Brought to you by:

Cyber risks awareness too low, says Allianz

Awareness of cyber risks posed by criminals or internal IT negligence is alarmingly low among Australian businesses, according to new research by Allianz.

While acutely aware of the risks posed by natural disasters and business interruption, just 6% of Allianz corporate and industrial insurance managers believe their Australian clients are concerned by cyber risks – whether self-inflicted through human error or due to cybercrime.

The global survey of experts from 28 countries across the Allianz group identified business interruption and supply chain risk (45.7% of responses) and natural catastrophes (43.9%) as the two most common risks, followed by fire and explosion and changes in legislation and regulation.

But Allianz Global Corporate & Specialty Pacific General Manager Holger Schaefer says companies must realise they operate in a “complex risk landscape”.

“Most companies are heavily reliant on IT systems and other technologies such as electronic sales, order and payment systems,” Mr Schaefer said.

“Interruption to these systems due to cybercrime or even an old-fashioned electrical supply outage can have a significant impact on a business’s ability to operate.

“Australian businesses need to be more aware of these technology-related threats and ensure they have the appropriate risk management strategies, including insurance, in place to protect their financial sustainability.”

The Allianz research supports other recent studies showing that Australian businesses are vulnerable to cybercrime but many are apathetic about the risks.

According to a PricewaterhouseCoopers survey from March last year, cybercrime was the second most commonly experienced business crime behind asset misappropriation. More than 30% of Australian organisations have been victims of cybercrime in the past 12 months, well above the global (23%) and Asia-Pacific (22%) average.

An Aon client manager who specialises in cyber security told insuranceNEWS.com.au that cybercrime is “a more sexy term” that covers two key areas – network security and privacy.

Aon research shows the most common cyber breaches include a lost or stolen portable device such as a laptop, smartphone or USB drive; unauthorised access, including hacking or insider access; and malware on computers that contain sensitive information.

“Accidental exposure” to sensitive records by a worker is also common risk.

“Reckless disposal of printed materials containing sensitive information, such as recycling paper documents instead of shredding them, is common,” he said.

He says impending Government regulation, more than the threat of cyber risks itself, has encouraged more companies to take action.

“The changes in the privacy laws have also kicked off a new wave of interest,” he said.

Amendments to the Privacy Act come into effect in March 2014, beginning with a 15-month transition period, which will see new penalties of up to $1.1 million for breaching the Privacy Act and substantially increased powers to the Office of the Australian Information Commissioner.

Most entities that handle personal information must comply with the new regime.