Insurance Is Changing in NZ. Are You Ready for New Cyber Insurance Requirements?
If you have renewed your business insurance recently, or even started the renewal process, you may have noticed something changing.
Cyber insurance providers in New Zealand are no longer only asking about firewalls, antivirus software, and backups. Increasingly, they are asking how well your staff are trained to recognise cyber threats.
Across New Zealand, insurers are tightening cyber insurance requirements as ransomware, phishing attacks, and business email compromise continue to rise. One of the biggest shifts is that security awareness training and phishing simulations are quickly becoming expected as part of a business’s cyber security posture, not just an optional extra.
For many businesses, this is becoming a key factor in securing affordable cyber insurance cover and demonstrating compliance with recognised security best practices.
Why Are Cyber Insurers Focusing on Staff Training?
The reality is simple: most cyber security breaches still begin with human error.
A convincing phishing email, fake Microsoft 365 login page, or spoofed email from a company director can be enough to compromise an organisation. From an insurer’s perspective, untrained staff create higher cyber risk and increase the likelihood of costly claims.
In New Zealand, this also connects closely with the Privacy Act 2020, which requires organisations to take reasonable steps to protect personal and customer information. Security awareness training is increasingly viewed as part of those reasonable safeguards.
What New Zealand Cyber Insurers Are Asking Businesses For
While requirements vary between insurers, many providers are now asking organisations to confirm they have:
- Regular cyber security awareness training for all staff
- Ongoing phishing simulations rather than one-off training sessions
- Reporting and tracking of staff participation
- Evidence that employee security behaviour is improving over time
- Processes in place to reduce phishing and credential theft risk
For many businesses, managing this internally can feel like yet another system to oversee. That is where ANVIL Solutions and uSecure can help.
Automated Security Awareness Training With uSecure
Through our partnership with uSecure, we help businesses implement practical and low-maintenance cyber security awareness programmes that align with modern insurer expectations.
This includes:
- Automated, bite-sized security awareness training
- Real-world phishing simulations in a simple “set and forget” format
- Clear reporting that can be shared with insurers
- Minimal administration for your internal team
- Monitoring for compromised accounts and leaked credentials in known data breaches
Most importantly, this turns insurance requirements into genuine cyber risk reduction rather than simply ticking compliance boxes.
See Where Your Business Is Exposed
One of the biggest eye-openers for organisations is understanding where cyber risk already exists within their team.
That is why we are happy to run a no-pressure security awareness exercise with your staff. This can safely demonstrate:
- How convincing modern phishing attacks really are
- Where staff may unknowingly be exposed to cyber threats
- Which areas would benefit most from further training
- How businesses can improve their overall cyber security culture
There is no blame and no finger-pointing. The goal is visibility, education, and improvement.