Medibank analysis: What should cyber insurance cover?

"The response side is absolutely critical" says expert

Medibank analysis: What should cyber insurance cover?


By Daniel Wood

Medibank has confirmed that stolen customer data is now published online. As Australia’s largest private health insurer, Medibank’s customers continue to experience the impacts of the recent cyberattack.

One issue at the fore is cyber insurance and what it should cover. Medibank has not revealed the details of its cyber insurance, but some policies only cover the costs of the initial phase of an attack and don’t cover recovery costs.

“When a cyber claim actually occurs, the response side is absolutely critical when it comes to an insured deciding who to go with for a cyber insurer,” said Philippa Davis (pictured above) international cyber team leader for CFC Underwriters during an Insurance Business interview before the Medibank cyberattack.

Davis said companies seeking thorough cyber coverage should make sure their potential insurer has sufficient cyber security infrastructure in place including an in-house claims solution, surveillance and the capability to deal with an attack quickly and efficiently.

“That’s something we're very, very committed to and that’s shown by the fact that in Australia we have a local presence with a claims and instant response team,” she said.

The London headquartered firm has a team of 30 cyber specialists located on the Gold Coast.

“It's a really key part that definitely has to be taken into consideration when insureds are looking to purchase a policy,” said Davis.

Cyber insurance policies with CFC do cover the full costs of recovery after a cyberattack.

“Yes, system rectification costs are covered in line with the policy terms and conditions,” she said. “So all of that - which is getting an insured back to the state that they were prior to the attacks - is really key with a cyber policy.”

However, what her cyber insurance firm really wants to do is change the mindset around cyber protection and move away from reactive to proactive solutions.

“For example, in the Australian market particularly, policy coverage some years ago was under a lot of scrutiny, and rightly so, because there's been a lot of variation in policy wordings in the market,” said Davis.

Rather than ask cyber insurers how many claims they’ve handled, she called on SMEs and other businesses seeking coverage to ask a more important question: How may claims has the insurer prevented?

Davis said, since its inception, CFC’s cyber threat analysis team has prevented over 12,000 attacks through notifying customers. That can be benchmarked against the three thousand claims CFC has handled over the last 12 months.

“I personally think that's a powerful statistic to share that really shows the true value of cyber insurance today and how the product has evolved over the past few years,” she said.

Davis said the conversation between an insurer and the insured needs to be around what can be done to prevent a claim in the first place.

“Cyber is such a dynamic risk, it's constantly changing, along with the threat environment,” she said. “One solution that might prevent one type of attack won't necessarily stop another, and because of that, one of our services that we're really trying to push at the moment is threat intelligence.”

Threat intelligence, she said, is about knowing who threat actors are targeting ahead of time. This intelligence can also be highly predictive of claims. One way CFC keeps its customers up to speed on potential threats is through an app.

“I believe we're the only ones that have the instant response app,” said Davis. “It’s a way of disseminating this threat intelligence very quickly to our policyholders, which is key when you're looking at cyberattacks.”

She said it’s also a way for insureds to access CFC’s risk management services.

“We offer Dark Web scanning and vulnerability scanning,” said Davis. “We also offer what we call ‘ask the experts.’”

This service, she said, allows policyholders to reach out to the firm’s incident response team as though its their private IT consultancy and ask any questions they have about cyberattacks and how to prevent them.

“I think that's really valuable, especially when you're talking about SMEs that don't have their own in-house capabilities,” said Davis.

Last month, Davis, together with other members of her London based team, showcased their new cyber insurance offering in Sydney. The event involved cruising the harbour with local broker partners and underwriters.

“We’re basically offering a fully integrated, start to finish, in-house claim solution in Australia,” said Davis. "We've built an entire team who focus on preventing cyberattacks for clients and it's the largest specialist team in the world that does this". 

Related Stories

Keep up with the latest news and events

Join our mailing list, it’s free!