As director of one of New Zealand’s cyber insurance providers, Debbie Street has summed up how brokers can best tell their clients about their cyber exposures – by using the three R’s of Risk Avoidance, Risk Limitation and Risk Transfer.
Street, who is director – operations and marketing at Auckland-based International Underwriting Agencies (
IUA), believes if businesses follow the three R’s, they should be able to reduce the impact of cyber-criminal activity dramatically.
However, she said it’s not a good look if the brokers haven’t applied the three R’s to themselves first.
“Brokers need to be covered too,” she told
Insurance Business. “The first three policies we sold were to insurance brokers. And we have a cyber policy as well because why would you not?”
As a Connect Smart silver partner, IUA has pledged its shared commitment with the New Zealand government to improve the security of individuals, schools and businesses online.
IUA has a selection of '
cyber tools' on their website for brokers to help their clients, and now Street has produced her three R’s approach for the Connect Smart website with SMEs in mind.
She said businesses need a basic risk management plan in place to protect their systems and data just as they would put in place to protect their property.
“You may not be able to avoid the risk but at least you can do your best to limit the damage,” she said.
“An example of risk limitation would be a company accepting that a disk drive may fail or their system may be hacked and having a robust backup system in place to avoid a long period of outage/failure,” she said.
Backups should be regularly tested too, and larger businesses may wish to consider employing an outside consultant to carry out ‘penetration’ testing which assists businesses in identifying and ‘plugging’ vulnerabilities in their networks and systems.
“We’re going to do a penetration test on IUA in the New Year,” she said.
“The clients I really want to insure are those who have taken steps to avoid or limit the risk and transfer what they can’t avoid or limit to an insurance policy.”
Policies offer access to experts who know how to deal with situations which can have potentially disastrous consequences.
“Your IT guy might be really good at IT but do they know how to protect your reputation?”
Street said IUA had not yet been advised of a claim under a Cyber Policy, but given the statistics, it ‘must be imminent’.
She cited
PwC’s Global State of Information Security Survey 2016, released last month, which said 25% of New Zealand organisations with cyber insurance made a claim in the past year, compared with 50% globally.
“Given Cyber Insurance policies have only been available in the NZ insurance market for a couple of years it is likely that New Zealand will catch up with the global trend.”
You can read more about the three R’s
here.
