Brought to you by:

Cyber worries add to virus headaches

Businesses have been urged to step up efforts to prevent cyber attacks as risks from coronavirus scams increase and more employees work from home on potentially less secure devices.

The change in working habits has raised questions over whether policies will respond if problems are caused through an employee using their own computer or other device at home.

Emergence Insurance Head of Underwriting Jeff Gonlin says cyber is a new class of insurance and there is no standard policy, and therefore no simple “yes” or “no” to the question.

“Each insurer’s policy should be read carefully and seeking professional advice from an insurance broker is always a good idea,” he told insuranceNEWS.com.au.

“For Emergence, the short answer is yes, but only if the device is being used by the employee in support of the business.”

Mr Gonlin says businesses are increasingly operating with Software as a Service (SaaS), cloud solutions and bring your own device (BYOD). Emergence defines IT infrastructure broadly in recognition of the trends, and the “you” in its policy wording includes employees.

“Employees are covered for work they perform in connection with the business whether in the office or elsewhere,” he said.

“So if a computer is being used ‘in the business’ it may be considered part of the insured’s IT infrastructure, regardless of location.”

The Australian Signals Directorate last week issued a statement advising organisations not to overlook cyber security as they focus on protecting the health of employees and the wider community amid the coronavirus pandemic.

“As more staff may work from home, and the use of remote access technology increases, adversaries may attempt to take advantage,” it said.

Suncorp says it is seeing an increase in scammers generally using the pandemic crisis to target people with phishing emails and malicious websites.

“We are committed to keeping customers informed on scam activity and how to best protect themselves, and encourage people to visit Scamwatch for more information,” a spokesman said.

Cyber Indemnity Solutions CEO Greg Hodgkiss says it’s unlikely insurance policies will respond to cyber attacks if people are operating on equipment that isn’t owned by the business.

“The problem with a home-owned device is that it doesn’t come under any form of management to ensure standards are being kept up to date,” he told insuranceNEWS.com.au.

“It’s not just anti-virus software; it is router systems that are unsecured, and other software on home computers. It is a whole raft of things.”

Mr Hodgkiss says criminal syndicates have become more sophisticated in their use of malware, which can sit undetected stealing data before any more obvious impact or demand for ransom.