced a cryptolock virus on their computer. This was subject to ransom of $25,000 to have their files restored. Due to the sophistication of the hackers, the insurer paid the ransom to have their files restored. The insured was unable to trade for five days which resulted in a loss of income.

Outcome: $120,000 paid for the legal fees, IT service fees to replace the system and the business interruption costs for loss of income to the business.
CPA Firm

$600,000 turnover

2 employees
Background: The firm was hacked by a cypto-locker virus attack. This was a second attack after paying the first ransom.

Outcome: First Party Hacker Damage $18,170; cyber extortion costs of paying ransom $5,200; and business interruption costs $167,000. The total claim amount was $190,370

This claims data was provided by Fenton Green. 

Cyber liability insurance for members

CPA Australia’s preferred underwriter and broker, QBE Insurance (Australia) Ltd, and Fenton Green & co offer cyber liability insurance for members based in Australia to transfer this liability and assist with claims management.

The cyber liability insurance extension is tailored specifically for CPA Australia members and is available as an optional extension to your professional indemnity insurance policy. Members not currently insured with QBE and Fenton Green can purchase this as a separate policy in its own right.

The cyber liability insurance extension includes coverage for:

  • third party cyber liability
  • first party hacker damage
  • cyber extortion
  • public relations expenses
  • business interruption
  • data breach notification costs.

The limit of liability being offered for cyber risks under this optional extension is $200,000 for any one claim and in the aggregate.


CPA Australia
[email protected]

Fenton Green
[email protected] 

Terms and conditions

The products and services are underwritten and issued by QBE Insurance (Australia) Limited ABN 78 003 191 035 (AFSL 239545) (QBE) through its broker, Fenton Green Insurance Services Pty Ltd (Fenton Green). CPA Australia is solely a mere referrer of the products and services. CPA Australia makes no warranty as to the accuracy or completeness of any information contained on this webpage and/or fact sheet, nor does CPA Australia accept responsibility for any acts or omissions in reliance upon any such information. Before acting on such information, consider the appropriateness of the products and services that are promoted having regard to your objectives, financial situation and needs. Independent professional advice should be sought with respect to the product(s) and service(s) and any information referred to on the webpage and/or fact sheet. To the extent permitted by applicable law, CPA Australia, its employees, agents and consultants exclude all liability for any loss or damage claims and expenses including but not limited to legal costs, indirect special or consequential loss or damage (including but not limited to, negligence) arising out of or related to: (a) information contained on the Landing Pages; (b) Third Party Information; and/or (c) the products and services offered by any Partner. As a 'mere referrer', CPA Australia may receive revenue from QBE.