Businesses are still “slow” to understand the mounting need to address their exposures to cyber risk, research by Aon has found.
The cost of cybercrime in Australia now estimated at $4.5bn annually, at an average cost per data breach of $2.16m, says Jennifer Richards, managing director at Aon Financial Specialties.
However, the research found many seem slow to understand the mounting imperative to take action.
Network Security and Privacy (NSP) risks are both an emerging and constantly evolving issue, Richards says, and organisations need to ensure they have adequate measures in place to address them such systems and processes on the IT front in relation to harvesting, storing and disseminating information, and controls around personnel access.
Richards says that only specialist cyber insurance policies provide extensive cover, and cover expenses such as immediate crisis management, forensic analysis, the reparation of computer systems and any loss of income resulting from the incident.
Standard policies are often inadequate to cover the likely cost of even a more “standard” NSP breach, let alone cyber-attack or ‘hacktivism’.
“Third party costs such as customer compensation and any legal expenses can also be covered by cyber insurance and potentially save companies millions should they be subject to a breach or attack,” she adds.
Aon identified some gaps in cover under current conventional insurances that could be leaving Australian businesses vulnerable to being liable in the event of an NSP incident:
• General liability, material damage and property policies are designed to respond to natural disasters that damage physical assets. The loss does not extend to intangible assets, nor does it extend to losses caused by non-physical perils such as viruses or hackers.
• Professional indemnity policies cover damage resulting from a failure of the defined professional services, and may not extend to losses resulting from data and privacy breaches.
• Crime policies generally cover only money, securities and tangible property with no coverage for third party property such as customer data. Computer fraud coverage may not exist for third party losses due to computer viruses or unauthorised access to confidential information.
• Many insurance policies also have defined geographical coverage limitations.
“As NSP risk advances as an issue and the regulatory landscape continues to adjust, Australian businesses need to check their current insurance cover and ensure they are not vulnerable to significant damages should they fall victim to cybercrime,” Richards concluded.