New data released by a specialist insurance provider has revealed that both the frequency and severity of cyber claims are on the rise – and they’re rising rapidly.
A portfolio analysis conducted by underwriting agency Emergence Insurance showed FY19 claims frequency was up 29% compared with FY18, while claims severity was up 51% on FY18.
Speaking to Insurance Business, founder and MD Troy Filipcevic said it’s undeniable that cyber risk is among the most pressing concerns felt by business owners of every size and type.
“Cyber risk is one of the major considerations for any business, any size of organisation and any industry,” he said. “I struggle to think of a business these days that does not rely on technology in some way.”
Luke Sheppard, Emergence’s portfolio analyst, also commented on the data, saying claims costs were even higher – up to three times higher, in fact – for businesses that had no written cyber risk management policies or awareness training in place.
By comparison, organisations that regularly updated anti-virus systems had fewer claims while those who performed daily backups recovered 25% faster than those that did not.
“A large proportion of business interruption claim costs is in data recovery,” said Sheppard.
Head of sales Gerry Power also commented on the recent data and said it proved, once again, that sound risk management could prevent many data breaches and subsequent claims.
“Human error remains a major factor,” he said. “Employees must understand they are the last line of defence if security systems fail.”
Power also said no business is exempt from attack – from sophisticated multinationals all the way down to one-person retail outlets – as there is an equally diverse range of hackers operating.
“The garden-variety cyber-criminal goes after low-hanging fruit – organisations with weak security postures where they can access systems via open back doors,” he said.
“More sophisticated criminals can be embedded within organisations’ systems for six to nine months, observing interactions, before launching targeted attacks.”
Similarly, Power warned that, while risk management is essential for every business, it’s never a completely fail-safe solution.
“Cyber insurance is designed to protect a business when its IT security, policies and procedures fail to stop an attack,” said Power. “But no amount of risk management can get you out of the sights of a determined cyber attacker.”
Interestingly, Emergence’s data – released last week at a forum for over 1,000 brokers – correlates with figures from the latest notifiable data breaches (NDB) scheme report from the Office of the Australian Information Commissioner (OAIC)
The OAIC report showed NDBs were up 14% from the last quarterly report with healthcare and finance both claiming 19% of NDBs, followed by finance and by legal and accounting at 10%.
For Emergence, professional, scientific or technical services accounted for 20% of claims, healthcare and social assistance 14%, and financial and insurance services 12%. However, claims costs for financial services were 20%.