Cyber specialist underwriting agency Emergence Insurance says claims frequency rose 29% and average severity jumped 51% in the past financial year.

Its portfolio analysis correlates with the latest Office of the Australian Information Commissioner quarterly data, which reported a 14% increase in notifiable breaches from the prior three-month period.

Claims costs are up to three times higher for firms with no written cyber risk management policies or awareness training, with incident severity varying widely depending on preparedness.

“The garden-variety cyber criminal goes after low-hanging fruit – organisations with weak security postures where they can access systems via open back doors,” Emergence Head of Sales Gerry Power said.

“More sophisticated criminals can be embedded within organisations’ systems for six to nine months, observing interactions, before launching targeted attacks.”

Data shows hacking is responsible for 36% of claims and extortion 31%.

Professional, scientific or technical services accounted for 20% of claims and healthcare and social assistance 14%. Financial and insurance services represented 20% of claims, but 20% of costs.

The underwriting agency says organisations that do daily back-ups recover 25% faster, and a large proportion of business interruption claim costs is in data recovery.