What can Australia learn from the US on cyber insurance?

What can Australia learn from the US on cyber insurance? | Insurance Business

What can Australia learn from the US on cyber insurance?
The US is the largest and most mature cyber market in the world and as regulatory changes drive uptake of the cover in Australia, the local industry can learn from its US counterparts on ensuring that clients are protected.

With mandatory breach notification already in place in many US states, and with Australia soon to follow suit as legislation is rolled out next year, the cyber insurance market in Australia is set to grow.

With highly publicised attacks such as Wanacry and Petya grabbing the headlines, cyber risk and insurance is a preeminent risk on the business landscape.

Karen Kukoda, a strategic alliance director at cyber security firm FireEye, said that the experience in the US can be used to help Australian clients prepare for both insurance and mitigation.

“The first thing that everybody needs to think about is that cyber is not just an IT issue, it is an enterprise risk,” Kukoda told Insurance Business.

“The board needs to be prepped.”

Kukoda said that she considers cyber security to be “the ultimate team sport” as different areas of a business will all play a role in online defence.

She noted that different teams within a business will need to come together in order to offer the best defence. Risk management needs to be involved, as well as IT and the C-suite whilst staff training is also important.

Kukoda said that as clients come to terms with their cyber risk, they need to remain vigilant over time. Simply planning for a data breach and training staff once will not be good enough as the threat landscape continues to shift on an almost daily basis.

As the industry lacks historical data on the pricing and underwriting of cyber insurance, Kukoda said that US cyber insurers and underwriters have looked to partnerships with firms like FireEye to help further understand good mitigation practices.

With a better understanding of good cyber risk practices, the industry can price accordingly for a risk that is difficult to measure.

Kukoda said that the legal element of cyber insurance and risk cannot be ignored.

Whilst class-actions against breached companies have so far been rare, Kukoda said that a good legal grounding is vital. She noted that FireEye has expanded its partnerships with law firms as many companies remain unaware of the different regulatory concerns that they have depending on industry.

“If your general counsel isn’t prepared and well equipped and knowledgeable on those aspects then it is in your best interest to hire an outside law firm that can provide the right guidance there,” Kukoda said.

Cyber risk is not going away and many in the industry expect cyber insurance growth to match those concerns. Kukoda said that she expects cyber insurance to become commonplace amongst businesses in the near future.

“I do think this will become just part of your normal business cost so to speak.”


Related stories:
Lloyd’s reveals potential cyber attack cost
Health insurer Bupa rocked by major data breach