ASIC backs cyber ‘incentive’

ASIC backs cyber ‘incentive’ | Insurance Business

ASIC backs cyber ‘incentive’
ASIC has said that the cyber insurance brokers and insurers in Australia have the potential to be a launchpad for businesses to take the risk seriously – and therefore take up cover too.

Speaking at the 2017 InnovationAus Cyber Insurance Forum in Sydney, ASIC commissioner John Price said that the evolution of cyber insurance, with increased focus on risk reduction, could act as an incentive for businesses to deal with cyber risks.

“Cyber insurance providers can potentially contribute to the management of cyber risk by promoting awareness, encouraging measurement and by providing incentives for risk reduction,” Price said. “Insurers can provide an important market signal that also promotes cyber-resilience.”

Search and compare insurance product listings for Cyber from specialty market providers here

Price said that while the cyber insurance market in Australia is still in its infancy, ASIC has taken a keen interest for several years and this will continue.

“Our goal is to encourage improvements to cyber-resilience practices for those entities operating in Australia’s financial markets, which will in turn lift the overall cyber-resilience of the financial services ecosystem,” Price told attendees.

He warned boards of directors that they need to take cyber risk and resilience seriously – and that insurance should not be seen as “a substitute for good risk management.”

“We expect cyber risks to be a component of their enterprise risk management framework,” Price said. “To that end, seeking out tailored cyber insurance would clearly be one of several management strategies that could be pursued to help manage that risk. Importantly, however, there needs to be a good understanding of coverage and limitations of any insurance cover.”

Through its cyber-resilience self-assessments conducted over the last two years, Price said that ASIC has seen increased “recognition” of cyber risk management “but there is still work to do in this

“There is clearly a gap in the level of maturity in cyber resilience preparedness between large entities that have access to specialist skills and resources and that of smaller entities, some of whom have only just started the journey,” Price continued.

He suggested there is an opportunity for improvements across the entire sector “but most of all in the SME space.”

Related stories:
ASIC rolls out data strategy
How to avoid reputation damage for your insurance business