The Australian Reinsurance Pool Corporation (ARPC) says next year’s triennial review of the organisation should consider extending coverage to include property damage from cyber attacks.

CEO Christopher Wallace says the evolution of cyber risks since the Terrorism Act 2003 was written raise the potential for system failures to damage critical infrastructure and other property.

“I think it was really outside people’s imagination back in 2003,” he told the Risk and Insurance Management Society Risk Forum in Sydney last week. “What we are hoping is that the next review, which happens in 2018, will address cyber terrorism.”

Dr Wallace says any proposed change will need to pass a review and drafting process, and would likely take two or three years to take effect.

The 2015 triennial review extended the ARPC scheme to include some mixed-used and high-value residential buildings, with the changes introduced last July.

Insurers and brokers say cyber risks are changing while the industry is acting to keep pace.

“This plane is being built as we are flying it, and therein lies the challenge,” Crawford and Company Asia-Pacific CEO Andrew Bart said.

JLT Australia Chairman Andre Louw told the forum cyber risk is being managed in a disjointed way, and there is some way to go before it is treated in the same manner as other property and liability risks.

Issues include the way cyber cover is approached by customers, and policy exclusions that can leave gaps after an incident.

“Cyber risk is being treated as a specialty risk, but the cover varies enormously from insurer to insurer,” Mr Louw said.

“I cannot think of another product offhand that has such variability of coverage and also pricing.”

Cyber issues are often handled by IT department executives, rather than the areas of a company more typically involved in buying insurance.

“They look at it very differently, as an operational risk they can manage,” Allianz Global Corporate and Specialty Pacific CEO Willem van Wyk told insuranceNEWS.com.au.

“We are definitely seeing a lot more discussion around cyber with clients. It is evolving all the time, and it is definitely an increasing crime.”