The Times Australia
The Times World News

.
The Times Real Estate

.

Just 25% of business are insured against cyber attacks. Here's why

  • Written by Jongkil Jay Jeong, CyberCRC Senior Research Fellow, Centre for Cyber Security Research and Innovation (CSRI), Deakin University
Just 25% of business are insured against cyber attacks. Here's why

In the past financial year, the Australian Cyber Security Centre received 76,000 cyber-crime reports[1] – on average, one every seven minutes. The year before, it was a report every eight minutes. The year before that, every ten minutes.

The growth of cyber crime means it is now arguably the top risk facing any business[2] with an online presence. One successful cyber attack is all it takes to ruin an organisation’s reputation and bottom line. The estimated cost to the Australian economy in 2021 was $42 billion[3].

Read more: Why are there so many data breaches? A growing industry of criminals is brokering in stolen data[4]

To protect itself (and its customers), a business has three main options. It can limit the amount of sensitive data it stores. It can take greater care to protect the data it does store. And it can insure itself against the consequences of a cyber attack.

Cyber-insurance is a broad term for insurance policies that address losses as a result of a computer-based attack or malfunction of a firm’s information technology systems. This can include costs associated with business interruptions, responding to the incident and paying relevant fines and penalties.

The global cyber-insurance market is now worth an estimated US$9 billion (A$13.9 billion). It is tipped to grow to US$22 billion by 2025[5].

But a big part of this growth reflects escalating premium costs – in Australia they increased more than 80% in 2021[6] – rather than more business taking up insurance.

So coverage rates are growing slowly, with about 75% of all businesses in Australia having no cyber-insurance, according to 2021 figures from the Insurance Council of Australia[7].

Challenges in pricing cyber-insurance

With cyber-insurance still in its infancy, insurers face significant complexities in quantifying cyber risk pricing premiums accordingly – high enough for the insurers not to lose money, but as competitive as possible to encourage greater uptake.

A 2018 assessment of the cyber-insurance market by the US Cybersecurity and Infrastructure Security Agency[8] identified three major challenges: lack of data, methodological limitations, and lack of information sharing.

Read more: How cybercriminals turn paper checks stolen from mailboxes into bitcoin[9]

Lack of historical loss data means insurers are hampered in accurately predicting risks and costs.

Because of the relative newness of cyber crime, many insurers use risk-assessment methodologies derived from more established insurance markets such as for car, house and contents[10]. These markets, however, are not analogous to cyber crime.

Companies may be hesitant to disclose information about cyber incidents, unless required to do so. Insurance carriers are reluctant to share data pertaining to damage and claims.

This makes it hard to create effective risk models that can calculate and predict the likelihood and cost of future incidents.

So what needs to be done?

Deakin University’s Centre for Cyber Security Research and Innovation[11] has been working with insurance companies to understand what must be done to improve premium and risks models pertaining to cyber insurance.

Here is what we have found so far.

First, greater transparency is needed around cyber-related incidents and insurance to help remedy the lack of data and information sharing.

The federal government has taken two steps in the right direction on this.

One is the Consumer Data Right[12], which provides guidelines on how service providers must share data about customers. This came into effect in mid-2021.

The other is the government’s proposal to amend privacy legislation[13] to increase penalties for breaches and give the Privacy Commissioner new powers.

Read more: After the Optus data breach, Australia needs mandatory disclosure laws[14]

Second, insurers must find better ways to measure the financial value and worth of the data that organisations hold.

The primary asset covered by cyber insurance is the data itself. But there is no concrete measure of how that data is worth.

The recent Optus and Medibank Private data breaches provide clear examples. The Optus event affected millions more people than the Medibank Private hack, but the Medibank Private data includes sensitive medical data[15] that, in principle, is worth far more than data regarding just your personal identity.

Without an accurate way to measure the financial value of data, it is difficult to determine the appropriate premium costs and coverage.

Cyber insurance is a new, specialised market with significant uncertainty. Given the ever-increasing risks to individuals, organisations and society, it is imperative that insurers develop robust and reliable risk-based models as soon as possible.

This will require a consolidated effort between cyber-security experts, accountants and actuaries, insurance professionals and policymakers.

References

  1. ^ 76,000 cyber-crime reports (www.cyber.gov.au)
  2. ^ top risk facing any business (www.aon.com)
  3. ^ 2021 was $42 billion (www.unsw.adfa.edu.au)
  4. ^ Why are there so many data breaches? A growing industry of criminals is brokering in stolen data (theconversation.com)
  5. ^ US$22 billion by 2025 (www.munichre.com)
  6. ^ than 80% in 2021 (www.insurancebusinessmag.com)
  7. ^ Insurance Council of Australia (insurancecouncil.com.au)
  8. ^ US Cybersecurity and Infrastructure Security Agency (www.cisa.gov)
  9. ^ How cybercriminals turn paper checks stolen from mailboxes into bitcoin (theconversation.com)
  10. ^ such as for car, house and contents (www.rand.org)
  11. ^ Centre for Cyber Security Research and Innovation (cybercentre.org.au)
  12. ^ Consumer Data Right (www.accc.gov.au)
  13. ^ privacy legislation (www.aph.gov.au)
  14. ^ After the Optus data breach, Australia needs mandatory disclosure laws (theconversation.com)
  15. ^ sensitive medical data (www.afr.com)

Read more https://theconversation.com/just-25-of-business-are-insured-against-cyber-attacks-heres-why-193533

The Times Features

The Benefits of Animal-Assisted Speech Therapy For Children

Speech therapy has long been a standard for supporting children’s communication and emotional development. But what happens when you introduce a furry friend into the process? Th...

The Hidden Dangers of Blocked Drains and the Ultimate Solution for a Hassle-Free Home

Drain blockages are a big hassle to every homeowner and business owner alike. Whether it is a sink in the kitchen or bathroom, a clogged toilet, or a foul smell circulating aroun...

Understanding the Dangers of Ignoring a Gas Leak

Gas leaks are silent threats lurking within both homes and workplaces. A gas leak occurs when natural gas or any other gaseous substance escapes from a pipeline or containment. T...

Can You Sell Your House Privately in Queensland? Here’s How

Selling a house privately in Queensland is entirely possible and can be a cost-effective alternative to using a real estate agent. While agents provide valuable expertise, their co...

Itinerary to Maximize Your Two-Week Adventure in Vietnam and Cambodia

Two weeks may not seem like much, but it’s just the right time for travelers to explore the best of Vietnam and Cambodia. From the bustling streets of Hanoi to the magnificent te...

How to Protect Your Garden Trees from Wind Damage in Australia

In Australia's expansive landscape, garden trees hold noteworthy significance. They not only enhance the aesthetic appeal of our homes but also play an integral role in the local...

Times Magazine

CWU Assistive Tech Hub is Changing Lives: Win a Free Rollator Walker This Easter!

🌟 Mobility. Independence. Community. All in One. This Easter, the CWU Assistive Tech Hub is pleased to support the Banyule community by giving away a rollator walker. The giveaway will take place during the Macleod Village Easter Egg Hunt & Ma...

"Eternal Nurture" by Cara Barilla: A Timeless Collection of Wisdom and Healing

Renowned Sydney-born author and educator Cara Barilla has released her latest book, Eternal Nurture, a profound collection of inspirational quotes designed to support mindfulness, emotional healing, and personal growth. With a deep commitment to ...

How AI-Driven SEO Enhancements Can Improve Headless CMS Content Visibility

Whereas SEO (search engine optimization) is critical in the digital landscape for making connections to content, much of it is still done manually keyword research, metatags, final tweaks at publication requiring a human element that takes extensiv...

Crypto Expert John Fenga Reveals How Blockchain is Revolutionising Charity

One of the most persistent challenges in the charity sector is trust. Donors often wonder whether their contributions are being used effectively or if overhead costs consume a significant portion. Traditional fundraising methods can be opaque, with...

Navigating Parenting Arrangements in Australia: A Legal Guide for Parents

Understanding Parenting Arrangements in Australia. Child custody disputes are often one of the most emotionally charged aspects of separation or divorce. Parents naturally want what is best for their children, but the legal process of determining ...

Blocky Adventures: A Minecraft Movie Celebration for Your Wrist

The Minecraft movie is almost here—and it’s time to get excited! With the film set to hit theaters on April 4, 2025, fans have a brand-new reason to celebrate. To honor the upcoming blockbuster, watchfaces.co has released a special Minecraft-inspir...

LayBy Shopping