Increasing internet threats make cyber insurance a must

Nigel Phair of the Centre for Internet Safety and Matthew Clarke of AIG explain why, with increasing threats and legislative changes, brokers should be pointing more clients towards cyber insurance.

Video transcript below:

Nigel Phair, Centre for Internet Safety
Nigel Phair:
 So in March 2014 are amendments to the Privacy Act.  We have got the introduction of a new set of privacy principles and with that come some really interesting mechanisms and powers for the Commonwealth Privacy Commissioner.  They include fines, both personal and corporate fines.  Corporate fines of around the $1.7 million mark and personal fines of $340,000.  Added to that is enforceable undertakings that the Privacy Commissioner can force on organisations.

So the cyber threats are becoming more and more stealthy, more and more advanced and more and more persistent.  We have got everything from state sponsored attacks, serious and organised criminal cyber attacks, all the way through to disgruntled employees and ex-contractors that might have a beef with the organisation.  

Now traditionally organisations of all sizes would look at their insurance posture with respect to risk.  What the organisations need to do now, particularly the small to medium size, they need to look at what their cyber footprint is and mitigate that as best they can with risk, but then also look at a policy to cover what’s left over.  

Matthew Clarke, AIG
Matthew Clarke:
 Our liability to first and third party liability policies.  It’s unique from that aspect.  So it will cover actions by third parties against the insured, but it has the first party aspects which most traditional policies, traditional financial loans policies don’t have, so it will include cover for fines and penalties by the Privacy Commissioner, it will also cover the costs of notifications to impact of insured, it looks also at the IT costs of getting a company to come in to determine whether or not data can be restored and actually the costs of restoring that data, so that really sets it aside from most traditional financial [loans] policies.  There is a misconception in the market that cyber liability is an expensive product.  From what we have seen and certainly AIG’s approach with [cyberiage] is to work with brokers and ensure to determine the cover that’s required, so we tailor our approach, there’s aspects of cover that may not be necessarily be needed by certain insured’s depending on other policies they have in place and that allows us to tailor the pricing to match the price point of the insureds.  A good cyber policy will go a little further than just providing the insurance cover, so it will also provide access to third party legal providers to provide advice, PR firms and IT firms having access to those panels that can provide a little bit more than just the insurance policy in the event of a breach, looking to partner with an insurer who can actually provide risk management advice upfront.