The Insurance Council of Australia (ICA) has called upon businesses, insurers and government to work together to establish the settings for a vibrant and sustainable cyber insurance market to underpin economic growth into the future.
A new study ‘Cyber Insurance: Protecting our way of life in a digital world’ released by ICA has highlighted challenges to maintaining and developing a cyber insurance market to support Australian individuals, businesses and organisations operating in the digital economy following the COVID-19 pandemic.
The study said that this unprecedented growth in digitalisation and connectivity has led to increased cyber risk. The spectrum of cyber risk includes inadvertent or deliberate data breaches by employees at one end and ranges to criminal gangs and nation states targeting business operating systems at the other end.
Responding, rectifying and reporting a cyber incident can be challenging and expensive for a victim’s business. Cyber insurance provides an important support to these businesses, including facilitating access to expert assistance, which is particularly valued by smaller businesses.
ICA has acknowledged that in Australia standalone cyber insurance is not, as yet, a well-known or understood insurance product. This and a small number of insurance providers in the market has implications for the pool size by which risk is transferred.
This together with increasing loss ratios and reducing risk appetite can make it harder for some Australian businesses to purchase cyber insurance, prompting the industry’s call to overhaul the government’s policy settings.
Among the recommendations made, ICA has called for better data sharing, both from industry to government and importantly from government to industry to prevent, detect and report cyber-attacks.
Minimum security requirements and third-party certifications for software and hardware should also be made mandatory to reduce the vulnerability of cyber attacks.
Investment incentives for education around cyber risk, as well as for businesses willing to disclose and work with enforcement agencies are also needed. M