Systemic risks, silent cyber, and state-sponsored hacking are the three biggest global cyber threats, a leading UK-based expert has told an Emergence Insurance webinar.
Scott Bailey, Managing Director Cyber for London-based Markel International, was in Australia to participate in a Q&A session at one of Emergence’s regular webinars for brokers.
Scott said systemic risk existed because “cyber risk knows no boundaries”. An incident affecting a single target could cascade across multiple systems, creating widespread havoc.
Silent cyber was exposures that may be covered under non-cyber policies because many broader liability and property policies had no cyber exclusions. “Coverage may be open to interpretation,” Scott said.
State-sponsored hacking included risks like the 2017 NotPetya encryption ransomware, which was allegedly perpetrated by Russian intelligence against the Ukraine but spread more broadly because of its sophistication.
Scott said trends in other jurisdictions were similar to Australia and included:
• Crypto-jacking, through which computer power is diverted to generate cryptocurrencies. “This can be costly,” he warned.
• Sextortion attacks, which target people viewing “inappropriate websites” and use webcam images of their viewing habits to extort funds.
Emergence Insurance Head of Sales Gerry Power said sextortion attacks had been trending up in Australia.
Social engineering scams – manipulating people’s vulnerabilities so they surrendered confidential information – were active in Australia and internationally. But Scott said those scams could be heavily mitigated by risk management, including requiring call backs to potentially fake phone calls and two-factor password authentication.
The European Union’s (EU) general data protection regulation (GDPR) imposes strict conditions on collecting and sharing personal data and is more onerous than Australia’s notifiable data breach scheme.
Asked whether Australia should adopt a regime like GDPR, Scott said there were moral benefits and “many global tech companies are falling foul”. But he likened GDPR to “using a sledgehammer to crack a nut”. “It’s a significant burden for many businesses.”
Gerry warned Australian businesses capturing EU data need to understand and comply with GDPR’s strict requirements.
Emergence Insurance has expanded its Lloyd’s syndicates panel beyond Markel, which remains its key security provider, because of major growth in the past three years and the need to access future capacity.
Scott says diversification is important because, as cyber losses increased, risk sharing across the market is vital.
Corporates are now seeking coverage for $100 million-$600 million and Scott cited a hotel chain’s claim settlement which had cost the market about $400 million.
Industry sectors like online gambling and video gaming are big cyber cover buyers, along with traditional industries like retail, hospitality and health.
Scott advises Australian brokers for whom Gerry says cyber is “still a hard sell” to assess clients’ businesses to identify obvious exposures. Risk management advice must work in tandem with risk transfer.
Gerry agrees, saying a cyber policy is part of every successful business’s risk management framework.
Cyber insurance is not the first line of defence; it is designed to protect a business when its IT security, policies and procedures fail to stop an attack. But no amount of risk management can get you out of the sights of a determined cyber attacker.
Scott says many SMEs do not think they are vulnerable because SME incidents are not publicised like big companies’ attacks. SMEs don’t think about cyber attacks until after they’ve had an uninsured data breach.
Gerry said: “If you learn from your mistakes and do something positive, the risk is improved. But you need to go to the core of the problem.”
Emergence is a pioneer of cyber cover in Australia and provides protection for SMEs through to ASX-listed entities.
Emergence has won the Insurance Business Cyber Product of the Year award in three of the last four years, including 2018, and has been nominated for its Underwriting Agency of the Year award in 2019.
You can obtain Emergence cyber quotations for clients by accessing the broker portal.
This blog is another cyber education initiative from Emergence.