Firms respond to rising cyber threat

Firms respond to rising cyber threat

Firms respond to rising cyber threat | Insurance Business Australia

Cyber

Firms respond to rising cyber threat

“Scale and severity” continues to rise, says expert

In recent months, some insurance industry stakeholders have significantly increased their commitment to combatting cyber risks. International law firm Clyde & Co has appointed five new special counsels in Australia – three of them will focus on cyber breach response.

These additional cyber resources come as attacks against Australian firms and government agencies continue to grow. The latest published data from the Office of the Australian Information Commissioner (OAIC) shows about 500 notifiable attacks every six months. That number has gone up by 20% compared to the first half of 2023.

Last week, one of the country’s largest event ticketing firms, Ticketek, released a statement concerning a cyber incident that could impact millions of people.

Rising threats and increasing claims risks

Stefanie Luhrs (pictured above), partner and leader of Clyde & Co’s cyber practice, said the new appointments at her firm were a response to both rising threats and increasing claims risks.

“A rapid increase in the scale and severity of cyberattacks, coupled with a renewed focus on enforcement activity by the Australian Privacy Commissioner, means that the long tail regulatory and claims risk in the wake of a cyber incident is also set to increase,” said Brisbane-based Luhrs.

Partner Gareth Horne agreed that his firm’s additional strength in its cyber practice was “guided by current and anticipated trends we are seeing in the market.” Another factor, he said, was broadening its mid-market (SME) offering.

See also  Best of Artemis, week ending January 28th 2024

“This reflects a changing focus of a number of our key clients towards volume business,” said Horne.

Luhrs suggested that, more than before, firms need access to teams that can manage cyber risks “throughout the lifecycle of an incident and assist with mitigating future claims risk which may not yet be known.”

Privacy Act Review

The prospect of Privacy Act reforms taking effect later this year, said Luhrs, also means that firms like her own need to “continuously train and strengthen their teams to meet the rising demand arising from these risks.”

Analysing cyber threats over a 15-month period

Luhrs said her firm also recently analysed the cyber related incidents they handled over a 15-month period, including costs and losses.

“We know that, overall, ransomware incident attack frequency is down but ransom demand quantum is up,” she said. “Fewer victims are paying, but if they do pay, it’s for a higher quantum than ever before.”

Luhrs said stats showing fewer ransom payments indicate that industry “is moving in the right direction to defend against ransomware attacks.”

However, she said the economy continues to lose “significant capital” to business email compromise incidents and associated funds transfer fraud.

“Particularly insurers who have many small businesses policyholders on their books should note that small to medium-sized incidents are where the volume of cyber incidents rest,” said Luhrs.

She said, “generally speaking” Australian firms are “significantly underinsured” against cyberattacks. Small to medium-sized businesses, said Luhrs, are “particular” targets.

“Further work is required to better promote the value of cyber insurance and its uptake to insulate our economy,” said Luhrs. “Insurers play a vital role in supporting policyholders with uplifting their defences and breach response capabilities.”

See also  Catastrophe bond market yield shows seasonality, ends July 2024 at 13.54%

According to figures from the Insurance Council of Australia (ICA) about 20% of SMEs have cyber insurance. Some cyber brokers say that figure is between 5% and 15%.

IAG launches dedicated cyber agency

Last month, one of Australia’s largest insurers, Insurance Australia Group (IAG) launched a dedicated cyber underwriting agency. A media release said the new firm, called Cylo backed by CGU, aims to strengthen the cyber resiliency of small businesses.

What is a notifiable data breach?

Australia’s privacy laws compel an organisation to report a data breach to both the individuals impacted and to the OAIC. According to the OAIC’s website, reportable data breaches include identity theft, financial loss through fraud and a breach likely to result in a risk of physical harm.

How is your firm dealing with the cyber threat? Please tell us below

Related Stories

Keep up with the latest news and events

Join our mailing list, it’s free!