Brooklyn has released a cyber checklist designed to help brokers approach clients concerning the ever-evolving issues of cyber risk and insurance.
The checklist aims to help clients further understand areas of risk they may encounter as cyber risk is still poorly appreciated in some quarters.
Freddie Arguelles, manager of Enterprise Risks at Brooklyn Underwriting
, said that brokers play a key role in the evolution of the cyber market as companies continue their moves online.
“It is slowly replacing what we call the old world risks of public and product liability, along with property, as shop fronts and businesses move into the virtual world their old exposures diminish however their cyber exposures increase,” Arguelles told Insurance Business.
“Another reason why brokers should fully understand cyber is because the market doesn’t understand it, their clients don’t understand it.
“It is not a matter of the exposure being non-existent or absent, it’s just not understood. When it is understood everyone will realise that it is quite big.”
Arguelles stressed that the variety of risks facing businesses when it comes to cyber shows the need for coverage as businesses not only face attacks but employees can be vulnerable too.
“The more likely exposure doesn’t come from attacks but more from lost mobile devices, not just phones but laptops and other mobile devices,” Arguelles continued.
“These seem to be sometimes just be a personal item but if it is used to access work then the work information may not reside in that device but that device might have when you click on the box ‘save my password’ or ‘save my username,’ all the crook has to do is log on to your work system through your personal device and they’ve already got access. That is probably the most common risk.
“I think the biggest risk, for the everyday business, is ransomware because it’s so common.
“If we were really not considering the frequency of the occurrence, I think the biggest but it doesn’t really occur that often, are privacy fines which for business can run up to $1.8 million.”
With ransomware, were cyber criminals hold data ransom under threat of deletion or release until a fee is paid, Arguelles said brokers need to ensure that their clients “back-up, back-up, back-up,” all of their files to lessen the blow.
“The crooks can lock up everything but if you’ve got a copy of it at least you can just restore that but then that doesn’t address the issue of the information having already been distributed but at least you’ve won half the battle of business interruption.”
Arguelles noted that Australian businesses may be up to two years away from fully understanding the scope of cyber risk but the green shoots are already appearing.
“I think in terms of the presence of the exposure it is already here but I think in terms of the appreciation for it, enough for people to take action and for people to take up insurance for it we are a long way away,”
“It is difficult for a business owner to appreciate how privacy could be an immediate exposure for them.
“Maybe their own privacy, they understand that, but the privacy of the people and the data security of the clients that they hold on record is rather more remote for them.
“It is also difficult to make the connection between what’s the power of getting these records, if they can get to them in the first place?
“These thought processes will only come later. I don’t think it’s even going to be next year, I think it’s another two years.”
To access the cyber data checklist, click here