Australian businesses, insurers and government should work together to establish better cyber policy settings for the cyber insurance market, according to the Insurance Council of Australia‘s “Cyber Insurance: Protecting our way of life in a digital world” paper.
“Right now, cyber insurance awareness is low within the Australian business community – only about 20 per cent of small businesses have cyber cover,” ICA CEO Andrew Hall said.
“However, the digital evolution of both the economy and society since the COVID-19 pandemic has resulted in increasing awareness of cyber risks. As a result of this, in recent years, the number of organisations taking up cyber insurance in Australia has increased rapidly.”
In the policy paper, the Insurance Council of Australia (ICA) highlights the challenges to maintaining and developing a cyber insurance market that will support individuals, businesses and organisations operating in the digital economy following the pandemic.
The pandemic’s unprecedented growth in digitisation and connectivity has led to increased cyber risk, which includes inadvertent or deliberate data breaches by employees and criminal gangs and nation-states targeting business operating systems.
As such, responding to, rectifying and reporting a cyber incident can be challenging and expensive for a victim’s business. The paper highlights that cyber insurance can provide huge support to these businesses by facilitating access to expert assistance, which is particularly valued by smaller businesses.
ICA has acknowledged that in Australia, having standalone cyber insurance is not yet a well-known or understood insurance product. This and a small number of insurance providers in the market has implications for the pool size by which risk is transferred.
This, together with increasing loss ratios and reducing risk appetite, can make it harder for some Australian businesses to purchase cyber insurance, prompting the industry’s call to overhaul the government’s policy settings.
“Right now, there is a small number of insurance providers. The combination of a small premium pool and the increasing sophistication and maliciousness of some cyber-attacks have put significant pressure on insurers and businesses alike,” CEO Hall said.
“This policy paper is the first step in getting the settings right for managing cyber risk in Australia and will give the industry greater confidence in participating in the market and providing cover.”
Among the recommendations made, ICA is calling for better data sharing, both from industry to government and importantly from the government to industry to prevent, detect and report cyber-attacks.
Minimum security requirements and third-party certifications for software and hardware should also be made mandatory to reduce the vulnerability of cyber-attacks.
Investment incentives for education around cyber risk, as well as for businesses willing to disclose and work with enforcement agencies are also needed.
ICA has also called for the Government to develop and issue an Australian cybersecurity standard to ensure that government agencies and contractors with whom they do business evaluate their cyber maturity according to uniform and constantly evolving standards.
Source: Insurance Council of Australia Media Release