ARTICLE BROUGHT TO YOU BY AFTA'S STRATEGIC PARTNER - GOW-GATES INSURANCE BROKERS,
Cyber attacks and data breaches in Australia are on the rise, with statistics showing a 13% increase in cybercrime reports to the Australian Cyber Security Centre (ACSC) in the 2020-21 financial year, compared to the previous financial year.
Lewis Patton, divisional manager, executive and professional risks at Gow Gates says that based off the substantial changes seen in the cyber insurance market in the last couple of years, the current market still presents reasonable buying for insureds, particularly if Insurers are envisaging more catastrophic and frequency type losses to continue.
Coverage remains very broad and completely available for those who implement strong cyber controls.
“Businesses should be taking advantage of current the market conditions as early as they can. The cyber world is evolving quickly and as technology evolves, so do the sophistication and severity of the attacks and fraud.” he says. “It is always easier to renew insurance when you’re already covered, than it is to source new cover when uninsured, and especially if you've already suffered an uninsured loss”
Types of cyber attacks
Cyber-attacks can be diverse and can range from an unknown third-party hacking systems to access sensitive data, as was seen in the recent Optus attack, to ransomware attacks and business email compromise.
Ransomware is a form of malware which can disable your systems. The virus can lock down files and sensitive data, which is then held for ransom in exchange for large sums of money. The ACSC recorded a 15% increase in ransomware cybercrime reports in the 2020–21 financial year.
Business email compromise attacks, such as phishing emails, are targeted to the receiver and can either involve a request to transfer funds or a dangerous link or file to download. The sender is usually masquerading as a trusted third party, such as a customer or business you regularly deal with. In the 2020–21 financial year, the average loss per successful business email compromise event increased to more than $50,600 according to the ACSC – which is over one-and-a-half times higher than the previous financial year.
The attacks have not been limited to one industry or type of business, affecting small businesses, global corporations and government departments.
Nor are they cheap – the 2022 Cost of a Data Breach Report, by IBM in partnership with Ponemon Institute, found that the average total cost of a data breach for Australian companies is US$2.92 million.
Cyber insurance explained
Cyber insurance policies are available for all types of businesses. The purpose of these policies is to assist you when a cyber attack or event occurs.
Cyber policies provide cover not only for the financial consequences of an attack but also include benefits such as a 24/7 incident response hotline to assist you in the first instance of an attack and public relations to support your business in maintaining its image, reputation and customer trust after an event.
The other coverages that can be provided include third-party coverage for:
- Security and privacy liability, including cover for regulatory proceedings defence costs.
- Civil fines and penalties cover.
- Internet media liability.
First-party coverages can also be bought for privacy breach costs including:
- Forensic computer investigation expenses to determine the cause and extent of the breach.
- Cyber extortion threat and reward payments.
- Cost of notifying clients of data compromise.
- Public relations expenses.
- Digital asset replacement expenses cover.
- Business income loss.
Risk management is best practice
Cyber insurance is not the solution, a strong continually developing cyber risk management regime is. Cyber insurance can be the difference between whether the business can continue in the event (or post) an attack, or whether it's game over. Litigation, fines and penalties, reputational damage, defence and investigation costs, IT forensic and any related restoration costs etc. It can all be extremely costly and potentially debilitating for insureds.
Gow-Gates work closely with our insureds on their cyber profile, by ensuring they're implementing a strong cyber risk management regime and that it's coupled with a comprehensive and appropriately structured cyber policy.
Ensure your business is implementing the following best practice risk management procedures to prevent events occurring, or limit the damage if an attack does occur:
- Have an incident response plan and team – having a dedicated person and or team to implement your incident response plan when an event occurs will allow your response to be implemented quickly and effectively. This can help mitigate damages and costs.
- Encrypt data – with employees accessing networks using from varied locations and using many different types of devices a breach can stem from something as simple as a lost smartphone. But if data is encrypted it is more difficult to access on a lost or stolen device, which will help mitigate the potential exposure.
- Have a strong network security policy – a network security policy should be both current and enforced. It should outline the organisational rules for appropriate use of computer resources. The policy should include multi-factor authentication, strong password protocols, and usage restrictions around website access and email usage.
Gow-Gates specialises in cyber risk placement, so if you believe that this issue is relevant to your business, please feel free to contact Gow-Gates Insurance Brokers on (02) 8267 9999 to discuss your circumstances or to obtain a quotation.