Cyber attacks: ‘It’s not if any more, it’s when’

Cyber attacks: ‘It’s not if any more, it’s when’ | Insurance Business

Cyber attacks: ‘It’s not if any more, it’s when’
A leading insurance lawyer has warned Australian businesses and insurers that they need to act now on cyber security or face serious legal action.

Alec Christie, partner at DLA Piper, spoke at the Inaugural Insurance Symposium held by the law firm in Sydney this week and warned businesses that the cyber threat is real.

“It’s not if any more, it’s when. It is truly when,” Christie said of cyber attacks.

“Last year, cyber attacks on Australian companies increased by 48% but I think that’s a nonsense figure, I think it’s more like doubled but that is the minimum increase in cyber attacks over the last five years.”

A specialist in privacy and data protection law, Christie noted that cyber insurance is only one part of managing the significant risk of cyber attacks.

“Insurance plays a very important part in your consideration of risk management as it does in any other risk management.

“It’s not a solution to the whole lot, you still have to think about the training and the implementation of other measures but it certainly is something that I and many others in the field would recommend.

“Obviously, as a potential target, this is something to think about and as an insurer this is a market opportunity.”

Christie warned companies that cyber security has to come from the highest level of management down and warned that insurers face an increased risk over the next two years.

“This is a director level issue,” Christie said.

“It has to be at the director level, it has to be from the board down and it has to be enterprise wide. Directors need to understand the approach to cyber in your organisation and treat it as an enterprise risk management approach.

“The board has to understand the legal implication of their companies particular and unique cyber exposure – virtually no two are the same.

“Allocate sufficient time to it, set expectations of management around cyber and obviously, it’s a balancing act, but you’ve got to look at what are the crown jewels and what needs all the protection and what needs all the training and what can we live without. It is not an IT function only, it is an enterprise wide risk management as other risks are managed throughout the organisation.”

Writing in DLA Piper’s Insurance Review Christie issues a stark warning to the insurance industry.

“We expect, possibly in the insurance industry, that there will be a significant and very public cyber incident or privacy breach and/or investigation in Australia in the next 12 to 24 months.”