Optus cyber attack intensifies calls to address cyber insurance gaps
The report calls on the government, insurers, and businesses to collaboratively address significant insurance gaps in protection against cyberattacks, which have already cost the Australian economy billions of dollars.
In a recent statement, the ICA agreed that one of the limitations for insurers writing cyber insurance is the lack of available data. Therefore, by making data on cyber incidents available, the government could improve the understanding of cyber risk and the cyber insurance market, and assist risk assessment by insurers.
“This week’s extraordinary cyberattack on Optus and its customers demonstrates how important it is for large and small organisations to have robust cyber protections in place. This chilling example reminds us that more needs to be done to protect businesses and organisations from cyberattacks,” said ICA CEO Andrew Hall. “Working in partnership with government, insurers have a key role to play to help businesses protect themselves and recover from cyberattacks.”
Read more: Optus cyberattack: Authorities probe ransom demand
In the report, the Actuaries Institute found the following key gaps in achieving a best-practice approach:
A severe shortage of qualified cyber security personnel;
Limited understanding of cyber insurance’s role among boards;
Limited education on cyber risks among SMEs;
Achieving sufficient capacity and profitability in the market; and
Managing accumulation risks.
“For cyber insurance to influence best practice in a major way, there are several gaps that need to be addressed by government, business, and insurers,” said the report’s lead author Win-Li Toh, principal at analytics and actuarial consultancy Taylor Fry. “Adding to these challenges are escalating cyber losses that have reduced insurer appetite for this class, significant shortage of capacity to provide the levels of protection needed across the market, and premium hikes in the double/triple digits over the past two years.”
Actuaries Institute president Annette King commented: “Sitting back and doing nothing shouldn’t be an option when cyberattacks cost the Australian economy $33 billion last financial year. The issues may be complex, yet it is clear that protection is vital for economic resilience, given the headline-making losses we too often read about here and around the world.”