Do I Need Cyber Insurance For My Business?

A cyber insurance policy can be a valuable risk transfer tool for business. Cyber insurance is a type of specialty insurance that protects organisations against various risks related to cyber security attacks, such as ransomware and data breaches. It can help protect your business and minimise any damage or disruption from a cyber-attack. Ordinarily, these risks aren’t included in traditional general liability policies or are not explicitly defined in the policy.

Who Can Provide Cyber Insurance? 

Under the Insurance Act 1973 (the Insurance Act), it is an offence to conduct insurance business in Australia without the proper authority. In order to conduct any business that can be classed as insurance, a company must have permission from APRA, giving them the authority to conduct insurance business in Australia. Software vendors do not provide cyber insurance for their customers as they are not licenced.

What does Cyber Insurance Cover?

Cyber insurance can help cover financial losses to your business, customers, and other parties following a cyber security breach. Depending on your policy, it might include costs associated with the following:

• Loss of revenue due to interrupted business
• Hiring negotiators and paying a ransom
• Recovering or replacing your records or data
• Liability and loss of third-party (patient) data
• Defence of legal claims
• The investigation by a government regulator
• Copyright infringement
• Misuse of intellectual property online
• Crisis management and monitoring
• Prevention of further attacks

When considering cyber insurance, you must also take the time to understand the level of assistance provided and your obligations under the policy. For example, you may have to alert the insurer as soon as possible of the event occurring so that they can bring in their cyber experts. They may want to control the incident and level of investigation to minimise their cost. This may limit your ability to decide how to manage the incident and who is informed about the incident.  

Why Are Cyber Insurance Rates Increasing?

Cyber insurance premiums have soared in the past years as claims surged in response to damaging attacks by threat actors. According to global insurance broker Marsh, the cost of taking out cyber cover has doubled on average every year for the past three years. There has been an 80 per cent rise in premiums in the past 12 months.

Among the primary drivers for the continued price increases were a reduced appetite for the global underwriters to cover the risk and an increasingly high demand for coverage. The high demand for cyber coverage is fuelled by an increased occurrence of incidents and greater awareness of the threat.

In addition to premium price increases, global underwriters are attempting to mitigate the losses from cyber claims with stricter underwriting requirements, including making a business commit to alignment to security frameworks such as the ASD Essential 8 and making controls such as multi-factor authentication mandatory.

Unfortunately, companies have been using cyber insurance as the only risk reduction activity to protect the business from cyber risks, with the insurers losing out. It is highly likely that many small businesses will be priced out of the cyber insurance market and will be faced with the only option of implementing proper cyber defences.

What Does Corum Recommend?

As a small business, the most cost-effective form of cyber risk reduction for your business is strong cyber defences. Implementing and maintaining a solid cyber defence and data backup regime will cost much less than a breach and a cyber insurance policy.

Adopting cyber frameworks such as the ASD Essential 8 will ensure you have adequate protection against a cyber incident, and, in the event of an attack, you will have the ability to recover. It also means that should you determine that your business needs cyber insurance, you will be able to demonstrate to your insurer that you are serious about protecting your business.