Cyber threats are costing Australia at least $1 billion a year which has led to a deeper concern about risk management and an increase of businesses taking cyber insurance.
According to the Australian Financial Review, cyber insurance covers network interruption costs, remediation and forensic investigation, alongside the restoration of data and third-party claims for unauthorised publication of data.
Major General Stephen Day, Australian Cyber Security Centre co-ordinator has said that cyber threats have been reaching networks in a sophisticated manner from issue-motivated groups, organised criminal syndicates and intelligence services of some foreign governments. “There are gaps in our understanding of the extent and nature of malicious activity, particularly against the business sector,” Major General Day said.
He continued to explain that data, consumer confidence and profit could be lost if businesses were exposed to the more serious incidents such as targeted spear phishing, cryptolocker and denial-of-service attacks.
Jim Bulling, partner financial services at K&L Gates, warns businesses that cyber insurance can be expensive. “Don’t try to bolt it on to existing professional indemnity, directors and officer and third-party policies. The definitions, exclusions and what’s covered just doesn’t work. The insurers are keen to get into this new space. They will negotiate,” Bulling said.
In a cyber resilience report released by the Australian Securities and Investments Commission earlier this year, it was recommended that directors and other board members use the National Institute of Standards and Technology Cybersecurity Framework to investigate and prevent risks. This highlights that keeping the business safe from cyber threat is not just the IT department’s responsibility.
Australian manager at cyber insurance broker Marsh, Susan Elias, said that she had seen an increase in businesses inquiring about this way of managing risk, but this may be because there is no alternative. “Insurers are already revising policy wordings that create ongoing pitfalls, so you always need to be reassessing what insurers are offering so the company buying it understands what they are buying,” Elias explained.
Elias also mentioned that regardless of how many defences are in place, no business can claim to be 100% protected, according to Australian Financial Review.
Despite the data protection regulation being implemented in 2018, 69% of IT decision makers don’t have the backing of their board to achieve GDPR compliance, according to Calligo.
The majority of the region’s 28 member states report that the situation has worsened over the past year, reports business management consultant Verisk Maplecroft.
Regulators in the UK, the US and Hong Kong instituted proceedings against more than 1,700 individuals last year, or four times the number of cases brought against companies.
The US Commodity Futures Trading Commission approved LedgerX as the first regulated clearing house for derivatives contracts settling in digital currencies.