ICA calls for overhaul of cyber policy settings
Monday, 28 March 2022
Australian businesses, insurers and government must work together to establish the settings for a vibrant and sustainable cyber insurance market to underpin economic growth into the future, the Insurance Council of Australia (ICA) today said.
Released in its Cyber Insurance: Protecting our way of life in a digital world paper, ICA highlights challenges to maintaining and developing a cyber insurance market to support Australian individuals, businesses and organisations operating in the digital economy following the COVID-19 pandemic.
This unprecedented growth in digitisation and connectivity has led to increased cyber risk. The spectrum of cyber risk includes inadvertent or deliberate data breaches by employees at one end, and ranges to criminal gangs and nation states targeting business operating systems at the other end.
Responding, rectifying and reporting a cyber incident can be challenging and expensive for a victim’s business. Cyber insurance provides an important support to these businesses, including facilitating access to expert assistance, which is particularly valued by smaller businesses.
ICA has acknowledged that in Australia standalone cyber insurance is not, as yet, a well-known or understood insurance product. This and a small number of insurance providers in the market has implications for the pool size by which risk is transferred.
This together with increasing loss ratios and reducing risk appetite can make it harder for some Australian businesses to purchase cyber insurance, prompting the industry’s call to overhaul the government’s policy settings.
Among the recommendations made, ICA is calling for better data sharing, both from industry to government and importantly from government to industry to prevent, detect and report cyber-attacks.
Minimum security requirements and third-party certifications for software and hardware should also be made mandatory to reduce the vulnerability of cyber-attacks.
Investment incentives for education around cyber risk, as well as for businesses willing to disclose and work with enforcement agencies are also needed.
ICA has also called for the Government to develop and issue an Australian cybersecurity standard to ensure that government agencies and contractors with whom they do business evaluate their cyber maturity according to uniform and constantly evolving standards.
The following quotes can be attributed to ICA CEO Andrew Hall:
Right now, cyber insurance awareness is low within the Australian business community – only about 20 per cent of small businesses have cyber cover.
However, the digital evolution of both the economy and society since the COVID-19 pandemic has resulted in increasing awareness of cyber risks. As a result of this, in recent years, the number of organisations taking up cyber insurance in Australia has increased rapidly.
Right now, there is a small number of insurance providers. The combination of a small premium pool and the increasing sophistication and maliciousness of some cyber-attacks have put significant pressure on insurers and businesses alike.
This policy paper is the first step in getting the settings right for managing cyber risk in Australia and will give the industry greater confidence in participating in the market and providing cover.