We recommend that consideration is given to urgently reviewing your current insurance arrangements as it is essential that cover is updated in conjunction with changes in risk profile.
As the COVID-19 pandemic unfolded, organisations responded to the government-imposed restrictions in an accelerated timeframe which included migrating employees to hybrid working arrangements, primarily work-from-home (WFH). To facilitate this immediate transition, organisations of all sizes rapidly implemented digital revolutions that highlighted the increased risk of cyber security breaches and potential attacks, and heightened the requirements for cyber insurance.
Figures from international organisations, including Switzerland’s National Cyber Security Centre showed an increased number of reported cases of cyberattacks. Fraudulent activities such as phishing (digital communications posing as reputable) and fake websites (carbon-copies imitating originals) were created to deceive users into entering their personal data, trebling in the month of June 2020.
While the immediate threat of mass COVID-19 contagion in Australia has largely abated, and office workers around the country are returning to a socially distanced environment, flexible work arrangements have emerged as a cornerstone of our new operating environment. Remote working has highlighted the need for businesses to have their cyber security arrangements in order and front-of-mind. Workplaces that choose to ignore the risks associated with technology or the threat of sophisticated cyber breaches increase their risk profile and exposure of an impact from cyber villains.
Cyber security is a critical part of the Information Age, it is vital for organisations to address their in-house processes and constantly improve future measures to remain competitive and retain consumer trust.
The key elements in designing an effective cyber and privacy risk management framework include:
Persistent doomsday messaging about cyber security and cyber attacks mischaracterises potential threats, creating complacency or inertia around this issue. Additionally, little understanding can unintentionally influence management to view it as too complex or technical – something that is best left to the IT specialists to worry about.
However, if cyber security is approached in the same way as any other risk to business, it can be managed effectively.
Essential elements to minimise cyber security risk include:
Cyber insurance can provide an important financial backstop in the event of a cyber incident which causes loss. Firms should consider the need for cyber insurance as part of their broader systems and policies to manage cyber security.
Generally, dedicated cyber insurance policies provide two branches of cover:
Insurable losses can also include liability to pay fines and penalties which are generally insurable where there is no element of deliberate breach or intentional actions.
There is minimal standardisation in the way cyber insurance is offered in the market. Cover is generally available as a standalone policy, or as part of an existing coverage. The needs of the individual organisation will determine which type of policy is most appropriate. The buyer must have a clear understanding of the organisational cyber risk before settling on a particular insurer and policy wording.
Allegiant IRS, along with our partners McCullough Robertson, can provide your business with a tailored assessment of your current cyber insurance policy and available options for appropriate cover. We guide our clients through the process of design, placement and/or renewal of insurance cover to ensure best fit for your current or anticipated risk profile. Our team also regularly supports clients with practical training for staff on best practices for managing cyber and privacy risks, helping develop and test clear, concise data breach response plans as well as auditing supplier agreements and mapping data flows to identify where the key risks may arise before they eventuate.