VMIA’s Cyber Insurance policy covers your organisation for breach response expenses incurred by your organisation. Your department, agency (or hospital) and its directors, officers and employees are all covered.

This cover includes: forensics, legal & notification, call centre, identity theft, crisis management and public relations. Legal liabilities arising from a breach of computer security or breach of privacy (personal or corporate information), including the legal costs incurred in defending these claims, are also covered.

Many organisations handle personal and corporate data daily, whether it’s employee profiles, identity card numbers, credit card information, sensitive demographic information or budget and funding information.

In an ever-increasing legal and regulatory environment, Cyber Insurance provides a risk transfer solution for data breach exposures.

What’s covered?

VMIA’s Cyber Insurance provides for first-party expenses (incurred by your organisation in the event of a cyber incident) and third-party expenses (amounts your organisation is legally liable to pay, as a result of a cyber incident).

Protection for your organisation includes:

  • forensic team expenses
  • call centre expenses
  • public relations and crisis management expenses
  • cyber extortion loss, including negotiation, security consultants and extortion payment to end the threat
  • restoring, recreating or recollecting corrupted, damaged or deleted data
  • operational costs and additional costs incurred due to a computer security failure
  • notification costs involved with notifying affected persons of a data breach and/or the Privacy Commissioner
  • data administration investigation costs, fines and penalties.

Protection for claims made by third-parties includes:

  • theft, loss or unauthorised disclosure of personally identifiable or third party corporate information
  • computer security failure resulting in corruption, alteration or destruction of data, or failure to prevent the transmission of virus or malicious code
  • failure to comply with a privacy policy
  • cover for PCI fines and costs.

This is a brief overview of policy features only. For full details, please refer to the policy wording below.


VMIA has partnered with Beazley Group to manage the cyber incident notification and breach response process. As soon as you suspect any theft, loss, unauthorised disclosure of, or unauthorised access to, information within your organisation, you should immediately notify Beazley and copy VMIA. The sooner we know about an incident, the more we can do to help.




Beazley: 1800 254 492
VMIA: 03 9270 6900

Please include the following in your notification:

  1. a short description of the incident
  2. the date the incident occurred (if known)
  3. the date your organisation discovered the incident, and
  4. contact information for the designated breach coordinator.

Please do not include any personally identifiable information or protected health information.

At this stage in your investigation, please try to preserve all evidence and secure IT systems.

A VMIA or Beazley Claims Manager will respond to the notice (generally within 24 hours) and schedule a phone call to discuss the incident and preliminary investigation.

We recommend that the key stakeholders within your organisation who are involved in investigating the incident be included in this phone call, but at a minimum, your designated incident response coordinator.

Please do not include any personally identifiable information or protected health information in your notification.

Beazley or VMIA’s claims team will be in contact within 24-hours of receipt of your notification to advise on next steps.

Policy documents

More information

For more information about your insurance policies, email us at

Page last updated: 13 June 2018