APRA: Almost half of insurers suffer cyber attack

APRA: Almost half of insurers suffer cyber attack | Insurance Business

APRA: Almost half of insurers suffer cyber attack
A survey compiled by Australian Prudential Regulation Authority (APRA) has found that 46% of insurers have suffered a cyberattack serious enough to warrant attention of executive managers.

According to survey findings, 75 per cent of respondents from the superannuation industry have reported suffering a cyber security incident serious enough to require the attention of executive managers. Meanwhile, 44 per cent of banks and 46 of insurers suffered incidents that were raised to such a level.

While financial institutions have yet to suffer ‘material’ losses from cyber security breaches, APRA is determined to make sure the sector can fend off cyberattacks, the report said.

Insurance Business first global Cyber live streaming event is on Nov 2nd

The survey looked into cyber security incidents at 37 financial institutions between October 2015 and March 2016, and how they were managed.

In the year prior the survey, more than half of these businesses, 20 regulated entities and one service provider, had been hit by cyberattacks serious enough to be require executive management involvement.

APRA said that cybercriminals were finding super funds a more attractive target possibly because of “relatively high account balances, and/or variances in reporting thresholds between industries.”

Across the financial sector, 21 per cent of survey respondents had been hit by a number of ‘potentially high impact’ incidents. These included ‘advanced persistent threats,’ where a network is broken into to steal information, and ‘denial of service’ attacks, aimed to bring down a website, SMH explained.

Fourteen per cent of institutions had experienced ransomware attacks, or the use of malicious software to infiltrate a network and make data unreadable.

One in eight institutions, on the other hand, had experienced reputation damaging incidents, such as website defacement and hacking of social media accounts.

In response to increasing cyber security incidents, APRA flagged tougher scrutiny in this area, and advised boards and top managers to prepare well against cyberattacks, SMH said.

"APRA intends to lift the supervisory and regulatory expectations for regulated entities to not only secure themselves against cyberattacks, but to implement improved mechanisms to quickly identify and remediate successful attacks when they occur," it said.

Related stories:
Cyber security, a top concern in Asia Pac
TAL partnership to boost NGS Super’s insurance services
Insurers at high risk of cyber-attacks, says regulatory body