Recent news of cyber attacks carried out by a “sophisticated State-based cyber actor” on a range of Australian public and private-sector organisations has been hard to miss of late. Despite persistent attacks – and considerable media coverage – no major data breaches were officially recorded. Unfortunately, Toll Group and Lion Australia are just two recent examples of high-profile victims who have suffered data breaches from ransomware attacks, with losses creeping into the millions.
Cyber Risk is Real: Ongoing & Evolving
While the threat of cyber attacks and network security breaches is nothing new, the pace at which such risks are changing, is exponential. Cyber crime is growing at breakneck speed, as is the sophistication of its arsenal. According to Scamwatch, Australians lost over $630 million to scams in 2019, with business email compromise scams (social engineering fraud) hitting us hardest, with costs amounting to $132 million.
The decision by PM Scott Morrison to announce recent cyber attacks is testament to the scale and severity of such threats. The risks to Australian individuals and organisations have never been higher – the time for complacency is at an end.
Protective Progress Underway
While the prevalence of cyber crime can be overwhelming, some powerful response initiatives are underway. To mitigate an explosion in online malware, ransomware and phishing attacks, Telstra has been investing millions into Cleaner Pipes – a broadscale cyber security effort to combat this alarming trend. In the world of insurance data, this trend is manifesting via an increase in volume and severity of claims.
At Government level, a Federal 2020 Cyber Security Strategy (CSS) – an update to the 2016 version – is underway. It is anticipated the CSS will set cyber security benchmarks across all industries and sectors; likely in the form of a Code of Conduct, with a Regulator installed to monitor compliance.
Attention Directors: Security & Cyber Risk is NOT an IT-only Responsibility
Robust risk protection requires a company-wide effort, with direction from the top. Failure to properly prepare for, and prevent, a network security breach could be deemed a failure of a Director’s duty, with the potential of exposing the business to Directors & Officers Liability claims or other civil liability claims against the organisation.
Outsourcing Risk Management
Numerous resources are available to support organisations to identify, understand and manage their cyber risks, so much so, it can often be overwhelming. At Honan, we’re available to play the role of outsourced risk manager; working with you to identify and manage risks through insurance risk transfer and/or other mitigation strategies. In the case of cyber risk, we facilitate a partnership with an Insurer and provide a range of risk management strategies, including:
- Pre-loss reviews of IT Security policies, procedures and critical infrastructure
- Penetration testing and vulnerability assessments
- Assistance in preparation of an Incident Response Plan, privacy policies, staff education
- Access to IT security suppliers – phishing email and malware monitors, password managers, data restoration specialists
- Provision of data and insights into cyber risk and evolving threats
- Securing a fit-for-purpose Cyber Insurance policy that integrates into your Cyber Risk Management Plan
- Advisory and management of cyber incidents and claims.
Cyber Risk Checklist – How protected are you?
To help you understand your organisation’s cyber risk management plan, we’ve prepared a simple Honan Cyber Risk Checklist focusing on 3 key areas:
1) Understanding Your Cyber Risk
2) Your Cyber Risk Strategy
3) Network Security Infrastructure.
We’re with you all the way.
For more information or advice on managing your cyber risk strategy, please reach out at any time.
Head of Professional and Executive Risks
+61 2 8297 1726
Head of Client Service (NSW) – Corporate Insurance & Risk Solutions
+61 499 490 110
Sales and Service Manager – Western Australia
+61 499 799 131