The Australian cyber threat landscape continues to be challenging for organisations, with data breaches and ransomware attacks becoming more frequent and destructive. Much of the uptick in cyber-crime is due to the rise in remote working arrangements and the online shift of workforces. This has consequently provided attackers with more opportunities to extort large organisations for seven-figure demands.

Unfortunately, anyone that stores digital information is susceptible to a ransomware incident. In the last year, Australia has seen a high percentage of ransomware incidents reported by the health, government and education industries. Most recently, we’ve seen operational technology (OT) and physical assets be a key target with Lion Dairy and Drinks and meat processor JBS, both crippled by a ransomware attack bringing wool and milk sales to a halt.

Subsequently, the cyber insurance market is evolving as a result of increased claims activity over the last year, with insurers attempting to sustain profitability through increasing premiums, capping limits and requiring more underwriting information.

In 2020, the Australian market observed an average cyber insurance premium increase of 15-20%, with the increases being more prominent in the third and fourth quarters of the year. Premiums are expected to grow as cyber insurance plays a crucial role in minimising the financial, reputation and operational impact of cyber-attacks. Alongside the climbing premiums, insurers are also actively looking to manage their line sizes and aggregation by dipping their limits on any single risk from up to $50 million to $15 million.

The cyber insurance market continues to be a means of transferring risk – increased awareness of this has led to a 20% growth in cyber insurance policies. Manufacturing, transportation and government entities are amongst some of the new buyers; other sectors, including healthcare, energy and retail, have also shown a general uptick.

“We will continue to see changes in this market that will have an impact on policies and their coverage. While the Australian Cyber Security Centre discourage ransomware payments, it is a routine practice. Last month, the Government indicated it is considering mandatory reporting and as recently as last week, a House of Representative committee is reviewing this practice. Discussions include banning the practice altogether.

It is a challenging time for both insurers and their insureds, but we expect the trend of increasing up-take, lower coverage limits, price increases and greater transparency about the company’s risk mitigation strategies to continue.” Karen Drewitt, COO, The Missing Link.

What does this mean for insureds?

With insurance premiums climbing and insurers dipping capacity, new buyers and existing insureds must position themselves to achieve better outcomes with insurance. Underwriting cyber is no longer just checking a few boxes. Insurers are now beginning to request additional information such as; security controls, remote working risk management protocols and business continuity plans.

Those companies who have a proactive approach to security by continually demonstrating risk quality, investment in cyber security and risk management will be best placed to obtain the broadest cover and favourable pricing.

Here at The Missing Link, we can help you be better positioned by ensuring you have robust security policies and controls to protect your business from a cyber-attack. Contact us today to learn more.

 

If you liked this article, you may also like:

Going paperless with Microsoft Teams, Flow, and Adobe Sign

Aged care technology to meet the demands of today and tomorrow

Could you have a business without humans?

Author

Taylor Cheetham

Campaign Manager