Cyber risk and cyber insurance - what you need to know
If you’ve arrived here, you’re interested in learning more about cyber risks and cyber insurance. The following information has been collated to provide you with an overview of cyber risks, how they can impact your business and what actions you can take to manage these risks in your business - including cyber insurance. We hope you find it useful.
What are cyber risks?
Today every business, large and small, is at risk from a cyber attack or a cyber incident. And with the increased ingenuity of cyber criminals, the business damage resulting from a cyber attack or cyber security incident can be catastrophic.
There are many different cyber risks – and new threats are appearing every day however the following outlines some of the cyber risks your business faces today.
Some of the different types of cyber attack
Cyber espionage - Unauthorised network or system access with the motive of espionage.
Denial of service – An intentional compromise of a network and system availability due to network or system attacks.
Hacking – Malicious or unauthorised IT infrastructure access or malware is used to gain control of IT systems.
Insider or privileged access misuse – Access provided to staff or trusted business relationships could result in unapproved or malicious use of an organisation’s data or resources.
Payment card skimmers – This involves a physical device that is placed on assets that read magnetic stripe data from payment cards and skim off a small percentage.
Phishing – Malicious emails offer an easy way for cyber criminals to access secure IT systems. A good example is cyber criminals tapping into the vulnerabilities of individuals by posing as information providers or authorities emailing an individual about the corona virus pandemic.
Physical theft and loss – Incidents where information assets go missing through misplacement or malice.
Point of Sale intrusions - A remote attack against retail transactions for credit card purchases.
Ransomware – Attacks or threatened attacks against your IT infrastructure where a demand is made for money (a ransom) to stop the attacks.
Web App attacks – Cyber criminals exploit code vulnerabilities on Apps that compromise authentication or security mechanisms.
Examples of cyber security incidents
Human error - People make mistakes. Unintentional actions can directly compromise the security of information assets and IT systems.
Privacy error – A business’s acts or omissions can lead to unauthorised disclosure of data including non-electronic data that result in a breach of the Privacy Act.
What's the impact of a cyber risk?
A cyber attack or cyber security incident can result in:
- Financial and reputational damage
- Disruption to your business and critical services
- Supply chain disruption
- Access to your IT infrastructure for ongoing or future malicious activity
- Ongoing and significant remediation costs
- Fines for non-compliance with government regulations
What can you do to protect your business?
Identify and understand your cyber risks - Risk advisors can help you identify and understand your cyber risks. By understanding your risks, your business can aim to reduce the chance of a successful attack or a cyber security incident.
Take preventative measures to protect your business from cyber risks – There are many actions that can be taken to prevent a cyber attack or cyber incident for your business. Excellent resources are available through the Australian Cyber Security Centre or you can enlist the support of a trained cyber IT specialist. [Do I mention that we have companies we can recommend?]
Insure for cyber risks as a safety net - If a cyber attack or cyber event does occur, you can ensure your operations resume quickly and with as little impact as possible by having the right insurance in place. Cyber insurance is a cost effective way to protect your business and covers losses such as any impact on your business’s physical assets, losses to others and cyber event response costs. Your premium will be dependent on factors such as your business activities, IT dependence, security posture and amount of data held.
Why you need cyber insurance - and why your current business insurance is inadequate for cyber threats
Some business owners or office holders believe that a cyber event or attack will be covered by existing business insurance policies. Unfortunately traditional insurance policies are not designed to address complex cyber risks. Here’s why.
General liability policies are typically activated in response to bodily injury or property injury – neither of which usually occur in a cyber event or cyber attack.
Property policies are activated by destruction or damage to tangible property resulting from a physical risk. A cyber event may result in physical property damage however it can result in significant loss of income and remediation expenses.
Crime policies typically respond to direct losses from theft, securities or tangible property. Computer crime usually exclude their part cover liability and may not sufficiently cover the loss off confidential information
What is covered by cyber insurance?
Cyber insurance policies will vary based on the insurer however in general, cyber insurance is designed to cover first party expenses and third party liability from unauthorised access and use of data or software in your IT infrastructure.
Your business costs
Cyber insurance will reimburse business costs incurred for responding to a cyber event such as IT support costs, credit monitoring costs, reputation management costs and cyber extortion costs (including ransom payments to hackers).
Cyber event response costs include:
- IT forensics
- Virus extraction
- Customer notification and communications
- Public relations
- Privacy lawyers
- Crisis management consultants
Third party costs
Cyber insurance will cover your liability to third parties from your failure to keep private information secure, this is also known as a Privacy Breach. You could be liable for compensation to any third parties for investigation costs, defence costs and fines and penalties from breaching the Privacy Act.
- Third party litigation
- Regulatory investigations (notifiable braches)
- Fines and penalties
- Payment Card Industry liability
- Defence costs
- Multimedia costs
Business interruption insurance provides protection to your business for loss of profits resulting from a cyber event or attack, as well as any additional necessary expenses you may incur to continue business as usual.
- Losses to your business
- Loss of profits
- Business impact
- Increased costs of working
- Preventative shutdown
- Contingent business interruption costs include:
- Supplier outage
- System failure
How can Austral Risk Services help?
At Austral Risk Services, we take a risk managed approach to insurance. What that means is that we work with you to understand your business risks first. We then aim to minimise those risks – and when that is not possible, we help you insure for any exposures your business might have.
Alternatively, if you want to speak with one of our experienced risk advisors, complete our contact form below or call us on 08 9344 6650 - we're always here to help.