Insurers have again pressed Canberra for more support to bridge the cyber protection gap facing Australian businesses, specifically in the form of a “public-private cooperation” model that is currently under consideration in the US and the UK.

Insurance Council of Australia (ICA) CEO Andrew Hall says the industry alone cannot manage the growing danger, such as “catastrophic” cyber-attacks from hostile state actors or terrorist groups.

“We want to improve the accessibility of cyber insurance across the Australian economy,” he said in a speech today at the Clyde & Co Australia inaugural cyber summit in Sydney, adding “there are limitations to the market’s risk appetite”.

At present many insurers are reluctant to provide cyber insurance, or instead provide limited cover, given the high cost and difficulty in pricing cyber risk due to its rapidly changing profile.

“Insurers alone cannot accept the risk associated with catastrophic cyber-attacks, such as those that involve a state or terrorist actor, or those that significantly restrict or even bring down critical infrastructure,” Mr Hall said.

“In the United Kingdom and the US, governments are exploring how public-private cooperation can bridge this risk gap.

“The insurance industry would welcome a local opportunity to partner with the Government on a similar solution.”

UK media reports say insurers in the country have had initial talks with Treasury over whether the Pool Re terrorism reinsurance scheme could be expanded to include state-sponsored or war-related cyber attacks.

In the US the Government Accountability Office last year recommended Treasury’s Federal Insurance Office and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency jointly assess the extent to which risks to critical infrastructure from catastrophic cyber incidents and potential financial exposures warrant a federal insurance response.

The ICA has previously urged the Government to consider the “public-private cooperation” model in a submission to the 2023-2030 Australia Cyber Security Strategy discussion paper.

In his speech this afternoon Mr Hall says the focus on cyber risks and cyber insurance is increasing as a result of the recent and high-profile attacks on Medibank and Optus.

Yet the role of cyber insurance is not broadly understood, and uptake of cyber insurance is still low when compared to other classes of insurance. Only about 20% small businesses have cyber cover.

“The combination of a small premium pool and the increasing sophistication and maliciousness of some cyber-attacks have put significant pressure on insurers and businesses alike,” Mr Hall said.

He says greater information-sharing between government and industry – in both directions – can also improve the situation in helping insurers understand the cyber risk and price of underwriting it.

“It is important that the business community is providing as much intelligence to government as early and often as possible,” Mr Hall said.

“In return, the government must deidentify and aggregate into digestible and actionable intelligence reports for industry.

“This may require putting appropriate guardrails in place. However, this information sharing will help build a national trust-based ecosystem that will serve to improve Australia’s national cyber posture.”