Following high-profile data breaches involving Optus and Medibank Private, the Australian Government is addressing major concerns about data security and malicious activity. While the situation is evolving, changes to Australia’s security laws have been proposed, which could have implications for Australian businesses.

‍

Above all, the Government’s plans for a national cyber office to coordinate emergency responses to attacks represents a significant step forward in Australia's cyber resilience.

What does this mean for company Directors and Officers?

‍

This news highlights that companies must take their cyber security obligations seriously. While they are not expected to know the technical ins and outs of their systems, Directors and Officers must know how to govern privacy and cyber-security risks. This includes:

‍

1. Knowing the threat environment

• Understanding the types of cyber-attacks being conducted and those likely to be directed at their company
• Identifying internal operations that increase cyber risks as well as external factors
• Understanding the possible impact of failing to address compliance risks (e.g., financial penalties, reputational harm, lost revenue, etc.)

2. Upholding strong privacy and cyber-security compliance standards

3. Exercising key elements of a cyber-security program

• The Australian Cyber Security Centre’s Essential Eight Maturity Model is an effective strategy for minimising cyber threats.

‍

What does this mean for cyber insurance?

‍

Cyber insurance is one tool that can be used to respond to cyber attacks.  Insurance premiums have been increasing significantly for the past couple of years, however, businesses have also become better at responding to cyber risks. It is reassuring to cyber insurers to know there are minimum levels of controls that can help limit the severity of an incident.

Policyholders are now required to demonstrate their commitment to cyber security risk mitigation to obtain cover. Insurers are pressing organisations for proper documentation to verify their security measures. Those that cannot provide evidence of “basic controls” are at risk of non-renewal or additional restrictions to coverage.

In 2023 we expect clients to have focussed their attention on cyber security practices, more so than in previous years.  As the wider marketplace plays catch up and continues to practice healthy cyber hygiene, we are expecting rates to stabilise and see those best-in-class risks rewarded with more market interest.

Insurance carriers and cyber underwriting practices will continue to evolve from a traditionally narrow focus on risk factors such as revenue, number of employees, record count, and industry class, to a wider underwriting lens, encompassing loss modelling tools and continual system scanning, both in-house and via outsourced IT security.

WITH YOU ALL THE WAY

‍

In the face of rising threats to the digital-dependent Australian economy, cyber defence must be a priority for all Australian businesses. To find out how Honan can help you manage these risks, discover our latest Cyber Liability Capability Statement, or reach out directly to discuss your business’s unique needs.

‍Ben Robinson

Placement Manager - Professional & Executive Risks

‍benjamin.robinson@honan.com.au