FY21 Q3 & Q4: Cyber Insurance Snapshot
The Office of The Australian Information Commissioner (OAIC) has expressed concerns about ransomware and impersonation fraud following the release of their January–June 2021 Notifiable Data Breaches Report.
The report looked at notifiable data breaches reported to the OAIC in FY21 Q3 & Q4. We’ve explained the report’s findings below, along with what they could mean for your business and the future of cyber insurance.
At a glance: The OAIC January–June 2021 Notifiable Data Breaches Report
Top 5 Industry Sectors to notify data breaches
Sources of data breaches
Cyber Incidient Breakdown
The OAIC urges Australian businesses to maintain adequate privacy procedures
Throughout the report, the OAIC reinforced their expectation that businesses:
This expectation extends to the threat of ransomware attacks and impersonation fraud. The Australian Information Commissioner and Privacy Commissioner Angelene Falk says:
We expect entities to have appropriate internal practices, procedures and systems in place to assess and respond to data breaches involving ransomware.
Entities should continually review and enhance their security posture to minimise the growing risk of impersonation fraud.
OAIC recommendations for preventing and responding to ransomware and identity fraud risks included:
KBI recommends businesses seek cyber insurance
When commenting on the report, Commissioner Faulk acknowledged the rise of the dark web and the increasing ease with which cybercriminals can bypass entities’ impersonation fraud protection measures.
This is part of the reason that KBI’s lead cyber insurance broker Tyler Speers recommends pairing robust privacy protection measures with an equally robust cyber insurance policy:
Strong cyber security policies and procedures can reduce your business’ risk of a cyber attack. But, they cannot remove that risk altogether. Cyber attacks can and do have significant financial repercussions for the businesses targeted. If your business is targeted, a cyber insurance policy can help cover costs associated with privacy lawsuits, regulatory defence, extortion demands, notification, and data recovery. It will also give you access to an emergency incident response team to put the situation in the hands of the experts.
Given the growing risk of ransomware and impersonation fraud, Speers recommends that all businesses who hold personal data seek cyber insurance. He also suggests that businesses with an existing policy have a proactive conversation about risks and cover requirements with their broker.
KBI predicts changes to the cyber insurance market in FY22
Increases in the number of ransomware and impersonation attacks could result in tighter underwriting criteria for cyber insurance policies in FY22, as well as harsher terms for cover. “We are already beginning to see policies that limit cover for ransomware payments,” says Speers.
Government legislation in response to the growing threat of ransomware attacks is also a possibility. In June, Tim Watts, a federal Labour MP, introduced the private member’s Ransomware Payments Bill 2021. If passed, this bill would require businesses to report ransomware demands to the Australian Cyber Security Center.
Have any questions?
Talk to one of our Brokers today!
We are a specialist insurance brokerage with an emphasis on adding value to our clients by helping them make an informed decision. Our approach combines that of an insurance broker and consultant, where we focus on providing expert advice to our clients while customising their insurance program and risk management solutions.
Since starting in 2013, KBI is constantly growing and becoming a leader in the Australian market. Our primary point of difference is that we don’t try to be all things to all people. We work in niche areas, where we can tailor an offering, advice and broker support to meet the specific area’s needs.