The Cyber story continues….
SIC zeroes in on cyber crime
4 April 2016
The Australian Securities and Investments Commission (ASIC) has stepped up its surveillance of cyber crime this year in a bid to keep pace with the growing digitisation of the financial services industry.
ASIC will invest more in digital forensics capabilities and training its forensic analysts, its enforcement report for last July-December says.
“The increasing incidence, complexity and reach of malicious cyber activities can undermine businesses and destabilise our markets, eroding investor and financial consumer trust and confidence in the financial system and the wider economy,” it says.
“We will take appropriate enforcement action by accepting enforceable undertakings or issuing infringement notices where we identify wrongdoing – for example, where disclosure by companies and issuers provides insufficient information on cyber threats.
“As technology continues to replace traditional methods of investing, the likely increase in the incidence of cyber crime means ASIC and other law enforcement agencies will focus on activities that ensure investors and consumers continue to be protected.”
The volume of electronic forensic data received by the regulator has increased steadily from less than 40 terabytes at the start of 2013 to more than 120 terabytes last year.
ASIC expects the figure to rise to 425 terabytes of data per year by 2020. One terabyte is equivalent to about 1000 gigabytes.
“The increasing volume of data means traditional review methodologies based on targeted keyword searches and manual review are becoming less effective and efficient.
“ASIC is increasingly adopting smarter strategies that use tools such as predictive coding, machine learning and computer algorithms.”
The regulator secured $149 million in compensation and remediation for consumers and investors in the second half of last year, the enforcement report shows.
It removed 27 individuals from financial services, laid 42 criminal charges, charged six in criminal proceedings and issued 20 infringement notices.
Stock markets a target for cyber crime: report
11 April 2016
Financial markets are a prime target for cyber attacks because they are “where the money is” and can represent a nation or symbolise capitalism, according to a new report.
The International Organisation of Securities Commissions (IOSCO) paper, called Cyber Security in Securities Markets – An International Perspective, outlines different approaches to cyber security adopted by market participants and regulators worldwide.
It says cyber is not “just another risk” but constitutes “a unique, highly complex and rapidly evolving phenomenon” that jeopardises the integrity and efficiency of financial markets.
The report says PricewaterhouseCoopers’ latest Global State of Information Security Survey questioned 10,000 executives from 127 countries, and found the number of incidents detected by respondents last year was up 38%.
A Ponemon Institute study last year put the average cost of data breaches to companies at $US3.79 million ($5 million), up 23% over the past two years.
IOSCO says the “almost complete digitalisation of data” in securities markets and increasing use of mobile devices, outsourcing and cloud computing make the industry more vulnerable.
“The human element of cyber risk, combined with rapidly evolving technologies in securities markets, suggests this topic requires swift and sustained attention by regulators and market participants,” the report says.
“According to many cyber-security experts, the question for financial market participants is not if a cyber attack will occur but rather when.”
The report says cyber insurance should be a complement to a business’ cyber-security framework – not a replacement.
Global annual gross written premium for cyber insurance is about $US2.5 billion ($3.3 billion), and PricewaterhouseCoopers projects it will be $US7.5 billion by the end of the decade.
Munich Re, Beazley team up on cyber cover
18 April 2016
Munich Re-owned Corporate Insurance Partner and Beazley have joined forces to offer cyber cover of up to $US100 million ($131 million) in response to growing demand.
Coverage options are tailored to a variety of exposures including hacking or malware attacks, distributed denial of service attacks, cyber extortion, and property damage and bodily injury.
“In recent years cyber threats have risen steadily up the agenda of the world’s largest companies… with significant implications for their balance sheets and financing capabilities, through to dealing with regulators and ratings agencies,” Corporate Insurance Partner Head of Cyber Solutions Chris Storer said.
“Through our close partnership… we believe we can offer a service that is unique in providing large corporate and industrial clients with fit-for-purpose cyber solutions that help them manage the manifold risks that cyber attacks can present.”
Various industry studies put cyber risk among the leading issues for the global business community, with financial consultants Grant Thornton estimating the cost of such attacks at about $US315 billion ($413 billion) a year.
“Rapidly flowing data is the lifeblood of modern business,” Beazley Focus Group Leader for Technology Mike Donovan said. “When that data ceases to flow, or is siphoned off, the costs for large interconnected enterprises can be huge.”
Cyber risks on radar, but strategies fall short: report
18 April 2016
The cost of business interruption is the leading cyber-risk concern for businesses, according to Aon Global Risk Consulting.
The group’s global benchmarking report, the Captive Cyber Survey, gauges organisations’ attitudes to cyber threats, risk assessment, insurance-buying trends and loss adjustment concerns.
Peter Mullen, CEO of Aon’s Captive and Insurance Management practice, says the findings show a disparity between companies recognising cyber as one of the fastest-growing risks and understanding what their exposures and coverage needs are.
The survey shows 94% of companies would share risk with others in their industry.
Aon experts expect alternative risk transfer options will become increasingly popular because they give companies some control over underwriting, coverage scope and claims adjustment, while providing an opportunity to share best practices, experience and data.
The survey also shows 95% of respondents believe clear policy wording is the most important issue in the cyber-risk market, and 75% of large companies are concerned about the loss adjustment process.
CGU launches revolutionary new cyber product into the Australian market
20 Apr 2016
CGU Insurance has launched a new cyber defence product aimed at mitigating the rising tide of cyber-attacks.
The company believes its new offering CGU Cyber Defence, developed with SME customers in mind, will protect businesses from cybercrimes such as privacy breaches, system damage, extortion, computer viruses, crime and hacking.
CGU National Underwriting Manager Professional Risks Najibi Bisso said now that cyber security is one of the biggest issues facing businesses and individuals today, it’s essential for all business with a digital presence to ensure they have the right protection in place.
She said the new product, which includes a wide range of features such as free cyber consultation, 24/7 incident response team and a breach coach, provides much broader cover than their competitors and is equipped with an all-encompassing cyber incident response service.
“We’ve developed an offering that we believe addresses the growing concerns SME’s will face in future. The product is offered standalone as well as an extension to existing policies.”
Bisso said the partnership with Norton Rose Fulbright means they can now provide a round-the-clock cyber incident response team and service for their customers.
“We’re also working with our partners to help them educate SME’s on the importance of cyber security by providing a range of tools that partners can access online through the CU cyber microsite.
Scott and Broad CEO Mike Burgess, whose major client has a CGU Cyber Defence Policy, said that CGU were a “natural choice for us when we were looking for cyber risk support for our clients. For this type of risk you need a large insurer who has the capacity to pay these types of claims and launch a response when the cyber event occurs.”
Cyber-security plan will unlock innovation, PM says
26 April 2016
Prime Minister Malcolm Turnbull says an “open, free and secure” internet is vital for Australia’s future prosperity.
Introducing the Government’s $230 million cyber-security strategy, he says the plan sets out a “philosophy and program” for meeting the challenges of the digital age.
“A secure cyberspace provides trust and confidence for individuals, business and the public sector to share ideas and information and to innovate online,” Mr Turnbull said.
“The security threats we face are real and they are growing in severity and frequency.”
He argues the cyber-security strategy is critical to Australia’s transition to “a new and more diverse economy, which is fuelled by innovation”.
“We cannot allow cyberspace to become a lawless domain. The private sector and government sector both have vital roles to play.
“By working together we will build and strengthen a trusted online environment and unlock Australia’s digital potential.”
The strategy comprises 33 distinct programs, and will directly result in the creation of more than 100 jobs.
CGU raises SME cyber shield
26 April 2016
CGU has produced a cyber cover to protect Australian SMEs from threats including privacy breaches, system damage, extortion, computer viruses, crime and hacking.
“Cyber security has become one of the biggest issues facing businesses and individuals today and it’s not going away,” National Underwriting Manager Professional Risks Najibi Bisso said. “We have developed an offering that we believe addresses the growing concerns SMEs will face in the future.”
CGU says government data shows almost 700,000 businesses have been victims of cyber crime, and 60% of attacks were targeted at SMEs. The average cost of such an attack exceeds $275,000.
“Cyber events can result in thousands of dollars in remediation costs… extortion costs or being sued by customers or employees for loss of personal information,” CGU said.
“Such expenses could lead to devastating loss of profits, revenue or trust in your business and brand.”
CGU’s Cyber Defence product has a number of features, including a 24/7 incident response team, advancement of defence costs, global territorial cover regardless of where an attack originated and a free one-hour consultation to assess risk mitigation strategies.
Corporate spending on IT security in the Asia-Pacific region is expected to rise from $US71 billion ($91 billion) in 2014 to $US170 billion ($218 billion) by 2020.
Hackers rely on human factor: cyber-crime report
2 May 2016
Cyber criminals continue to rely on familiar attack patterns such as phishing and ransomware, according to the latest Verizon Data Breach Investigations Report.
Among the global survey’s findings: 89% of attacks last year involved financial or espionage motivations; 85% exploited known vulnerabilities that have not been rectified; and 63% of confirmed data breaches involved using weak, default or stolen passwords.
Communications giant Verizon says understanding the “threat landscape” is the first step to addressing the issue.
Phishing – in which users receive an email from a fraudulent source – continued to prove an effective technique for cyber criminals.
Some 30% of phishing messages were opened (up from 23% in 2014), and in 13% of these cases malicious attachments or links were opened, causing malware to drop.
Human error was the leading cause of security incidents last year, with 26% of cases in this category involving sending sensitive information to the wrong person. Other errors in the category include improper disposal of company information, misconfiguration of IT systems and lost and stolen assets such as laptops and smartphones.
“You might say our findings boil down to one common theme: the human element,” Verizon Executive Director of Global Security Services Bryan Sartin said. “Despite advances in information security research and cyber-detection solutions and tools, we continue to see many of the same errors we’ve known about for more than a decade now.”
The global report includes contributions from the Australian Federal Police.
Report highlights the need for business to invest in robust cyber coverage
04 May 2016
The release of Verizon’s 2016 Data Breach Investigations Report (DBIR) underlines the need for businesses to have robust cyber coverage and for brokers to have conversations with their corporate clients about cyber security, says a top cyber and financial institutions specialist.
The highly anticipated annual report includes industry-specific information discussing the top threats for financial services, healthcare, hospitality, public sector, retail and technology, and how these sectors can mitigate risks.
This year’s report points to repeating themes from prior-year findings such as the fact that 89% of all attacks involve financial or espionage motivations and exploit known vulnerabilities that have never been patched and that the top ten known vulnerabilities accounted for 85% of successful exploits.
It also found that 63% of confirmed data breaches involved using weak, default or stolen passwords, 95% of breaches and 86% of security incidents fell into nine patterns and basic defences continued to be sorely lacking in many organisations.
AIG’s National Cyber and Financial Institutions Specialist, Liliana Uhrik said: “With the risk of cyber-crime heightening every year, it is crucial that brokers and insurers are regularly talking to clients about uninsured exposures and the most suitable insurance solutions for their business.”
A cyber policy can provide everything from cover for fines, investigations costs, IT forensic services costs to public relations, breach notification and business interruption costs following a cyber-attack, she said.
But it’s equally as important to assist clients in developing risk mitigation strategies for avoiding cyber risks, she said.
“Simple actions businesses can take include generating cyber-crime awareness among employees, ensuring firewall and IT security software is up to date, encrypting mobile devices and creating a business continuity plan.”
Any good insurer will strongly support the broker in helping the client understand the risk of cyber-crime and the potential solutions,” she said.
“At AIG we do this by providing access to expert claims personnel who can talk through risk mitigation strategies, as well as access to useful sales tools that contain insightful thought leadership articles and whitepapers, claims stories and information about our insurance solution.”
ASX100 cyber security scheme to benefit insurance companies
10 May 2016
Insurance companies and consulting firms are likely to benefit most from the government’s plan to introduce voluntary cyber security health checks at Australia’s biggest companies, says a report by WAtoday.
The health checks are part of the Federal Government’s $230 million Cyber Security Strategy, which aims to guide Australia into becoming a cyber smart nation.
The health checks aims to raise awareness among businesses about cyber risks and opportunities. It will be coordinated by the Australian Securities Exchange, in partnership with government agencies and the private sector, and offered to the top-100 listed companies.
The scheme is similar to checks in listed companies in the United Kingdom − only optional rather than mandatory.
According to industry figures, the health checks will provide valuable information for insurance companies pushing for cyber security protection.
“This would be very positive news for insurers because it would give them a common grounding to base their price premium pricing on,” said Scott Guse, an Audit and Advisory Partner at KPMG.
Guse explained that even as cyber security insurance is growing in Australia, insurers are still grappling with how to price premiums and assess risks. He added that insurance companies don’t have the skills in-house to go into an organisation and implement cyber health reviews.
“If they can use this as a benchmark, it will provide a consistent framework across all companies,” Guse said.
Insurers deliver on privacy: Deloitte
23 May 2016
The insurance industry is the fourth most trusted in Australia, according to Deloitte’s annual Privacy Index.
The assessment of 116 brands – including nine leading insurance companies – revealed that 94% of consumers now rank trust above convenience.
But while the insurance industry performed well, up two positions from last year, it remains some distance behind banking and finance in the top spot.
“It was not a bad result for insurers,” National Lead Partner Cyber Risk Services Tommy Viljoen told insuranceNEWS.com.au.
“Overall it was good to see insurance in the top four, but there is a large gap between them and banking and finance.”
Mr Viljoen says the insurance industry had fewer consumers with privacy issues, but was much less successful at resolving those issues satisfactorily.
Banking and finance privacy policies were also more comprehensive, as was the privacy information contained on its websites and mobile apps.
“Banking gave more information about cookies, and insurance companies’ cookies were active for twice as long on average as those in banking and finance.
“Banking and finance was much better than insurance at providing transparency about where data is being sent.”
The Deloitte Privacy Index rankings are: banking and finance 1; government 2; energy 3; insurance 4; telecommunications 5; higher education 6; technology 7; travel and transport 8; health and fitness 9; retail 10; social media 11; media 12; real estate 13.
Cyber breach affects your employees, too
24 May 2016
Cyber risk has many obvious impacts on a business but one international broker has revealed the issues cyber-attacks have on employees of affected businesses.
According to a new Willis Towers Watson report, employees judge organisations experiencing data breaches as lacking a learning culture that flourishes with high integrity and puts the customer at the centre of business activity.
The report, entitled Inside Threat: Why Employee Behavior and Opinions Impact Cyber-Risk, shows employees’ opinion of data breach companies. The report also puts a fundamental emphasis on employee culture as a first line of defence against cyber-risk.
“These data are significant because they offer an inside view of workforce culture and for the first time reveal the vulnerabilities within companies experiencing cyber –breaches based on the ultimate insiders – their employees,” commented Patrick Kulesa, global research director, on the findings.
The Willis Towers Watson analysis was based on survey results from over 450,000 employees corresponding to a period during which significant data breaches were identified within their firms. The results were then benchmarked against global high-performance companies and global information technology staff.
Willis Towers Watson said that, as expected, survey findings show significant gaps in favourable opinion scores between employees in data breach groups and each benchmark, particularly in three areas of workforce culture – training, company image, and customer focus.
Compared to the IT employee group, IT employees in data breach companies gave low scores to training and perceived training of new employees. The analysis points to the vulnerability of new staff as a potential serious source of cyber-risk if not effectively trained.
Also compared to the IT employee group, the analysis shows that frontline IT staff in data breach companies report less favourable views of perceived pay-for-performance for their role – a potential barrier for efforts to identify and manage cyber-risk.
Compared against both benchmarks, employees in data breach companies suggest a widespread lack of customer focus. This is a critical issue from a risk management perspective, as it could set the stage for poor decision making and undermine efforts to counteract theft of online customer information.
“There is broad awareness of the human element as a risk factor in data security breaches. However, to more effective manage cyber-risk, organizations need to better understand how the various elements of their workforce culture shape their employees’ behaviour, and ultimately, either reduce or drive their exposure to cyber-risk,” said Adeola Adele of Willis Towers Watson’s FINEX North America practice.
To address cyber-risk stemming from inside threats, Willis Towers Watson experts suggest the flowing prevention priorities for organisations:
Collaborate across corporate functions, including IT, HR, Legal, Operations, and Finance, in setting cyber-strategy;
Invest in making the workforce cyber-smart, and provide rewards and disincentives to encourage a cyber security-supportive culture;
Consider technology as only of the several lines of cyber defence; and
Insure for cyber-threats the organisation cannot mitigate.
Industry calls for cyber database
26 May 2016
Cyber is one of the biggest insurable risks that the insurance industry will have to meet.
The lack of cyber data, however, hinders the growth of the insurance industry and to the UK’s becoming a world leader in cyber insurance. The solution? A national, not-for-profit, anonymised database for recording cyber breach cases in businesses, according to the Association of British Iinsurers (ABI) website.
The database will cover cyber incidents including business interruption losses, ransom demands, loss of confidential data, and damage to IT systems. Building on the requirement in the European Network Information Security Directive for certain firms to notify of data breaches from 2018, the data could be anonymised and made available to insurers to improve pricing and products. If actualized, this national database accessible to insurers would be a world first.
“Cyber losses are the biggest threat to Britain’s world leading digital economy, and we need to capture more data to get on top of the problem,” said Huw Evans, ABI’s Director General, adding that “Cyber [loss] is the biggest insurable risk that the industry will have to meet, and it is critical to the economy.”
ABI highlights the importance of cyber data for growing the insurance industry, the lack of which data, Evans said is a huge inhibitor to the UK being at the core of the cyber market.” He explained that more data “can stimulate the cyber insurance market, giving greater choice to businesses in insuring against cyber losses.”
Matt Cullen, ABI’s Assistant Director, Head of Strategy stressed the crucial role of the insurance industry in helping firms of all shapes and sizes improve their resilience to cyber attacks, and help them recover from cyber incidents.
Cullen said that small and medium-sized businesses (SME) are also being targeted by cyber criminals, since these firms “have lower levels of data protection in place than larger organisations.”
“A cyber attack will often be very disruptive and costly, and in some cases, could even threaten a smaller firm’s existence,” said Mike Cherry, National Chairman at the Federation of Small Businesses.
“Smaller businesses are struggling with the increasing volume and sophistication of cyber attacks. While 93 per cent have taken steps to protect their business from cyber crime, the growing number of businesses still falling victim is a worrying trend.”
Cherry also shared that according to a FSB research, the types of cyber crime most commonly affecting small businesses are emails, 49 per cent; spear phishing emails, 37 per cent; and malware attacks, 29 per cent.
ABI, an organisation that speaks on behalf of UK insurers and promotes best practice, transparency, and high standards within the industry, released a guide entitled, “Making Sense of Cyber Insurance,” which explains the key types of protection to look out for in cyber insurance policies – business interruption losses, privacy breach costs, cyber extortion, and cyber specialist support.
British insurers back cyber database
30 May 2016
The Association of British Insurers (ABI) has called for a national database of cyber incidents and attacks on businesses.
The anonymous record would contain details of business interruption losses, ransom demands, loss of confidential data, and damage to IT systems.
More information on cyber attacks could help grow the insurance market, says the ABI, giving more choice for businesses.
Some US states require firms to report cyber breaches, but a national database accessible to insurers would be a world first.
ABI Director-General Huw Evans believes cyber losses are the biggest threat to the country’s digital economy and more data is required.
“We have 350 years of fire data and 100 years of motor and aviation data, but we have just a few years of cyber data,” he said.
“But cyber is the biggest insurable risk that the industry will have to meet, and it is critical to the economy.
“If it is not a requirement to report these losses, then insurers are not going to have the data they need to provide the right cover.”
ASIC to prioritise cyber resilience
07 Jun 2016
As cyber-attacks are becoming an ever-increasing risk for businesses, the Australian Securities and Investments Commission (ASIC) has identified cyber resilience as a key priority for ensuring that Australia’s financial markets are fair, orderly, transparent, and efficient.
“With the risk and sophistication of cyber-attacks growing faster than the traditional firewall and antivirus technology can keep up, organisations need strategies to prevent, detect cyber risks,” said ASIC Chairman Greg Medcraft during the Annual Stockbrokers Conference held last week.
“We acknowledge that complete cyber-security can never be achieved, but a comprehensive and long-term commitment to cyber resilience is essential to retain investor and financial consumer trust and confidence,” said Medcraft.
The ASIC chairman also revealed that they have established a markets cyber risk taskforce which will be collaborating with stakeholders, local and international peer regulators, and the government in implementing its recently launched cyber strategy.
ASIC released a report in March this year, entitled Cyber Resilience Assessment Report, which sets out several good practices for cyber resilience, and identifies key questions that directors and board members should seek to ask their executives.
The independent Australian government body recognises cyber risk as a key threat in their strategic policies, and aims to assist their regulated population in improving cyber resilience. In March 2015, ASIC published Cyber Resilience Health Check which cites measures on how to improve cyber resilience by:
Increasing awareness of the risks;
Encouraging collaboration between industry and the government;
Providing health check prompts to help businesses consider their cyber resilience, and
Identifying how to address cyber risks in the regulatory context, including considering board oversight of cyber risks.
Australia ‘needs to build a cyber militia,’ says cyber expert
09 Jun 2016
An international cyber security specialist has stressed the urgency of building a cyber militia in Australia, which he says is a historic choice point when it comes to cyber defence.
“We will have to build a cyber militia soon,” said Greg Austin, a professor at the Australian Centre for Cyber Security (ACCS) in the University of New South Wales (UNSW) Canberra, “and we need research and debate now on what that looks like.”
At UNSW Canberra, students will develop options for an Australian cyber militia by the end of 2016. Adding to ACCS’ unique suite of degrees and programs is UNSW’s teaching program in cyber military strategy, which, Professor Austin says, “wants to translate the existing knowledge of our students in policy, the ICT sector, management, or cyber threats into a lasting influence on national problems.”
“To complement their work on an Australian cyber defence militia, students can study the hacker armies of Iran and North Korea, the tactics of Anonymous and Wikileaks, and the development of cyber reserve forces in the UK, USA, Israel, and Estonia,” Austin added.
“This project is part of our effort to inform the development of a national security curriculum, which we don’t have, and stimulate debate about a National Cyber Security College, which we probably need urgently.”
In a discussion paper, Australia Rearmed! Future Needs for Cyber-enabled Warfare, released in January 2016, Austin noted that “Australia’s response to the emerging centrality of cyber space in the conduct of future war has been slow and fragmented.” He also identified dominance in cyber space as one of the primary determinants of war.
Cyber insurance needs to keep up with evolving threat landscape
14 Jun 2016
Organisations are being encouraged to ensure that their cyber insurance policies cover new social engineering email attacks, IT Brief reported.
According to a new research by email and data security firm Mimecast, 45 per cent of cyber-insured organisations are unsure if their policies are fully up to date to cover the ever-evolving threat landscape. Mimecast warns that this leaves firms vulnerable to taking the full financial brunt of cyber-attacks.
The research also shows that only 43 per cent of firms with cyber insurance are confident that their policies would pay out for whaling (CEO fraud) financial transactions; while firms that don’t have cyber insurance are at 64 per cent.
Mimecast says the rise of whaling has created an attack climate where many organisations with cyber insurance may not be protected from fraudulent transactions because it’s not covered in the policies they originally signed.
The research also reveals that organisations that have seen an increase in untargeted phishing emails are at 58 per cent; in targeted phishing attacks, 65 per cent; and in phishing attacks, 65 per cent.
“Cyber insurance uptake is growing quickly but a lack of employee training on the latest email attacks is leaving organisations at great risk of breaking policy terms,” says Nicholas Lennon, country manager ANZ, Mimecast.
“While insurers often pay for clean-up fees after a breach, it is important that organisations check that their policies protect them if an employee is tricked into sending a large amount of money to a fraudulent account,” he explains.
“Attacks where employees are tricked into sending personal data or intellectual property are even less likely to be fully covered.”
“With the cybersecurity landscape constantly evolving, cyber insurers will have great difficulty keeping their coverage up-to-date,” Lennon says.
“A comprehensive cyber resilience strategy is only effective alongside regular employee training on the latest threats combined with appropriate technology fail safes.”
Australia ‘still lagging on cyber risk’
20 June 2016
An expert on cyber risk has described Australia’s awareness of the issue as “terrible” and lagging well behind the US.
Sydney-based National Practice Leader Cyber for Aon Fergus Brooks says despite large businesses around the world becoming more aware of cyber risks, 60% of them still do not have cyber insurance.
The findings are revealed in Aon’s 2016 Captive Cyber Survey, which interviewed 127 captive insurers about cyber risk and insurance.
Mr Brooks believes this percentage would be much larger in Australia.
“Awareness in Australia is terrible,” he told insuranceNEWS.com.au. “The 60% is reflective of a more mature market than ours.”
Mr Brooks says businesses are reluctant to take up cyber insurance because it is a less tangible risk than other risks.
“The quantification of cyber risk is hard for people to get their head around. That’s why cyber risk assessment and profiling is so valuable.
“The US is having more advanced conversations like what happens when the robots start attacking staff?”
The survey also finds business interruption due to a breach is the top cyber risk concern for businesses across all industries.
More than 60% of those with cyber insurance buy limits in the $US10-25 million ($13.8-$33.79 million) range, and most buy cover for balance sheet protection, followed closely with wanting to “satisfy the board”.
Only 25% of those who bought limits were confident they comply with international best practice and standards for information security governance, while 95% said clear policy wording is the most important issue in the cyber risk market.
The loss adjusting process following a cyber attack claim also worries 75% of large companies.
Mr Brooks predicts the imminent introduction of mandatory reporting of data breaches, which is currently tabled before Federal Parliament, will drag Australian companies “kicking and screaming” into awareness of cyber risks.
“In two to three years cyber will become a standard part of a company’s insurance portfolio,” he said.
Cyber ransom liability insurance, a must for the healthcare industry
24 Jun 2016
Cyber ransom liability insurance, a must for the healthcare industry
Insurance law specialists underscore the need for cyber ransom liability insurance for healthcare organisations, especially with the rise of cyberattacks, reported Healthcare IT News.
Paula Litt, a partner with and the leader of the insurance recovery and advisory practice group at Honigman Business Law Firm, reminds companies to ensure that they understand the coverage they are getting; and to make sure ransomware is covered in their policy.
“Cyber ransom liability insurance is to protect the victim of a crime,” said Litt.
“But there are all different components within a cyber policy. Everyone is at a risk for cyberattack, and organisations need to figure out the risk and what kind of coverage they need.”
“If you’re insured, you want to cover all of the incurred costs due to the breach – including third parties,” Litt added.
“It’s critical [that] we understand the risk. We need to build in protection for undetected problems that happened before the policy went into place. It’s a big issue for cyber insurance – and a big issue for the insured.”
Linda Ross, a partner with and leader of the healthcare practice group at Honigman, cited some risks organizations need to consider when purchasing a policy, such as failing to meet a standard of care and malpractice claims when ransomware forces the return to paper; risks to the integrity of data and security of the Electronic Health Record; and identity theft of patients.
Healthcare organisations need to educate employees on the risks and on simple prevention methods. “You can taint a whole network with just one e-mail,” Ross said. “When a breach occurs, it’s already too late for insurance.”
Zurich unveils cyberattack response solution
27 Jun 2016
Zurich has launched a new cyberattack response solution for businesses across Asia Pacific.
DisgitalResolve, a coordinated incident response service, has been launched by the international insurer to help businesses in Asia Pacific mitigate and recover from cyberattacks.
The solution will be offered via Zurich partner Crawford & Company and is currently available for customers in Singapore which covers customers worldwide with an Australia and New Zealand role out planned in the future.
Oliver Vale, head of professional indemnity, Zurich Global Corporate Asia, said that the rising threat of cyberattacks for all businesses made the solution a logical next step for the business.
“DigitalResolve is specifically set up to provide the same high level of resolution worldwide as it is locally, as panels are chosen not only for their track record and expertise but also their global reach and established networks,” Vale said.
The new service will support businesses that are attacked with a round-the-clock incident manager with immediate response capabilities who will then be able to appoint and coordinate a team of cyber experts to resolve the issue and minimise post-attack exposure.
Whilst the response depends upon the attack, Zurich noted that a variety of experts will be on hand including PR consultants, forensic accountants, IT forensic experts, lawyers, credit monitors and ransom negotiators.
Vale stressed that those ignoring the potential of cyber-attacks throughout Asia Pacific do so at their own peril.
“It is not a question of if but when a cyberattack will happen,” Vale continued.
“Today more than half of the world’s internet users are in Asia. However, despite being the fastest growing region for connectivity, the region is still inadequately prepared for cyberattacks.
“Embracing new IT-driven technologies opens up wide-ranging opportunities for organisations of all sizes – but our increasing reliance on the internet introduces significant new risks too. In light of the increasing volume and sophistication of security breaches, it is no longer sufficient to consider cyber risk a concern for the IT department or mitigate against the possibility of experiencing cyberattack in the first place.
“Today, organisations must also plan for co-ordinated recovery in the event of an attack, so that when breaches happen, they can get the business back to full strength, at full speed.”
Zurich launches cyber response package
27 June 2016
Zurich has launched an incident response service to help businesses in the Asia-Pacific region mitigate and recover from cyber attacks.
The insurer says DigitalResolve, offered through loss adjuster partner Crawford & Company, helps organisations co-ordinate and manage resources to recover from damaging attacks with minimum disruption.
The service supports organisations by assigning a dedicated 24/7 incident manager, who in turn appoints and co-ordinates a team of cyber experts to resolve the issue and minimise post-attack exposure.
Depending on the attack, these will include PR consultants, forensic accountants, IT forensic experts, lawyers, credit monitors, and ransom negotiators.
DigitalResolve will be available to all Zurich Security and Privacy customers in Singapore first, followed by Hong Kong, Japan and China by the end of this year. It will then be rolled out to other markets across the region.
A spokesman for Zurich Australia told insuranceNEWS.com.au the company is “currently in the process of rolling it out in Australia”.
Oliver Vale, Zurich’s Head of Professional Indemnity Zurich Global Corporate Asia, says more than half of the world’s internet users are in Asia.
“However, despite being the fastest-growing region for connectivity, the region is still inadequately prepared for cyber attacks,” he said.