The frequency and severity of cyber insurance claims are rising rapidly.
A portfolio analysis conducted by Emergence Insurance shows FY19 claims frequency was up 29% compared with FY18.
The data, released at an Emergence webinar to almost 1,000 brokers and their clients, correlates with new data in the latest notifiable data breaches (NDB) scheme report issued by the Office of the Australian Information Commissioner (OAIC).
Notifiable data breaches were up 14% from the prior quarterly report.
Emergence Portfolio Analyst Luke Sheppard said the agency’s industry categories also mirrored OAIC figures. Professional, scientific or technical services accounted for 20% of claims; healthcare and social assistance 14%; and financial and insurance services 12%. However, claims costs for financial services were 20%.
The OAIC’s report for the quarter to 30 June 2019 showed healthcare remained the worst performing category, with 19% of NDBs, followed by finance at 19% and legal/accounting 10%.
Emergence’s FY19 average claim severity was up 51% on FY18. Luke said claim costs were up to three times higher for businesses that had no written cyber risk management policies or awareness training. In comparison, organisations that regularly updated anti-virus systems had fewer claims.
Emergence data for claim types also echoed OAIC’s statistics, with hacking responsible for 36% of claims and extortion 31%.
Emergence’s claim settlement times have reduced 27% from FY18 to FY19, assisted by streamlined claims processes.
Luke said organisations that conduct daily backups recover 25% faster than those that do not. A large proportion of business interruption claim costs is in data recovery.
Emergence Head of Sales Gerry Power said sound risk management could prevent many data breaches and subsequent claims. Human error remained a major factor. “Employees must understand they are the last line of defence if security systems fail,” he said.
Within Emergence’s portfolio, Queensland had the highest number of claims, followed by NSW. But Gerry said that reflected the portfolio spread, not criminals’ geographical preferences.
The garden-variety cyber criminal goes after low-hanging fruit – organisations with weak security postures where they can access systems via open back doors.
More sophisticated criminals can be embedded within organisations’ systems for six to nine months, observing interactions, before launching targeted attacks.
The OAIC and Emergence data’s close correlation identifies that education is the key to reducing claims and thus lowering premiums.
Emergence is a pioneer of cyber cover in Australia and provides protection for SMEs through to ASX-listed entities.
Gerry says cyber insurance is designed to protect a business when its IT security, policies and procedures fail to stop an attack. “But no amount of risk management can get you out of the sights of a determined cyber attacker.”
Emergence’s strength is broker education, including the regular webinar series that attracts more than 1,000 brokers; social media and web posts; and face-to-face meetings with brokers and their clients to explain cyber risks.
Emergence won the 2019 Insurance Business magazine Underwriting Agency of the Year and was a finalist in the same category at the ANZIIF-Asia Insurance Review awards.
Access the broker portal to obtain Emergence cyber quotations for your clients.