Cybercrime is an increasingly worldwide phenomenon, and Australia is far from immune. With large-scale events such as the 2017 WannaCry attacks, it’s become evident just how ill-prepared many businesses are for cyberattacks.
Philippa Davis, international cyber underwriter at CFC Underwriting, sees brokers as having a crucial role in educating Australian businesses.
“In Australia, cyber insurance has traditionally been seen as a liability line of cover,” explains Davis. “However, our claims data is useful to inform businesses and brokers alike what their actual exposures are, which are the first party lines of coverage, such as cybercrime and business interruption. These are two areas which all businesses can relate to, whether they hold a large amount of sensitive data or not.”
During 2017, cybercrime made up approximately 30% of CFC’s claims. Ransomware – in part driven by numerous large-scale events over the course of the year – also made up a significant percentage.
One of the most significant issues, says Davis, is that many SMEs see themselves as simply too small for cybercriminals to bother with them. But this is a short-sighted view, she warns. SMEs do not always have the resources to have dedicated IT security teams, and things can slip through with relative ease.
“Simple human error can provide a gateway for problems,” Davis says. “I’d say around 75% of our current claims can be traced back to human error – someone clicking a dodgy link or opening a spam email, for example.”
Additionally, brokers should work with their clients to develop better outcomes around cyber-threats.
“You’d be surprised at how many SMEs don’t have proper policies around basic things, like patching, employee awareness training and testing backups,” says Davis.
However, this can yield a hidden advantage for brokers; as the wording around cyber insurance policies is not yet as firmly established as in many other industries, these policies present brokers with a unique opportunity to form a close partnership with their clients.
“It’s important for businesses to remember that you’re not trying to replace the IT department,” says Davis. “Having proper cover is intended to be complementary, working in conjunction with the internet security policies that the IT department already has in place.”
The costs incurred as the result of a cyberattack can be considerable, with shutdown costs, digital forensics and all potentially chewing up valuable resources. Additionally, it can also severely damage the reputation of the organisation. While in the past businesses have frequently glossed over data breaches, Australia’s new mandatory reporting laws have meant a far greater degree of public scrutiny and exposure.
However, with the right broker and insurance partner, organisations can get back on their feet as soon as possible, says Davis.
“Ultimately, we’re eager to provide brokers with the tools, talking points, case studies and data to help them address myths around cyber insurance policy when they’re meeting with clients,” she said.