The COVID-19 global pandemic has seen increasingly more people beginning to work remotely, with further importance and pressure being placed on digital systems than ever before. As the world continues to become more digitalised, with the world wide web always growing and changing, the risk of cyber attack or threat also continues to rise – and the potential damage for a business as a result of a cyber attack grows with it.
It’s no surprise that the cyber insurance market in Australia is growing. More and more businesses are opting for a cyber insurance policy to protect them from cyber threats, and give them the means to recover after an attack. The loss of operations, potential ransom paid for ransomware, tarnishing of reputation, and the huge sum necessary to resume operations and get back on track can be ruinous for an organisation or business. As well as having a solid risk management plan in place, it’s important to ensure you have the right level of cover to offer you – and your consumers – peace of mind.
Affirmative cover vs. silent cover
In some cases, other insurance policies will cover some aspects of a cyber attack if you don’t have a specific cyber insurance policy in place. Some policies will specifically exclude cyber claims, so it’s a case-by-case basis, but sometimes your Liability or Property Insurance policy may cover certain cyber breaches. Some organisations rely on this passive or silent cyber cover, but oftentimes after a cyber incident, they will find their insurance policy lacking the response they really needed to get back onto their feet and minimise losses.
A specific cyber insurance policy is the best way to have affirmative, proactive cover against cyber attacks, and businesses are increasingly realising this and opting for a comprehensive cyber policy.
As we see a higher threat of cyber attacks, and more businesses opting for affirmative cover, cyber insurance is growing in the global market. While Australia’s own cyber insurance market is not at the same level as other global leaders such as that of the U.S., we are actually seeing a higher rate of growth here than anywhere else.
With an increase of demand, we see an increase in premiums. It becomes increasingly expensive for insurance companies to provide cyber insurance as more claims are made, and so premiums rise. It’s likely we will continue to see a constant rise in cyber insurance premiums alongside a rise in the importance of obtaining cyber insurance.
How to prepare for a potential attack
Don’t assume it won’t happen to you or your business. While most businesses would like to think they will never fall victim to a cyber attack, the best course of action is to prepare for one just in case. If you put into place an excellent plan for reducing the risks, managing an attack, and recovering from one, the worst case scenario is you never have to use the plan. But you will have peace of mind for knowing you are prepared, should it happen to you.
Your insurance provider will work with you to minimise the threat of cyber attacks, breaches and ransomware. Staff training is important, so that each member of your staff is aware of what to look out for, avoid and report. Constantly updating user access is another great way to mitigate the risk of cyber attacks.
During a cyber attack, your insurance provider will assist with bringing in professionals to determine the best course of action. If ransomware is involved, you can decide whether or not to pay the ransom, which the insurance policy will cover, if you decide to pay.
Recovering from an attack can be long and arduous, but your insurance provider will be able to assist. They will cover most financial losses (this may depend on your policy), and bring in professionals to help, if necessary.
Reporting a breach
It’s as important as ever to make sure you report breaches that have the potential to cause harm. It’s mandatory for organisations in Australia to notify the impacted individuals as well as the General Data Protection Regulation (GDPR) after a potentially harmful data breach. Data breaches are largely due to criminal cyber behaviour, and can be especially disruptive when it results in the breach of personal information of your consumers. Make sure you report the breach to the necessary parties within 72 hours to avoid fines of up to $2.1 million. Human error remains another large factor in data breaches, so ongoing staff training is essential to mitigate this risk.
Each cyber insurance policy needs to be closely examined for inclusions and exclusions, as always. But in general, you can expect your specific cyber insurance policy to cover ransomware and other cyber terrorism, interruptions to business, harm to your reputation, and some fines and penalties.
Don’t be afraid to shop around until you find an insurance provider that offers the level of cyber coverage you want, at the best possible price. While a necessity for businesses, cyber insurance can be quite costly as we continue to see a rise in premiums, so make sure you get the best possible deal.
The cyber insurance market is undoubtedly going to continue to rise, as the threat of cyber attacks and criminal intent are increasingly a part of the digital age. Don’t rely on silent, passive cover from your other insurance policies – a specific cyber insurance policy is the best way to avoid the massive losses, financial and otherwise, of a cyber attack.