Why claims response matters in cyber
IN Partnership with
Delta Insurance’s Antonio Prgomet explains why rapid claims response and human reassurance are as vital as technical fixes when businesses face cyberattacks
More
WHEN THE phone rings at Delta Insurance New Zealand’s cyber helpline, Antonio Prgomet knows the voice on the other end will likely be strained, urgent and teetering on panic. A breach can be an existential matter for a business, and owners often fear they’re about to lose not just client trust and sensitive data but their very livelihoods.
As a senior liability claims handler at Delta, Prgomet has a rare dual vantage point – rooted in both underwriting and claims – that gives him insight into how companies experience digital disaster. He’s seen first-hand that the real
100% Kiwi-owned and operated, Delta Insurance New Zealand was founded in New Zealand in 2014 to answer the call for insurance in emerging and specialised areas. It now insures over 30,000 risks insured across 18 products in Property, Financial Lines, Technology, Environmental, Commercial Motor and Specialty lines. Delta Insurance New Zealand products are tailored for the unique attributes of the insurance market in Aotearoa. Delta is committed to underwriting excellence, customer-centric initiatives, innovation and community impact. Delta Insurance New Zealand won ANZIIF’s Insurance Underwriting Agency of the Year award in New Zealand five times and in 2023 it was named Insurance Business’s Top Insurance Employer.
Find out more
How NZ businesses are being compromised in cyberattacks
By email phishing attack
“Our cyber claims are handled
by a specialist team with many years of experience in managing [high-pressure] incidents like these”
Antonio Prgomet,
Delta Insurance New Zealand
difference in containing a cyberattack often lies not in the technology deployed but in how people are guided through the chaos.
That’s why Delta has built its cyber proposition around rapid, specialist claims response: a structure designed to cut through delay, connect clients directly with expert teams and provide both technical fixes and calm, confident support when minutes matter most.
Delta’s comprehensive approach extends beyond traditional claims payment to include 24/7 rapid response from New Zealand-based IT security experts who can immediately contain cyberattacks, restrict third-party access and secure IT infrastructure perimeters. Delta’s policy also provides access to baseline cybersecurity assessments that help clients identify vulnerabilities before incidents occur.
Certain sectors face disproportionate cyberattack risk due to the sensitive nature of their data holdings, and these patterns are intensifying as attackers become more sophisticated.
“Targeted industries are professional services, especially law firms, retail, financial services, healthcare and government, due to the type of information they hold,” says Prgomet.
The challenge extends beyond direct systems to encompass the entire business ecosystem. Modern networks have numerous potential access points.
“Your network extends beyond your laptops and phones, so anyone who logs into your network is a potential access point for hackers. You should make sure that the entities you engage with also have strong cybersecurity policies,” adds Prgomet.
Delta’s sector-specific expertise becomes particularly valuable in these high-risk industries. The insurer maintains specialised response capabilities for different sectors, understanding that a healthcare breach requires different expertise than a law firm incident. This tailored approach ensures appropriate regulatory compliance and industry-specific incident management rather than one-size-fits-all responses.
Delta’s claims response follows a structured crisis management process: initial triage to identify problems and commission resources, crisis containment to prevent attacks from spreading while providing PR response and legal support, and crisis resolution involving forensic investigation, system restoration, ongoing communications and business interruption loss assessment.
Rapid AI adoption creates fresh complications when it comes to both cyber risks and insurance coverage. Most businesses are implementing AI tools without formal policies or full understanding of the associated risks.
“More and more businesses are starting to use AI, and that’s created a host of privacy concerns,” says Prgomet. “Most companies don’t have a formal AI use policy in place, so brokers should check their clients’ policies and make sure that there isn’t any policy uncertainty regarding AI before claim time.”
This rush to integrate AI – without addressing security, legal or risk implications – is expanding the digital attack surface faster than most companies can manage.
The challenge is compounded by varying levels of broker expertise. Liability specialists stay current with policy developments, while generalist brokers may struggle to keep pace with rapid changes.
“The brokers that specialise in liability insurance will be across it; they know the latest trends – whereas for some of the more general, suburban-type brokers, cyber is not a speciality, and that’s where we need to do a bit more training,” Prgomet explains.
Share
Industry targeting patterns intensifying
The AI policy puzzle
Published 07 Oct 2025
Share
“More and more businesses are starting to use AI, and that’s created a host of privacy concerns”
Antonio Prgomet,
Delta Insurance New Zealand
Through an unsecured website
Through an unsecured application
Through a third-party attack or breach
Through a business social media account
By an internal actor
By a text (smishing) attack
Cloud misconfiguration or vulnerability
Via an unpatched system or device
DDoS attack
Through an AI breach
*Businesses were asked to select all responses that applied
Source: Kordia New Zealand Businesses Cyber Security Report 2025
Source: Taylor Fry, presentation at New Zealand Society of Actuaries Conference 2024, “No cyber relief – why do New Zealand cyber insurance take-up rates lag peer countries?”
Gross written premium 2024
Size of cyber insurance markets in NZ and Australia
$45m
NZ
$650m
Australia
When cyberattacks occur, the technical response is only part of the solution. The human element – managing panic, coordinating expert teams and providing reassurance – often determines whether incidents are contained or escalate into disasters.
“When people face these kinds of problems, they’re often overwhelmed. It’s a completely new situation for them,” says Prgomet. “They’re saying things like, ‘Our customer data has been taken. What do I do? Where do I even start?’ That’s where our experience really makes a difference – we can guide them through.”
Time pressure distinguishes cyber claims from traditional insurance matters. Cyber incidents demand immediate action.
Delta’s claims response structure is designed around this urgency. The company maintains a dedicated cyber helpline that connects clients directly with a panel of pre-approved experts. This approach eliminates delay layers that could prove costly during active incidents, providing immediate access to both technical expertise and reassuring support.
Prgomet’s dual background in underwriting and claims proves essential in these high-pressure moments. “And it’s not just me,” he adds. “Our cyber claims are handled by a specialist team with many years of experience in managing incidents like these. That collective expertise means we can provide clear, confident support when it’s needed most.”
His underwriting experience helps quickly assess coverage applicability, while claims expertise guides him towards appropriate response teams.
“I know who I need to call to help you,” says Prgomet. “It’s not always the same people. If it’s a bigger incident, we need a broader response team.”
The cyber helpline connects clients to Delta’s panel of expert partners, including forensic specialists who can immediately secure compromised systems, legal advisers who assess privacy notification requirements, and crisis communications experts who help manage stakeholder concerns.
The human crisis factor
The threat environment has undergone a fundamental transformation, driven by artificial intelligence capabilities that render traditional security awareness obsolete. What once targeted only senior executives now threatens every employee in every department.
“The increasing sophistication and use of AI has led to the increasing amount of phishing scams and fictitious emails, with malware being sent to staff across all departments. Before, it used to be just C-suite and executives, but now it’s admin people, juniors; everyone gets targeted,” Prgomet explains.
This democratisation of targeting requires businesses to completely rethink their security training approaches. The attacks are becoming increasingly difficult to identify, demanding continuous education that evolves alongside AI capabilities.
Delta’s response to this shift involves continuous training updates for its claims team as well as its client base. The insurer shares this knowledge through webinars and client communications, ensuring that both internal expertise and client awareness evolve alongside the threat landscape.
A recent report on the state of cybersecurity in New Zealand businesses showed that the number one type of compromise was phishing, at 43% – nearly double the next most common types of breach: access through unsecured websites (22%) and unsecured apps (21%).
Beyond email attacks, the threat landscape encompasses multiple vectors. “Emerging trends in the threat environment are phishing and credential harvesting, phone-based bank impersonation scams and AI-enabled social engineering,” says Prgomet.
AI transforms everything
The sophistication extends to future threats that could bypass even multi-factor authentication (MFA). Prgomet expects particular growth in deepfake technology and third-party breaches that exploit supply chain vulnerabilities.
“I expect to see an uptick in AI-enabled fraud, such as deepfakes, leading to MFA bypass and third-party vendor or managed service provider breaches,” he says.
Although the market is growing, New Zealand companies lag in uptake of cyber insurance, with coverage in 2024 thought to be only 8–10% and gross written premiums just under 7% of those written in Australia, according to actuarial consulting firm Taylor Fry.
Against this background, larger firms are leading the way in boosting coverage. “Larger firms increasingly must hold cyber insurance due to their contractual requirements,” says Prgomet.
Like in Australia, poor SME coverage represents both the biggest opportunity and the greatest challenge for cyber insurance growth.
The primary barrier remains education and perception.
The SME opportunity gap
Many SMEs hold the dangerous misconception that cyberattacks only target large organisations that make headlines.
“SMEs still fall into the trap of thinking this won’t ever happen to me, because it’s always the large firms that you see hit the headlines,” says Prgomet. “Anyone could be the next target, especially SMEs, with that false mindset.”
Delta is a market leader in this area, with over 90% of its cyber business stemming from SME clients, according to Prgomet. Despite the weaker economy in New Zealand than across the Tasman, Delta has found that flexible policy structures can make cyber insurance more accessible as an add-on to existing liability coverage. The insurer’s policy structures accommodate varying risk profiles and budget constraints.
“We’re seeing SMEs adding cyber to their suite of liability policies at renewal. Delta is flexible in terms of policy limits, sub-limits and excesses, which makes it an easier upsell,” Prgomet explains.
Delta’s SME focus is supported by offering coverage for business interruption for lost profits when IT systems are attacked, third-party liability for claims resulting from data breaches, hacker theft cover for stolen funds, network extortion response, costs to restore software and electronic data, data forensic services, public relations expenses, notification services and credit monitoring, and mandatory breach reporting compliance.
One encouraging trend is more clients taking proactive approaches to cyber incident preparation rather than waiting for attacks to materialise.
“We’ve increasingly seen clients that are going through their renewals call their broker and ask, ‘OK, we’re reviewing our incident response plan. What do we do?’ ” says Prgomet.
Delta offers pre-loss services such as vulnerability scanning. This value-add risk management tool helps clients strengthen their defences before attacks occur, rather than merely responding after breaches happen.
“It’s typically the more sophisticated companies that will get involved. Our portfolio is quite big on tech risks, so those clients are technically switched on,” says Prgomet.
By helping clients understand response processes in advance, the insurer reduces both the severity of potential incidents and the stress levels experienced by business owners during crises. The approach transforms policy purchase from a compliance exercise into a business continuity investment.
For less technically savvy clients, Delta’s robust response capabilities serve as the incident response plan itself – a common reality for time-poor sole traders and micro-business owners.
Proactive preparation gains traction
Prgomet considers the actuarial understanding of cyber losses in the broader market as still weak, despite over a decade of development. This creates ongoing tension between competitive pricing and sustainable risk management.
“It becomes a balancing act between pricing the risk and remaining competitive in the market and palatable for our clients,” he says.
This actuarial uncertainty has practical implications for claims handling. Unlike traditional insurance lines where decades of loss data inform coverage decisions and claims reserves, cyber insurance operates with limited historical precedent. Each major incident potentially provides new insights into exposure patterns and response costs.
The constantly evolving threat environment compounds this challenge. Just as insurers begin understanding certain exposures, new risks emerge requiring fresh analysis and adaptation.
From a claims perspective, this means constant learning and adaptation. Response procedures that work effectively for one type of incident may prove inadequate for newly emerging attack vectors. This is where Delta’s flexibility and readiness to adapt its approach as both threats and response capabilities evolve is a major strength.
Even experienced professionals can struggle to keep up with the relentless change in the area – but for Prgomet, it’s the culture of continuous learning at Delta that gives it an edge over the competition.
“That’s what keeps the job interesting,” he says.
The knowledge challenge
RSS
Sitemap
Contact us
About us
Conditions of Use
Privacy policy
Terms & conditions
People
Copyright © 2025 KM Business Information NZ
Contact Us
E-Newsletter
Authors
Regular Contributors
Advertise
Contact Us
Catastrophe & Flood
Claims
Construction & Engineering
Cyber
Environmental
Hospitality
Legal Insights
Life & Health
Marine
Motor & Fleet
Non-Profits & Charities
Professional Risks
Property
SME
Technology
Travel
Specialty
Best in Insurance
Business Strategy
E-mag
Editorial Panels
Events
Guides
IB Talk
Opinion
Premium Content
Insurance Companies
Webinars
White papers
Resources
Reinsurance
Risk Management
TV
News
Insurance News
Columns
Diversity & Inclusion
Mergers & Acquisitions
NZ
RSS
Sitemap
Contact us
About us
Conditions of Use
Privacy policy
Terms & conditions
People
Copyright © 2025 KM Business Information NZ
NZ
Contact Us
E-Newsletter
Authors
Regular Contributors
Advertise
Contact Us
Catastrophe & Flood
Claims
Construction & Engineering
Cyber
Environmental
Hospitality
Legal Insights
Life & Health
Marine
Motor & Fleet
Non-Profits & Charities
Professional Risks
Property
SME
Technology
Travel
Specialty
Best in Insurance
Business Strategy
E-mag
Editorial Panels
Events
Guides
IB Talk
Opinion
Premium Content
Insurance Companies
Webinars
White papers
Resources
Reinsurance
Risk Management
TV
Insurance News
Columns
Diversity & Inclusion
Mergers & Acquisitions
News
Copyright © 2025 KM Business Information NZ
RSS
Sitemap
Contact us
About us
Conditions of Use
Privacy policy
Terms & conditions
People
NZ
Contact Us
E-Newsletter
Authors
Regular Contributors
Advertise
Contact Us
Catastrophe & Flood
Claims
Construction & Engineering
Cyber
Environmental
Hospitality
Legal Insights
Life & Health
Marine
Motor & Fleet
Non-Profits & Charities
Professional Risks
Property
SME
Technology
Travel
Specialty
Best in Insurance
Business Strategy
E-mag
Editorial Panels
Events
Guides
IB Talk
Opinion
Premium Content
Insurance Companies
Webinars
White papers
Resources
Reinsurance
Risk Management
TV
Insurance News
Columns
Diversity & Inclusion
Mergers & Acquisitions
News