Brought to you by:
Vero
Vero

Australia ‘still lagging on cyber risk’

Facebook Twitter LinkedIn Google

An expert on cyber risk has described Australia’s awareness of the issue as “terrible” and lagging well behind the US.

Sydney-based National Practice Leader Cyber for Aon Fergus Brooks says despite large businesses around the world becoming more aware of cyber risks, 60% of them still do not have cyber insurance.

The findings are revealed in Aon’s 2016 Captive Cyber Survey, which interviewed 127 captive insurers about cyber risk and insurance.

Mr Brooks believes this percentage would be much larger in Australia.

“Awareness in Australia is terrible,” he told insuranceNEWS.com.au. “The 60% is reflective of a more mature market than ours.”

Mr Brooks says businesses are reluctant to take up cyber insurance because it is a less tangible risk than other risks.

“The quantification of cyber risk is hard for people to get their head around. That’s why cyber risk assessment and profiling is so valuable.

“The US is having more advanced conversations like what happens when the robots start attacking staff?”

The survey also finds business interruption due to a breach is the top cyber risk concern for businesses across all industries.

More than 60% of those with cyber insurance buy limits in the $US10-25 million ($13.8-$33.79 million) range, and most buy cover for balance sheet protection, followed closely with wanting to “satisfy the board”.

Only 25% of those who bought limits were confident they comply with international best practice and standards for information security governance, while 95% said clear policy wording is the most important issue in the cyber risk market.

The loss adjusting process following a cyber attack claim also worries 75% of large companies.

Mr Brooks predicts the imminent introduction of mandatory reporting of data breaches, which is currently tabled before Federal Parliament, will drag Australian companies “kicking and screaming” into awareness of cyber risks.

“In two to three years cyber will become a standard part of a company’s insurance portfolio,” he said.