, , , ,

Statewide Cyber Insurance Report Q2 2016

The Cyber story continues….

Need to learn more?  Contact Us and we will talk you through a Cyber Insurance Quote today.


ASIC zeroes in on cyber crime
4 April 2016

The Australian Securities and Investments Commission (ASIC) has stepped up its surveillance of cyber crime this year in a bid to keep pace with the growing digitisation of the financial services industry.

ASIC will invest more in digital forensics capabilities and training its forensic analysts, its enforcement report for last July-December says.

“The increasing incidence, complexity and reach of malicious cyber activities can undermine businesses and destabilise our markets, eroding investor and financial consumer trust and confidence in the financial system and the wider economy,” it says.

“We will take appropriate enforcement action by accepting enforceable undertakings or issuing infringement notices where we identify wrongdoing – for example, where disclosure by companies and issuers provides insufficient information on cyber threats.

“As technology continues to replace traditional methods of investing, the likely increase in the incidence of cyber crime means ASIC and other law enforcement agencies will focus on activities that ensure investors and consumers continue to be protected.”

The volume of electronic forensic data received by the regulator has increased steadily from less than 40 terabytes at the start of 2013 to more than 120 terabytes last year.

ASIC expects the figure to rise to 425 terabytes of data per year by 2020. One terabyte is equivalent to about 1000 gigabytes.

“The increasing volume of data means traditional review methodologies based on targeted keyword searches and manual review are becoming less effective and efficient.

“ASIC is increasingly adopting smarter strategies that use tools such as predictive coding, machine learning and computer algorithms.”

The regulator secured $149 million in compensation and remediation for consumers and investors in the second half of last year, the enforcement report shows.

It removed 27 individuals from financial services, laid 42 criminal charges, charged six in criminal proceedings and issued 20 infringement notices.


Stock markets a target for cyber crime: report
11 April 2016

Financial markets are a prime target for cyber attacks because they are “where the money is” and can represent a nation or symbolise capitalism, according to a new report.

The International Organisation of Securities Commissions (IOSCO) paper, called Cyber Security in Securities Markets – An International Perspective, outlines different approaches to cyber security adopted by market participants and regulators worldwide.

It says cyber is not “just another risk” but constitutes “a unique, highly complex and rapidly evolving phenomenon” that jeopardises the integrity and efficiency of financial markets.

The report says PricewaterhouseCoopers’ latest Global State of Information Security Survey questioned 10,000 executives from 127 countries, and found the number of incidents detected by respondents last year was up 38%.

A Ponemon Institute study last year put the average cost of data breaches to companies at $US3.79 million ($5 million), up 23% over the past two years.

IOSCO says the “almost complete digitalisation of data” in securities markets and increasing use of mobile devices, outsourcing and cloud computing make the industry more vulnerable.

“The human element of cyber risk, combined with rapidly evolving technologies in securities markets, suggests this topic requires swift and sustained attention by regulators and market participants,” the report says.

“According to many cyber-security experts, the question for financial market participants is not if a cyber attack will occur but rather when.”

The report says cyber insurance should be a complement to a business’ cyber-security framework – not a replacement.

Global annual gross written premium for cyber insurance is about $US2.5 billion ($3.3 billion), and PricewaterhouseCoopers projects it will be $US7.5 billion by the end of the decade.
banner ins report

Munich Re, Beazley team up on cyber cover
18 April 2016

Munich Re-owned Corporate Insurance Partner and Beazley have joined forces to offer cyber cover of up to $US100 million ($131 million) in response to growing demand.

Coverage options are tailored to a variety of exposures including hacking or malware attacks, distributed denial of service attacks, cyber extortion, and property damage and bodily injury.

“In recent years cyber threats have risen steadily up the agenda of the world’s largest companies… with significant implications for their balance sheets and financing capabilities, through to dealing with regulators and ratings agencies,” Corporate Insurance Partner Head of Cyber Solutions Chris Storer said.

“Through our close partnership… we believe we can offer a service that is unique in providing large corporate and industrial clients with fit-for-purpose cyber solutions that help them manage the manifold risks that cyber attacks can present.”

Various industry studies put cyber risk among the leading issues for the global business community, with financial consultants Grant Thornton estimating the cost of such attacks at about $US315 billion ($413 billion) a year.

“Rapidly flowing data is the lifeblood of modern business,” Beazley Focus Group Leader for Technology Mike Donovan said. “When that data ceases to flow, or is siphoned off, the costs for large interconnected enterprises can be huge.”


Cyber risks on radar, but strategies fall short: report
18 April 2016

The cost of business interruption is the leading cyber-risk concern for businesses, according to Aon Global Risk Consulting.

The group’s global benchmarking report, the Captive Cyber Survey, gauges organisations’ attitudes to cyber threats, risk assessment, insurance-buying trends and loss adjustment concerns.

Peter Mullen, CEO of Aon’s Captive and Insurance Management practice, says the findings show a disparity between companies recognising cyber as one of the fastest-growing risks and understanding what their exposures and coverage needs are.

The survey shows 94% of companies would share risk with others in their industry.

Aon experts expect alternative risk transfer options will become increasingly popular because they give companies some control over underwriting, coverage scope and claims adjustment, while providing an opportunity to share best practices, experience and data.

The survey also shows 95% of respondents believe clear policy wording is the most important issue in the cyber-risk market, and 75% of large companies are concerned about the loss adjustment process.


CGU launches revolutionary new cyber product into the Australian market
20 Apr 2016

CGU Insurance has launched a new cyber defence product aimed at mitigating the rising tide of cyber-attacks.

The company believes its new offering CGU Cyber Defence, developed with SME customers in mind, will protect businesses from cybercrimes such as privacy breaches, system damage, extortion, computer viruses, crime and hacking.

CGU National Underwriting Manager Professional Risks Najibi Bisso said now that cyber security is one of the biggest issues facing businesses and individuals today, it’s essential for all business with a digital presence to ensure they have the right protection in place.

She said the new product, which includes a wide range of features such as free cyber consultation, 24/7 incident response team and a breach coach, provides much broader cover than their competitors and is equipped with an all-encompassing cyber incident response service.

“We’ve developed an offering that we believe addresses the growing concerns SME’s will face in future. The product is offered standalone as well as an extension to existing policies.”

Bisso said the partnership with Norton Rose Fulbright means they can now provide a round-the-clock cyber incident response team and service for their customers.

“We’re also working with our partners to help them educate SME’s on the importance of cyber security by providing a range of tools that partners can access online through the CU cyber microsite.

Scott and Broad CEO Mike Burgess, whose major client has a CGU Cyber Defence Policy, said that CGU were a “natural choice for us when we were looking for cyber risk support for our clients. For this type of risk you need a large insurer who has the capacity to pay these types of claims and launch a response when the cyber event occurs.”


Cyber-security plan will unlock innovation, PM says
26 April 2016

Prime Minister Malcolm Turnbull says an “open, free and secure” internet is vital for Australia’s future prosperity.

Introducing the Government’s $230 million cyber-security strategy, he says the plan sets out a “philosophy and program” for meeting the challenges of the digital age.

“A secure cyberspace provides trust and confidence for individuals, business and the public sector to share ideas and information and to innovate online,” Mr Turnbull said.

“The security threats we face are real and they are growing in severity and frequency.”

He argues the cyber-security strategy is critical to Australia’s transition to “a new and more diverse economy, which is fuelled by innovation”.

“We cannot allow cyberspace to become a lawless domain. The private sector and government sector both have vital roles to play.

“By working together we will build and strengthen a trusted online environment and unlock Australia’s digital potential.”

The strategy comprises 33 distinct programs, and will directly result in the creation of more than 100 jobs.


CGU raises SME cyber shield
26 April 2016

CGU has produced a cyber cover to protect Australian SMEs from threats including privacy breaches, system damage, extortion, computer viruses, crime and hacking.

“Cyber security has become one of the biggest issues facing businesses and individuals today and it’s not going away,” National Underwriting Manager Professional Risks Najibi Bisso said. “We have developed an offering that we believe addresses the growing concerns SMEs will face in the future.”

CGU says government data shows almost 700,000 businesses have been victims of cyber crime, and 60% of attacks were targeted at SMEs. The average cost of such an attack exceeds $275,000.

“Cyber events can result in thousands of dollars in remediation costs… extortion costs or being sued by customers or employees for loss of personal information,” CGU said.

“Such expenses could lead to devastating loss of profits, revenue or trust in your business and brand.”

CGU’s Cyber Defence product has a number of features, including a 24/7 incident response team, advancement of defence costs, global territorial cover regardless of where an attack originated and a free one-hour consultation to assess risk mitigation strategies.

Corporate spending on IT security in the Asia-Pacific region is expected to rise from $US71 billion ($91 billion) in 2014 to $US170 billion ($218 billion) by 2020.


Hackers rely on human factor: cyber-crime report
2 May 2016

Cyber criminals continue to rely on familiar attack patterns such as phishing and ransomware, according to the latest Verizon Data Breach Investigations Report.

Among the global survey’s findings: 89% of attacks last year involved financial or espionage motivations; 85% exploited known vulnerabilities that have not been rectified; and 63% of confirmed data breaches involved using weak, default or stolen passwords.

Communications giant Verizon says understanding the “threat landscape” is the first step to addressing the issue.

Phishing – in which users receive an email from a fraudulent source – continued to prove an effective technique for cyber criminals.

Some 30% of phishing messages were opened (up from 23% in 2014), and in 13% of these cases malicious attachments or links were opened, causing malware to drop.

Human error was the leading cause of security incidents last year, with 26% of cases in this category involving sending sensitive information to the wrong person. Other errors in the category include improper disposal of company information, misconfiguration of IT systems and lost and stolen assets such as laptops and smartphones.

“You might say our findings boil down to one common theme: the human element,” Verizon Executive Director of Global Security Services Bryan Sartin said. “Despite advances in information security research and cyber-detection solutions and tools, we continue to see many of the same errors we’ve known about for more than a decade now.”

The global report includes contributions from the Australian Federal Police.

Report highlights the need for business to invest in robust cyber coverage
04 May 2016

The release of Verizon’s 2016 Data Breach Investigations Report (DBIR) underlines the need for businesses to have robust cyber coverage and for brokers to have conversations with their corporate clients about cyber security, says a top cyber and financial institutions specialist.

The highly anticipated annual report includes industry-specific information discussing the top threats for financial services, healthcare, hospitality, public sector, retail and technology, and how these sectors can mitigate risks.

This year’s report points to repeating themes from prior-year findings such as the fact that 89% of all attacks involve financial or espionage motivations and exploit known vulnerabilities that have never been patched and that the top ten known vulnerabilities accounted for 85% of successful exploits.

It also found that 63% of confirmed data breaches involved using weak, default or stolen passwords, 95% of breaches and 86% of security incidents fell into nine patterns and basic defences continued to be sorely lacking in many organisations.

AIG’s National Cyber and Financial Institutions Specialist, Liliana Uhrik said: “With the risk of cyber-crime heightening every year, it is crucial that brokers and insurers are regularly talking to clients about uninsured exposures and the most suitable insurance solutions for their business.”

A cyber policy can provide everything from cover for fines, investigations costs, IT forensic services costs to public relations, breach notification and business interruption costs following a cyber-attack, she said.

But it’s equally as important to assist clients in developing risk mitigation strategies for avoiding cyber risks, she said.

“Simple actions businesses can take include generating cyber-crime awareness among employees, ensuring firewall and IT security software is up to date, encrypting mobile devices and creating a business continuity plan.”

Any good insurer will strongly support the broker in helping the client understand the risk of cyber-crime and the potential solutions,” she said.

“At AIG we do this by providing access to expert claims personnel who can talk through risk mitigation strategies, as well as access to useful sales tools that contain insightful thought leadership articles and whitepapers, claims stories and information about our insurance solution.”


ASX100 cyber security scheme to benefit insurance companies
10 May 2016


Insurance companies and consulting firms are likely to benefit most from the government’s plan to introduce voluntary cyber security health checks at Australia’s biggest companies, says a report by WAtoday.

The health checks are part of the Federal Government’s $230 million Cyber Security Strategy, which aims to guide Australia into becoming a cyber smart nation.

The health checks aims to raise awareness among businesses about cyber risks and opportunities. It will be coordinated by the Australian Securities Exchange, in partnership with government agencies and the private sector, and offered to the top-100 listed companies.

The scheme is similar to checks in listed companies in the United Kingdom − only optional rather than mandatory.

According to industry figures, the health checks will provide valuable information for insurance companies pushing for cyber security protection.

“This would be very positive news for insurers because it would give them a common grounding to base their price premium pricing on,” said Scott Guse, an Audit and Advisory Partner at KPMG.

Guse explained that even as cyber security insurance is growing in Australia, insurers are still grappling with how to price premiums and assess risks. He added that insurance companies don’t have the skills in-house to go into an organisation and implement cyber health reviews.

“If they can use this as a benchmark, it will provide a consistent framework across all companies,” Guse said.


Insurers deliver on privacy: Deloitte
23 May 2016

The insurance industry is the fourth most trusted in Australia, according to Deloitte’s annual Privacy Index.

The assessment of 116 brands – including nine leading insurance companies – revealed that 94% of consumers now rank trust above convenience.

But while the insurance industry performed well, up two positions from last year, it remains some distance behind banking and finance in the top spot.

“It was not a bad result for insurers,” National Lead Partner Cyber Risk Services Tommy Viljoen told insuranceNEWS.com.au.

“Overall it was good to see insurance in the top four, but there is a large gap between them and banking and finance.”

Mr Viljoen says the insurance industry had fewer consumers with privacy issues, but was much less successful at resolving those issues satisfactorily.

Banking and finance privacy policies were also more comprehensive, as was the privacy information contained on its websites and mobile apps.

“Banking gave more information about cookies, and insurance companies’ cookies were active for twice as long on average as those in banking and finance.

“Banking and finance was much better than insurance at providing transparency about where data is being sent.”

The Deloitte Privacy Index rankings are: banking and finance 1; government 2; energy 3; insurance 4; telecommunications 5; higher education 6; technology 7; travel and transport 8; health and fitness 9; retail 10; social media 11; media 12; real estate 13.


Cyber breach affects your employees, too
24 May 2016


Cyber risk has many obvious impacts on a business but one international broker has revealed the issues cyber-attacks have on employees of affected businesses.

According to a new Willis Towers Watson report, employees judge organisations experiencing data breaches as lacking a learning culture that flourishes with high integrity and puts the customer at the centre of business activity.

The report, entitled Inside Threat: Why Employee Behavior and Opinions Impact Cyber-Risk, shows employees’ opinion of data breach companies. The report also puts a fundamental emphasis on employee culture as a first line of defence against cyber-risk.

“These data are significant because they offer an inside view of workforce culture and for the first time reveal the vulnerabilities within companies experiencing cyber –breaches based on the ultimate insiders – their employees,” commented Patrick Kulesa, global research director, on the findings.

The Willis Towers Watson analysis was based on survey results from over 450,000 employees corresponding to a period during which significant data breaches were identified within their firms. The results were then benchmarked against global high-performance companies and global information technology staff.

Willis Towers Watson said that, as expected, survey findings show significant gaps in favourable opinion scores between employees in data breach groups and each benchmark, particularly in three areas of workforce culture – training, company image, and customer focus.

Compared to the IT employee group, IT employees in data breach companies gave low scores to training and perceived training of new employees. The analysis points to the vulnerability of new staff as a potential serious source of cyber-risk if not effectively trained.

Also compared to the IT employee group, the analysis shows that frontline IT staff in data breach companies report less favourable views of perceived pay-for-performance for their role – a potential barrier for efforts to identify and manage cyber-risk.

Compared against both benchmarks, employees in data breach companies suggest a widespread lack of customer focus. This is a critical issue from a risk management perspective, as it could set the stage for poor decision making and undermine efforts to counteract theft of online customer information.  

“There is broad awareness of the human element as a risk factor in data security breaches. However, to more effective manage cyber-risk, organizations need to better understand how the various elements of their workforce culture shape their employees’ behaviour, and ultimately, either reduce or drive their exposure to cyber-risk,” said Adeola Adele of Willis Towers Watson’s FINEX North America practice.

To address cyber-risk stemming from inside threats, Willis Towers Watson experts suggest the flowing prevention priorities for organisations:
Collaborate across corporate functions, including IT, HR, Legal, Operations, and Finance, in setting cyber-strategy;
Invest in making the workforce cyber-smart, and provide rewards and disincentives to encourage a cyber security-supportive culture;
Consider technology as only of the several lines of cyber defence; and
Insure for cyber-threats the organisation cannot mitigate.


Industry calls for cyber database
26 May 2016


Cyber is one of the biggest insurable risks that the insurance industry will have to meet.

The lack of cyber data, however, hinders the growth of the insurance industry and to the UK’s becoming a world leader in cyber insurance.  The solution? A national, not-for-profit, anonymised database for recording cyber breach cases in businesses, according to the Association of British Iinsurers (ABI) website.

The database will cover cyber incidents including business interruption losses, ransom demands, loss of confidential data, and damage to IT systems. Building on the requirement in the European Network Information Security Directive for certain firms to notify of data breaches from 2018, the data could be anonymised and made available to insurers to improve pricing and products. If actualized, this national database accessible to insurers would be a world first.

“Cyber losses are the biggest threat to Britain’s world leading digital economy, and we need to capture more data to get on top of the problem,” said Huw Evans, ABI’s Director General, adding that “Cyber [loss] is the biggest insurable risk that the industry will have to meet, and it is critical to the economy.”

ABI highlights the importance of cyber data for growing the insurance industry, the lack of which data, Evans said is a huge inhibitor to the UK being at the core of the cyber market.” He explained that more data “can stimulate the cyber insurance market, giving greater choice to businesses in insuring against cyber losses.”

Matt Cullen, ABI’s Assistant Director, Head of Strategy stressed the crucial role of the insurance industry in helping firms of all shapes and sizes improve their resilience to cyber attacks, and help them recover from cyber incidents.

Cullen said that small and medium-sized businesses (SME) are also being targeted by cyber criminals, since these firms “have lower levels of data protection in place than larger organisations.”

“A cyber attack will often be very disruptive and costly, and in some cases, could even threaten a smaller firm’s existence,” said Mike Cherry, National Chairman at the Federation of Small Businesses.  

“Smaller businesses are struggling with the increasing volume and sophistication of cyber attacks. While 93 per cent have taken steps to protect their business from cyber crime, the growing number of businesses still falling victim is a worrying trend.”

Cherry also shared that according to a FSB research, the types of cyber crime most commonly affecting small businesses are emails, 49 per cent; spear phishing emails, 37 per cent; and malware attacks, 29 per cent.

ABI, an organisation that speaks on behalf of UK insurers and promotes best practice, transparency, and high standards within the industry, released a guide entitled, “Making Sense of Cyber Insurance,” which explains the key types of protection to look out for in cyber insurance policies – business interruption losses, privacy breach costs, cyber extortion, and cyber specialist support.
banner ins report

British insurers back cyber database
30 May 2016

The Association of British Insurers (ABI) has called for a national database of cyber incidents and attacks on businesses.

The anonymous record would contain details of business interruption losses, ransom demands, loss of confidential data, and damage to IT systems.

More information on cyber attacks could help grow the insurance market, says the ABI, giving more choice for businesses.

Some US states require firms to report cyber breaches, but a national database accessible to insurers would be a world first.

ABI Director-General Huw Evans believes cyber losses are the biggest threat to the country’s digital economy and more data is required.

“We have 350 years of fire data and 100 years of motor and aviation data, but we have just a few years of cyber data,” he said.

“But cyber is the biggest insurable risk that the industry will have to meet, and it is critical to the economy.

“If it is not a requirement to report these losses, then insurers are not going to have the data they need to provide the right cover.”


ASIC to prioritise cyber resilience
07 Jun 2016


As cyber-attacks are becoming an ever-increasing risk for businesses, the Australian Securities and Investments Commission (ASIC) has identified cyber resilience as a key priority for ensuring that Australia’s financial markets are fair, orderly, transparent, and efficient.

“With the risk and sophistication of cyber-attacks growing faster than the traditional firewall and antivirus technology can keep up, organisations need strategies to prevent, detect cyber risks,” said ASIC Chairman Greg Medcraft during the Annual Stockbrokers Conference held last week.

“We acknowledge that complete cyber-security can never be achieved, but a comprehensive and long-term commitment to cyber resilience is essential to retain investor and financial consumer trust and confidence,” said Medcraft.

The ASIC chairman also revealed that they have established a markets cyber risk taskforce which will be collaborating with stakeholders, local and international peer regulators, and the government in implementing its recently launched cyber strategy.   

ASIC released a report in March this year, entitled Cyber Resilience Assessment Report, which sets out several good practices for cyber resilience, and identifies key questions that directors and board members should seek to ask their executives.

The independent Australian government body recognises cyber risk as a key threat in their strategic policies, and aims to assist their regulated population in improving cyber resilience. In March 2015, ASIC published Cyber Resilience Health Check which cites measures on how to improve cyber resilience by:
Increasing awareness of the risks;
Encouraging collaboration between industry and the government;
Providing health check prompts to help businesses consider their cyber resilience, and
Identifying how to address cyber risks in the regulatory context, including considering board oversight of cyber risks.


Australia ‘needs to build a cyber militia,’ says cyber expert
09 Jun 2016


An international  cyber security specialist has stressed the urgency of building a cyber militia in Australia, which he says is a historic choice point when it comes to cyber defence.

“We will have to build a cyber militia soon,” said Greg Austin, a professor at the Australian Centre for Cyber Security (ACCS) in the University of New South Wales (UNSW) Canberra, “and we need research and debate now on what that looks like.”

At UNSW Canberra, students will develop options for an Australian cyber militia by the end of 2016. Adding to ACCS’ unique suite of degrees and programs is UNSW’s teaching program in cyber military strategy, which, Professor Austin says, “wants to translate the existing knowledge of our students in policy, the ICT sector, management, or cyber threats into a lasting influence on national problems.”

“To complement their work on an Australian cyber defence militia, students can study the hacker armies of Iran and North Korea, the tactics of Anonymous and Wikileaks, and the development of cyber reserve forces in the UK, USA, Israel, and Estonia,” Austin added.

“This project is part of our effort to inform the development of a national security curriculum, which we don’t have, and stimulate debate about a National Cyber Security College, which we probably need urgently.”

In a discussion paper, Australia Rearmed! Future Needs for Cyber-enabled Warfare, released in January 2016, Austin noted that “Australia’s response to the emerging centrality of cyber space in the conduct of future war has been slow and fragmented.” He also identified dominance in cyber space as one of the primary determinants of war.


Cyber insurance needs to keep up with evolving threat landscape
14 Jun 2016


Organisations are being encouraged to ensure that their cyber insurance policies cover new social engineering email attacks, IT Brief reported.

According to a new research by email and data security firm Mimecast, 45 per cent of cyber-insured organisations are unsure if their policies are fully up to date to cover the ever-evolving threat landscape. Mimecast warns that this leaves firms vulnerable to taking the full financial brunt of cyber-attacks.

The research also shows that only 43 per cent of firms with cyber insurance are confident that their policies would pay out for whaling (CEO fraud) financial transactions; while firms that don’t have cyber insurance are at 64 per cent.

Mimecast says the rise of whaling has created an attack climate where many organisations with cyber insurance may not be protected from fraudulent transactions because it’s not covered in the policies they originally signed.

The research also reveals that organisations that have seen an increase in untargeted phishing emails are at 58 per cent; in targeted phishing attacks, 65 per cent; and in phishing attacks, 65 per cent.

“Cyber insurance uptake is growing quickly but a lack of employee training on the latest email attacks is leaving organisations at great risk of breaking policy terms,” says Nicholas Lennon, country manager ANZ, Mimecast.

“While insurers often pay for clean-up fees after a breach, it is important that organisations check that their policies protect them if an employee is tricked into sending a large amount of money to a fraudulent account,” he explains.

“Attacks where employees are tricked into sending personal data or intellectual property are even less likely to be fully covered.”

“With the cybersecurity landscape constantly evolving, cyber insurers will have great difficulty keeping their coverage up-to-date,” Lennon says.

“A comprehensive cyber resilience strategy is only effective alongside regular employee training on the latest threats combined with appropriate technology fail safes.”


Australia ‘still lagging on cyber risk’
20 June 2016

An expert on cyber risk has described Australia’s awareness of the issue as “terrible” and lagging well behind the US.

Sydney-based National Practice Leader Cyber for Aon Fergus Brooks says despite large businesses around the world becoming more aware of cyber risks, 60% of them still do not have cyber insurance.

The findings are revealed in Aon’s 2016 Captive Cyber Survey, which interviewed 127 captive insurers about cyber risk and insurance.

Mr Brooks believes this percentage would be much larger in Australia.

“Awareness in Australia is terrible,” he told insuranceNEWS.com.au. “The 60% is reflective of a more mature market than ours.”

Mr Brooks says businesses are reluctant to take up cyber insurance because it is a less tangible risk than other risks.

“The quantification of cyber risk is hard for people to get their head around. That’s why cyber risk assessment and profiling is so valuable.

“The US is having more advanced conversations like what happens when the robots start attacking staff?”

The survey also finds business interruption due to a breach is the top cyber risk concern for businesses across all industries.

More than 60% of those with cyber insurance buy limits in the $US10-25 million ($13.8-$33.79 million) range, and most buy cover for balance sheet protection, followed closely with wanting to “satisfy the board”.

Only 25% of those who bought limits were confident they comply with international best practice and standards for information security governance, while 95% said clear policy wording is the most important issue in the cyber risk market.

The loss adjusting process following a cyber attack claim also worries 75% of large companies.

Mr Brooks predicts the imminent introduction of mandatory reporting of data breaches, which is currently tabled before Federal Parliament, will drag Australian companies “kicking and screaming” into awareness of cyber risks.

“In two to three years cyber will become a standard part of a company’s insurance portfolio,” he said.


Cyber ransom liability insurance, a must for the healthcare industry
24 Jun 2016

Cyber ransom liability insurance, a must for the healthcare industry
Insurance law specialists underscore the need for cyber ransom liability insurance for healthcare organisations, especially with the rise of cyberattacks, reported Healthcare IT News.

Paula Litt, a partner with and the leader of the insurance recovery and advisory practice group at Honigman Business Law Firm, reminds companies to ensure that they understand the coverage they are getting; and to make sure ransomware is covered in their policy.

“Cyber ransom liability insurance is to protect the victim of a crime,” said Litt.

“But there are all different components within a cyber policy. Everyone is at a risk for cyberattack, and organisations need to figure out the risk and what kind of coverage they need.”

“If you’re insured, you want to cover all of the incurred costs due to the breach – including third parties,” Litt added.

“It’s critical [that] we understand the risk. We need to build in protection for undetected problems that happened before the policy went into place. It’s a big issue for cyber insurance – and a big issue for the insured.”

Linda Ross, a partner with and leader of the healthcare practice group at Honigman, cited some risks organizations need to consider when purchasing a policy, such as failing to meet a standard of care and malpractice claims when ransomware forces the return to paper; risks to the integrity of data and security of the Electronic Health Record; and identity theft of patients.  

Healthcare organisations need to educate employees on the risks and on simple prevention methods. “You can taint a whole network with just one e-mail,” Ross said. “When a breach occurs, it’s already too late for insurance.”


Zurich unveils cyberattack response solution
27 Jun 2016

Zurich has launched a new cyberattack response solution for businesses across Asia Pacific.

DisgitalResolve, a coordinated incident response service, has been launched by the international insurer to help businesses in Asia Pacific mitigate and recover from cyberattacks.

The solution will be offered via Zurich partner Crawford & Company and is currently available for customers in Singapore which covers customers worldwide with an Australia and New Zealand role out planned in the future.

Oliver Vale, head of professional indemnity, Zurich Global Corporate Asia, said that the rising threat of cyberattacks for all businesses made the solution a logical next step for the business.

“DigitalResolve is specifically set up to provide the same high level of resolution worldwide as it is locally, as panels are chosen not only for their track record and expertise but also their global reach and established networks,” Vale said.

The new service will support businesses that are attacked with a round-the-clock incident manager with immediate response capabilities who will then be able to appoint and coordinate a team of cyber experts to resolve the issue and minimise post-attack exposure.

Whilst the response depends upon the attack, Zurich noted that a variety of experts will be on hand including PR consultants, forensic accountants, IT forensic experts, lawyers, credit monitors and ransom negotiators.

Vale stressed that those ignoring the potential of cyber-attacks throughout Asia Pacific do so at their own peril.

“It is not a question of if but when a cyberattack will happen,” Vale continued.

“Today more than half of the world’s internet users are in Asia. However, despite being the fastest growing region for connectivity, the region is still inadequately prepared for cyberattacks.

“Embracing new IT-driven technologies opens up wide-ranging opportunities for organisations of all sizes – but our increasing reliance on the internet introduces significant new risks too. In light of the increasing volume and sophistication of security breaches, it is no longer sufficient to consider cyber risk a concern for the IT department or mitigate against the possibility of experiencing cyberattack in the first place.

“Today, organisations must also plan for co-ordinated recovery in the event of an attack, so that when breaches happen, they can get the business back to full strength, at full speed.”


Zurich launches cyber response package
27 June 2016

Zurich has launched an incident response service to help businesses in the Asia-Pacific region mitigate and recover from cyber attacks.

The insurer says DigitalResolve, offered through loss adjuster partner Crawford & Company, helps organisations co-ordinate and manage resources to recover from damaging attacks with minimum disruption.

The service supports organisations by assigning a dedicated 24/7 incident manager, who in turn appoints and co-ordinates a team of cyber experts to resolve the issue and minimise post-attack exposure.

Depending on the attack, these will include PR consultants, forensic accountants, IT forensic experts, lawyers, credit monitors, and ransom negotiators.

DigitalResolve will be available to all Zurich Security and Privacy customers in Singapore first, followed by Hong Kong, Japan and China by the end of this year. It will then be rolled out to other markets across the region.

A spokesman for Zurich Australia told insuranceNEWS.com.au the company is “currently in the process of rolling it out in Australia”.

Oliver Vale, Zurich’s Head of Professional Indemnity Zurich Global Corporate Asia, says more than half of the world’s internet users are in Asia.

“However, despite being the fastest-growing region for connectivity, the region is still inadequately prepared for cyber attacks,” he said.


, , , ,

Berkshire Hathaway Insurance – A Detailed Look

Berkshire Hathaway Insurance Australia: Cashed up and Confident

Warren Buffett’s legendary company has entered the local insurance market,’ and its commercial insurance operation is aiming high. Very high…

At a time when Insurers are bracing for one of the most difficult markets in decades, with investments at rock bottom and premium incomes falling, why would an operator as canny as Ajit Jain set up a new global insurance company?

The most logical answer is that the 63- year-old head of Berkshire Hathaway Insurance is following his global peers by diversifying into general insurance as reinsurance earnings fall.

But being Berkshire Hathaway, there’s a unique twist.

Jain’s global insurance company, Berkshire Hathaway Specialty Insurance (BHSI), is intended to be a market leader in its own right rather than an optional form of revenue to dabble in while the reinsurance sector sorts itself out.

Chairman and Chief Executive Warren Buffett predicts BHSI will be “a major asset for Berkshire, one that will generate volume in the billions within a few years”.

Launched into the US market in 2013, the new company has entered the tough and competitive Australian commercial insurance after establishing roots in Canada, Singapore and Hong Kong.

BHSI is based in Boston. Its President is Peter Eastwood, a former president and chief executive of AIG’s massive Americas Region. Buffett says BHSI is “already writing a substantial amount of business with many Fortune 500 companies and with smaller operations as well”.

The arrival of Berkshire Hathaway Insurance in the Australian and New Zealand markets marked the beginning of an even more intense competition for business in the Australian midmarket and above.

With the parent company’s brand and its massive capital reserves, plus efficient new systems, it will be a tough competitor. It has already made its presence felt with some astute hirings of key specialists from insurance companies in Australia and New Zealand.  The lure of the Berkshire Hathaway brand will doubtless appeal to local brokers and clients. As Buffett noted in his annual newsletter to shareholders, “we were instantly accepted by both major insurance brokers and corporate risk managers throughout America”.

“These professionals recognise that no other insurer can match the financial strength of Berkshire, which guarantees that legitimate claims arising many years in the future will be paid promptly and fully.”

The company’s global progress has been swift, but if the new BHSI operations in Australia and New Zealand are anything to go by, it’s nevertheless impressively thorough.  At present BHSI Australasia is being run from the parent company’s offices in central Sydney, although President Chris Calahan says BHSI will move into its own Sydney CBD space shortly.

Calahan, who hails from the Gold Coast, isn’t well known in the Australian insurance market, but at the age of 33 he has had more experience than most executives in pulling together ambitious projects and making them work.

Calahan started at the British insurer in 2005 during a backpacking tour of Europe. With a law degree and some corporate experience gained through Westpac, his progress through the ranks at RSA was meteoric.

He gained a reputation as a fix-it specialist for the group, overhauling operations in Singapore and Hong Kong before landing the key Singapore-based Asia post in 2012 at the age of 30.  “These professionals recognise that no other insurer can match the financial strength of Berkshire.”

The invitation to join Berkshire Hathaway came at an opportune time, with RSA deciding to sell its Asian assets for £284 million after suffering large losses in its European operations. It’s understood Calahan headed up the team negotiating the sale of the Asia assets.

What’s the rationale behind setting up BHSI?
The business started in April 2013 with Peter Eastwood, Dave Fields, Dave Bresnahan and Sanjay Godhwani joining together to build the company. The brief they were given by Warren Buffett was to create a “forever business”, and to make it the world’s leading property and casualty insurance company globally.

There’s no other company in the world that can talk with that level of ambition, or for that matter which takes that long-term view of things. When I got that call and I was asked to participate in building the company- well, that’s a call that you take. It’s an exciting journey to be a part of.

So that’s the brief: to create the world’s leading P&C insurance company. We’ve been at it now for more than two years globally.

How has it gone so far?
So far we have hired nearly 600 people globally, and in 2014 we made an under­ writing profit, which given it was our second full year of operation I think is extremely good going.

How liberal are the parameters you’re allowed to do business in?
Well, the brief is we can enter any product line in any geography where we see an opportunity for Berkshire Hathaway to make float and generate an underwriting profit. And the bigger the opportunity the better, because it plays to our brand and it plays to the strength of our balance sheet. The more float we can generate, the better.

The Australian commercial insurance market is regarded as the most competitive on the planet, and right now it’s got some significant revenue challenges. So what’s the attraction in coming to this part of the world?

The starting point is that Australia is a great market, and it’s a big one. If you look at the whole Asia-Pacific region, it’s one of the biggest. It’s got a history of being profitable and generating good returns for all players. We see that as being attractive over the long term.

It’s at a challenging state right now, for sure. We’re at the back of a few years of fairly significant rate reductions, but we’re going into this market with our eyes wide open to the challenges.

Over the longer term the market will revert to its mean of being a very good, strong, large and profitable market.  It also benefits from the fact that it’s well regulated. The [Australian Prudential Regulation Authority] is regarded as a great regulator that ensures the insurers who operate here operate to a high standard. That fits well for a company like Berkshire Hathaway.

How long do you think it’s going to take for the market to recover?
That’s the multi-multi-million-dollar question. And it’s not just Australia, it’s the whole world insurance market and the global capital flows that are driving the soft rating conditions in almost all product lines in almost all markets.

I think for us as a new entrant – and for me as the manager of an insurance company-we need to be prepared for this soft market to continue for many years to come.

You do see it as that serious?
Yeah, I think so. We’re all going to need to look at our operating models and the way that we do business to be sure it’s fit for purpose for operating in these softer rating environments.

Berkshire Hathaway is providing you with some enormous advantages, obviously, via its capital reserves.

That’s true; we’ve got some very strong features to come to the market with. Firstly, we have the brand. Berkshire Hathaway is a very well recognised brand, and it stands for integrity, trust, doing the right thing. They’re characteristics that will be very helpful for us entering the market as an insurance company. As you say, the second thing we have going for us is the balance sheet and the capital that sits behind us.

With so few constraints you’re going to be extremely competitive from the start.
That’s the intention, but we’re not in a rush. It’s much more important for us to do this properly than to do it quickly.

If we do this right, I think we’ve got a real opportunity to build one of the leading P&C players in the Australian market. We want to do great things for our customers and our distribution partners and using the brand and the balance sheet to build a market-leading team.

Nevertheless, you’re going to encounter resistance from companies that know how to be very strong competitors.  

Yeah, that’s one of the challenges we face in the Australian market. There are some extremely well run companies already in operation here.

I hope that with the brand, the balance sheet, recruiting a market-leading team and creating an environment and culture that mean we can do brilliant things for our customers… I think that will mean we can be a bit different and we can make ourselves stand out.


Does that mean you’re beginning with a restricted range of products?

Yes, and over time we’ll build on that. We’ve started by launching in property, casualty, financial lines and marine cargo. We’ll look to build out the product offering if and when it makes sense.

To start with we’re playing in the large corporate space, but we’d look to move into the mid-market/SME commercial space, and potentially into personal lines in the future – if and when that makes sense.

That’s very much the journey that we’ve been on in the US. We started with property, casualty and financial lines. We’re now doing surety, we’re doing homeowners, we’re doing travel insurance, we’re doing health­ care services. They’re all products that we’ll have available to us to write in Australia as the opportunities arise.

Brokers are going to be a very important part of your distribution strategy. How do you see yourself selling this concept to brokers?
We’re not encumbered by legacy portfolios or legacy IT systems, so we can build a market-leading proposition from scratch.

We should also be able to achieve one of the lowest operating expense spaces in the market, which will give us the opportunity to provide really great value products to our distribution partners and our end customers.

Our hope is that brokers will respond really well to those things. They’ve responded very well where BHSI opened in other parts of the world so far, and we’re hopeful that that will be the case here too.
We’ve only been in business a little over a month, and we’re very pleased with the start we’ve made. It’s exceeded our expectations.

As far as brokers go, it’s working out very well. We’ve met up with all the large and medium-sized companies. For the amount of time we’ve actually been trading, the response from brokers has been excel­ lent.

Will you be interested in buying agencies or even other companies to encourage more rapid growth?
We’ve got a very open mind about all the opportunities that might be there for us in the market, but our starting point will be to build capabilities ourselves.

We have bought a business in the US, but we want to build rather than buy. We think that by being a start-up we’ve also got the opportunity to build the gold standard.

You’ve attracted some high-calibre specialists already.
I have to say I’m very impressed by the professionalism of the market overall, and particularly of the people that we’ve met. One of the benefits of this brand is that we’ve had loads of people reach out to us about opportunities that might be here. I feel very lucky to have been able to pick the best of a very impressive bunch.

Some might say people have been attracted by the money.
Well, Berkshire Hathaway is the perfect alignent for people who are looking to take the next step in their career. But the people we’ve hired so far – and I’d include myself in this – look at it as being a once-in-a-lifetime opportunity to do a start­ up within one of the largest companies in the world.

Because of that we haven’t had to pay above market rate. People are excited by the immediate opportunity of building something from scratch and the future opportunity of what we might be able to do together.

Will you keep your operation centralised in Sydney, or will it expand across the country?
To start with we’ll be operating out of Sydney and Auckland, and we’ll open an office in Melbourne in the second quarter. We’ll look pretty closely at other territories as well.

The brief from Warren for the group is to write any products in any geography where it makes sense.

How many staff are you going to need in Australia?
We now have 32 people across Australia and New Zealand, 24 of them here in Australia. That’s mainly been concentrated around hiring the senior team up to now.

We’ve also just employed another senior executive, with Tony Bainbridge, the former Asia Pacific regional head of healthcare at AIG, joining us as Head of Healthcare.

Both the Australian and New Zealand operations will be run with a very flat structure, with an Australasia Region team made up of me and Cam McLisky, our Country Manager for New Zealand, along with our chief financial officer, our chief risk officer and our human resources director. And that’s it.

This role has also brought you and your family home after 10 years away.
I would’ve gone anywhere in the world to take this job. The wonderful thing for my family and me is that it meant coming back to Australia and living in Sydney.

Written by Terry McMullan, this article appeared in InsuranceNews.

, , , ,

Childcare Insurance Australia-Wide

Childcare Insurance with Statewide

Statewide first placed Childcare Insurance in March of 1988, and since then we have been known as the Childcare Insurance brokerage in Western Australia.

Today we continue our long-standing relationship with the WA childcare industry, and continue to be at the forefront of insurance solutions in the childcare insurance sector.  We are pleased to announce our recent Australia Wide Childcare Insurance Launch, expanding our offerings to all of Australia, in exclusive arrangement with Ansvar Insurance.

2016 sees the Launch of our Exclusive Agreement with Ansvar Insurance – to expand our Childcare Insurance offerings Australia-wide.  We are now able to write Childcare Insurance in every state, and look forward to assisting the rest of Australia for the next 25years and beyond.

Our packages INCLUDE Public Liability and Professional Indemnity for Molestation –  an often overlooked and hard to obtain cover.  Please contact us for a discussion on any ChildCare Insurance needs.


Our packages are tailored to suit the industry, particularly from a Liability insurance component, covering the unique liability aspects of Childcare business.  We insure hundreds of Childcare Centres throughout WA, and continue to be well known and highly regarded throughout the industry.

We Cover any Childcare or Community Care based business:

  • General Child Care
  • long day care
  • outside school hours care
  • before and after school care
  • vacation care
  • pre-school
  • kindergarten
  • playgroup
  • mobile children’s service
  • family day care
  • in-home care
  • nanny
  • home based care
  • babysitter
  • mothercraft nurse
  • mother’s helper
  • housekeeper, nanny

Business Pack Inclusions:

  • Property/Fire/Perils/Accidental Damage
  • Business Interruption
  • Burglary/Theft
  • Money
  • Glass
  • Transit
  • Electronic Equipment
  • Machinery Breakdown
  • General/Mobile Property
  • Tax Audit
  • Employee Dishonesty
  • Workers Compensation
  • Volunteer Personal Accident
  • Public and Products Liability
  • Professional Indemnity
  • Sexual Molestation
  • Officials Liability
  • Employment Practices

Please contact us with any childcare requirements – we cover childcare, daycare, before and after care, aged care, community groups and more.  We insure centres direct, and wholesale to brokers.









ANSVAR – Property Risk Management Manual

ANSVAR – Abuse Prevention – Risk Management

ANSVAR – Abuse Prevention – Checklist

Occurrence-v-Claims Made



First Report of Injury Claim Form – Workers Compensation

Employer’s Report Claim Form – Workers Compensation

Workers Compensation, Injury Mngt Handbook

WorkCover WA Brochure

WorkCover WA 2B Claim Form