Is the insurance industry getting to grips with new forms of cyber risk?

Is the insurance industry getting to grips with new forms of cyber risk? | Insurance Business

Is the insurance industry getting to grips with new forms of cyber risk?

With the third Insurance Business TechFest on the horizon, a host of questions are swirling across the Australian insurance sector that industry leaders and speakers at the event may choose to address. For example, is the industry properly engaging and grappling with the cyber risks inherent within the technology sphere?

Insurance Business reported in January on the changing threat of cyberattacks that the industry faces, and the more ‘unsophisticated’ ways in which criminals are targeting businesses. An investigation by Mimecast last year found that the overwhelming majority of attacks are relatively unsophisticated – a reflection of the increasing ease of access to online tools and kits for any individual to launch a cyberattack.

Read more: The changing threat of cyberattacks

Garret O’Hara, principle technical consultant at Mimecast, explained to Insurance Business the nuances of this new phenomenon, specifically the weaponising of voicemail messages.

“Malicious voicemail messages are not particularly sophisticated, but often effective as they use social engineering to harvest credentials,” O’Hara said. It prays on the human Achilles heel of curiosity to trigger its trap. “For example, if you receive a notification that you have a voicemail message, your curiosity will often get the better of you and you’ll click on the link to access the file,” he said, “which is exactly what the scammer wants you to do.”

Troy Filipcevic, founder and managing director of cyber insurance specialist Emergence, explained that there is a threat from many different types of cyberattacks, especially for SMEs.

“There’s been an increase in ransomware and business email compromise (BEC) attacks,” Filipcevic explained. “And a number of those compromises can be put down to simple human error.” Unsuspecting, hard-working employees may not clock the fraudulence of an email, click on the message or the contained link, and be open to ransomware attacks or similar.

Both Andrew Barlow and Joshua Theeuf, CEOs and co-founders of ClaimSafe and MoneyLoop respectively, identified a collective-industry problem in its slowness to properly engage with insurtech and its nuances.

“It’s a slow process,” admitted Barlow. “It’s still relatively new and no-one’s really engaging fully with it yet – I think companies should be committing a dedicated team to engage with the issue, that would be then a very obvious channel.”

Theeuf noted that cyber risks are getting through cracks in defences and opportunities with technology are slipping through the net.

“I think a lot of that comes down to how the industry has operated for so long,” he said. “It constricts them from being able to thoroughly adapt to changing technology – but the industry is going through a transformation, so it’s just going to take some time.”