December 2021


Cyber security threatens businesses, individuals

Cyber security is an increasingly large risk for businesses and individuals.

Vivek Gupta, Cybersecurity Partner with accounting firm BDO in Canada, and his colleague Chetan Sehgal, Forensic Disputes & Investigations Partner, have outlined five points to consider when purchasing cyber insurance.  

1. Hidden vulnerabilities typically come to light only after a successful attack. Conduct a risk assessment of your control environment and develop a prevention program to purchase the most appropriate plan for your needs. Conduct a cost-benefit analysis to identify your blind spots so you can focus your insurance coverage on those areas or, better yet, remove the blind spots before applying for insurance to avoid denial of coverage or high premiums.

2. Work with your insurance broker or underwriter to ensure the policy fits your type of business and that you’re fully aware of what’s covered and what’s not. Review cyber insurance options, familiarise yourself with the policy and ask the right questions.

3. Select a response team you trust. If you’ve had a breach, it’ll throw you into utter chaos as you try to be as operationally viable as you can. Dealing with an underwriter and other advisers you’re comfortable with will make that process as smooth as possible. An effective response to a cyber incident is part of contingency plan strategies and risk management.

4. Take time to understand the policy fine print. Insurance policies aren’t created equal and with cyber insurance being a relatively new product, many buyers aren’t aware of the pitfalls. Some insurers will conduct an assessment before they provide a policy and premiums. You have to understand what you’re signing up for and what your responsibilities are to protect yourself. As loss ratios on cyber claims have skyrocketed in the past year, the amount insurers cover appears to be declining while premiums are rising.

5. Implement a comprehensive suite of cyber security controls and protections. Some clauses in insurance policies state that unless it can be determined an organisation had the right preventive controls in place, they will not issue a payout. The more robust your controls, the lower the risk of a breach and that’s going to affect the premiums you pay.

You can read the full BDO article here.

Four factors for protection

James Crowther, Head of Cyber and Emerging Risks at Sydney-based underwriting agency Agile, has written a white paper that explores four key factors that businesses should implement to better protect themselves from cyber threats.

  • Continuous cyber awareness training for employees
  • Multi-factor authentication
  • Sophisticated data back-up procedures, and
  • Advanced endpoint protection.

Mr Crowther says: “Cybercrime is big business. And it’s not just big business that’s at risk. Hackers, spammers, bots and malware, including ransomware, are a threat to the integrity, availability and confidentiality of digital information.”

He says basic security measures are no longer sufficient. “Ransomware is now sophisticated enough to bypass minimal security so advanced protection is essential.”

You can download the Agile white paper here.

Back to top

Resolve is the official publication of the Australian Insurance Law Association and
the New Zealand Insurance Law Association.