As the world continues to become more digitalised, with remote working becoming a new norm, and the cyber market ever-evolving, the threat of cyber attacks continues to rise. As a business or organisation, a cyber attack can have massive ramifications, both financially and otherwise. Disruption to business, loss of customers, tarnishing of reputation, and the large amount of time and resources to recover can effectively ruin a business. The cyber insurance market in Australia continues to grow, and many businesses are understanding just how vital a cyber insurance policy is in their risk management planning. While many organisations still rely on ‘silent cyber’ coverage, as the cyber market continues to evolve the need for a specifically tailored cyber insurance policy grows.
‘Silent cyber’ coverage refers to cover against cyber threats that may fall under a different insurance policy, such as a liability or property insurance policy, where the policy does not specifically exclude cyber claims. However, as the threat of cyber attacks continues to rise, some organisations find their insurance policies lacked the response they required in regards to a cyber threat. Many organisations and businesses are now seeking affirmative cover against cyber threats. A cyber insurance policy offers affirmative and proactive coverage for claims regarding cyber threats and attacks – and it has never been more vital to have a specific cyber insurance policy in place.
Effect on premiums
Cyber insurance markets are increasing throughout the globe, but Australia’s own cyber insurance market is increasing at a more rapid rate. Premiums for cyber insurance have continued to grow exponentially over the last five years, both in Australia and globally. The cyber insurance market in Australia may remain smaller than other leading developed countries, such as the US, but the rate of growth in the Australian market is increasing at a faster rate than that of the US. As more companies opt for specific cyber policies, rather than relying on ‘silent cyber’, the cost of cyber insurance will continue to grow.
What cyber insurance covers
As with any class of insurance, each individual cyber insurance policy needs to be scrutinised to determine what it covers. However, generally, a cyber insurance policy will cover cyber terrorism (including ransomware), reputational harm, some fines and penalties, and interruptions to business. As always, it is important to do your research and determine what your organisation needs to be covered against in regards to cyber safety. Speak to your GSK Insurance broker for more information on what cyber insurance can look like for you and your business.
Under a new scheme introduced in 2018, it has become mandatory for various organisations in Australia to notify individuals and the General Data Protection Regulation (GDPR) after a data breach that has the potential to cause serious harm. Within 72 hours of the breach, GDPR must be notified. Human error remains a large factor in data breaches, but even more so data breaches are due to malicious or criminal intent. Fines of up to $2.1 million for organisations may apply for failure to report an eligible breach. The organisation suffering the breach will also face the related business interruptions and tarnishing of reputation, so it is paramount to remain vigilant in regards to reporting data breaches. Ongoing staff training and quality maintenance is also vital, to reduce the risk of human error resulting in a data breach.
Preparing for a cyber attack
In recent times we have seen huge, multinational companies facing massive fines as a result of customer data breaches – such as the data breaches at both Marriott and British Airways. Many businesses in the process of establishing their risk management protocols prefer to think of it as ‘when’ rather than ‘if’ in regards to a potential cyber attack, and are prepared for this outcome. In Australia, the biggest concern around cyber threats is the speed of which a threat can occur, and the related disruption of business. Coupled with large financial losses and loss of reputation, cyber attacks can be ruinous for a business or organisation. A solid risk management plan is vital, with particular focus placed on defence against a cyber attack, as well as the means to quickly recover from a potential attack. Preparing for a worst-case situation will enable your business to defend against, and recover from, cyber attacks. A sound, specific cyber insurance policy will offer peace of mind and support for overcoming and recovering from a cyber threat. Speak to your GSK Insurance broker to find out more about the importance of a cyber threat contingency plan and insurance policy, and to check that you and your organisation are covered.