-
Contents
- Leave applications 'no chance result'
- AILA honours new life member
- Voluntary assumption of risk 'hard to prove'
- Catastrophes insurers' 'moment of truth'
- Cyber risk 'the next asbestos'
- Pressure to play 'jeopardises long-term health'
- Obligation shifts to product manufacturers
- Latent liability 'likely'
- Call to enforce arbitration clauses
- Cyber insurers' interpretations 'generous'
- Fair insurance code to 'lift bar'
- NZ fails on apology law
- Disaster prompts new WHS laws
- AILA
- NZILA
- Home
| PREVIOUS | HOME | NEXT |
Cyber risk 'the next asbestos' By Kate Tilley, Editor, Resolve Cyber risk is the insurance industry’s next asbestos and a “cyber hurricane” is building, says Jennifer Richards, managing director of Aon Risk Solutions Australia’s financial specialities and global risk consultants groups. She told the AILA conference cyber was not a complex risk. It could be as simple as leaving a laptop on the bus or having weak passwords. Hackers were responsible for 22% of data breaches; lost devices accounted for 19%; malware and viruses accounted for 18%. Ms Richards said the landscape was changing. Cyber events were now more lucrative than drug trafficking in Australia. Heightened media awareness brought increased brand and reputation risk. The Australian Securities & Investments Commission now required boards to review and update cyber polices and consider cyber risk insurance among their risk management tools. Many traditional polices now had cyber risk “carve outs”. There were “a lot of gaps” not covered in traditional polices and specific cyber liability insurance was needed that covered first and third party risks. First-party risks insurance generally covered included: Insured third-party risks included: Ms Richards said annual gross written premium for cyber in the United States was about $US2 billion, compared with only about $A20 million in Australia. “Capacity is an issue in the US; we are looking at captives and offshore alternatives.” But she warned the market may be “fragile” because of the potential exposures. Ms Richards warned mandatory notification of cyber breaches was coming. Glenn Crombie, a technical specialist with Chubb, said there was a misconception cyber risk did not affect small businesses. “All businesses are targets. Hackers are lazy; they take the path of least resistance. The pay day may not be as big [with SMEs] but they can still make money.” Another common myth was that outsourcing IT avoided the need for insurance. “Antivirus software is reactionary. [IT specialists] only know about new malware because someone gets hit.” Disgruntled employees and other insiders and trusted vendors were responsible for 50% of breaches and losses. Mr Crombie said “phishing” was becoming craftier, with fake websites and emails not looking like obvious hoaxes. “The reality is, people do click on the links.” That could see malware downloaded into their systems, with data being encrypted and ransoms demanded for its release. “One in 965 emails contains a phishing attack,” he warned. It was taking longer to discover attacks – often months, even years, between a system being compromised and malware being identified. Mr Crombie said underwriters writing cyber liability considered: Insurance was not the only solution to cyber resilience. Training and awareness was important, as were policies and procedures. For insurers, the challenges were that there was not a huge amount of data yet; the fast pace of change; no big third-party claims – yet; aggregation across policies; and the systemic issue for big hosting companies, which had the potential for liability across a lot of clients. Ms Richards agreed, saying systemic risk was “the largest concern”. She expected premium to build fast, as more insureds were “coming on board”. Mr Crombie said cloud storage raised issues because it was more complex to secure. “You can’t just unplug it from the wall.” |
Resolve is the official publication of the Australian Insurance Law Association and
the New Zealand Insurance Law Association.
