Cyber risk, reality, and readiness: Takeaways from our expert Q&A

By James Crowther, Head of Emerging Risks at Agile

Cyber insurance continues to be one of the most talked-about—and most misunderstood—products in the market. That’s exactly why we hosted a live Q&A alongside Jason Symons and Mitch Riley-Meijer from Mills Oakley, where we explored the evolving threat landscape, unpacked key aspects of cyber coverage, and tackled some of the common myths still floating around.

If you missed the session, here are a few key reflections from the discussion.

The cyber threat landscape is escalating

It’s clear that business email compromise and ransomware are still the most prevalent threats facing businesses today. But the sophistication has stepped up. As Mitch explained, ransomware now operates like a fully-fledged business model. There are playbooks, structures, even help desks.

And then there’s AI—being used not just for deepfakes, but to craft more convincing phishing attempts, break through MFA, and scale social engineering at speed. We’re seeing real-world cases where attackers use deepfake audio or video to impersonate executives and authorise fraudulent transfers. This isn’t future risk—it’s here now.

Why Cyber insurance matters

Cyber insurance isn’t just about financial recovery—it’s about response. A good policy should activate immediately when an incident occurs, helping organisations get expert support during their most vulnerable moments. From triage and forensics to legal advice and regulatory support, this early intervention is often what makes the biggest difference.

One critical point raised during the session was legal privilege. When legal counsel is involved from the outset, organisations can respond more effectively and with the protection of legal privilege—something often overlooked when planning for an incident.

Better claims outcomes start with communication

Unlike traditional insurance lines, cyber claims require rapid, coordinated action. We make it a point to keep brokers informed throughout the response process, with regular updates from our incident response team. This transparency ensures clients know what’s happening and when, reducing friction and helping everyone stay aligned.

Coverage vs. crime

Invoice fraud sparked some great discussion. We clarified that while cyber policies can include sub-limited cover for invoice manipulation and social engineering, they’re not designed to be a catch-all for crime-related losses. In some cases, a dedicated crime policy might be the better fit—cyber should be seen as complementary.

Taking a proactive approach

A standout feature of our cyber offering is the proactive support we provide even before something goes wrong. All Agile Cyber clients can access a one-hour consultation with leading cyber experts, helping them assess their posture and ask questions about their environment.

We also conduct perimeter scans and notify brokers of any critical exposures—things like outdated software, open ports, or patching gaps—so these can be addressed before they’re exploited.

The role of brokers

One thing we emphasised was that brokers don’t need to be cyber experts. What they do need is access to a network of trusted advisors, ready to support their clients when the unexpected happens. That’s what our model is built around—providing not just insurance, but the people and expertise behind it.

Looking ahead

The regulatory environment is shifting too, with stronger penalties under Privacy Act amendments and increasing expectations around response and reporting. All the more reason for businesses to take cyber seriously, not just as a compliance issue, but as a business-critical risk.

Cyber is a space where preparation really pays off. I’m grateful to have shared the stage with Jason and Mitch—both brilliant minds in the field—and look forward to continuing the conversation as this space evolves.

If you’d like a copy of the webinar recording, click here. If you want to explore how Agile Cyber can support your clients, get in touch on cyber@withagile.com.