There is “a change coming” through the cyber insurance market in Australia as buying habits continue to track in the right direction, according to a pair of industry experts.
Cyber risk is front-of-mind for industries across the spectrum and businesses are starting to shift focus away from defense towards dealing with the aftermath of an attack.
Andrew Taylor, cyber and management liability product head for Australia and New Zealand at Chubb
, said that the industry in Australia is continually changing.
“There is certainly a change coming through the Australian market on this section of this risk,” Taylor told Insurance Business
of the cyber market.
“Businesses are starting to understand that this is not something that can be treated with front-end security; it is now mitigation. Risk transfer is a big part of it, also, and training and education of employees.
“We are certainly seeing a huge increase in the number of submissions and awareness… I think it is a big change for how cyber is received in this market place.”
Tim Stapleton, vice president and cyber insurance product manager for overseas general insurance at Chubb
, told Insurance Business
that these changes have also had an impact on buying habits in the country.
“Whereas several years ago, it used to end at the interest level and that was about it, we are actually starting to see the buying behaviour pick up and increase,” Stapleton said of the cyber market.
“Now we are seeing an increase in where there was an interest level in potentially buying a cyber policy, people have been educating themselves a little bit more, they have been speaking with their brokers, they have been talking to carriers and that is actually starting to translate into actual purchasing behaviour.”
Stapleton noted that one type of attack is on the rise in Australia and firms need expertise across the cyber spectrum to deal with different styles of cyber incident.
“Ransomware attacks are generally on the rise form a frequency perspective in Australia,” Stapleton continued.
“In the majority of cases that we have spoken to from our outside vendor partners, we have been advised that only in a minority of cases are ransoms actually being paid out.”
With the likelihood of cyber attack ever increasing, Stapleton said businesses should start a cyber attack response plan with a risk management focus and look at the “crown jewels” of their business and work from there.
Once identified, businesses need to bring together leaders from all areas of the company, alongside experts from external sources such as law firms, PR firms and forensic investigators, to help deal with the varied fallout from an event. The PR issues in particular must be closely monitored.
“You look at the reputational impact of it and that is why it is very important to work with a third party public relations firm to try to control and stem the reputational damage that could result from one of these types of attacks,” Stapleton continued.
“The fallout could go to customer churn or a decrease in stock price or just the general value of the company. It is more of a long-term reputational impact and that is why it is very important that companies realise that.”
Big business worried more about data loss than hackers – survey
‘Significant growth opportunities across every segment’ for cyber insurance
Broker collaboration key for cyber success