For many buyers of business insurance, cyber insurance is a new class of insurance that has been brought to customers attention in recent years by both their brokers and the media. The news is full of stories on a weekly basis highlighting hacking by unknow sources into businesses, government agencies and organisations of varying sizes and no one seems safe.
In one newspaper alone in a 3-week period in June 2019, there was over 30 stories related to hacking, phone scamming, criticising, social engineering and theft of personal funds.
Some of the headlines read:
The ASD could sit within the networks of major power, water and telecommunications companies to help defend them against foreign cyber-attacks under proposals being discussed.
Argentina has not ruled out a cyber-attack as the reason why most of its citizens and those of some of its South American neighbors were left in the dark for hours.
One university was found to be at high risk of the theft of sensitive data, within days of a major breach at ANU in Canberra.
A major cyber security breach has seen the private details of almost 100,000 Westpac customers exposed after the bank’s system was attacked by hackers.
Australian companies have been warned they may be at risk of DNS attacks, where hackers spoof their websites to hack into customers’ personal data.
Whilst the Australian Federal government has tried to monitor and educate on such attacks with the creation of an emergency response team called CERT Australia in 2010 and more recently the establishment of the Australian Cybercrime Online Reporting Network and Notifiable Data Breaches (NDB) scheme, the issue is likely to continue to grow and evolve as technology changes.
The current cyber threats facing businesses includes:
|Cyber Espionage||Unauthorised system or network access linked to espionage|
|Cyber extortion||Attack or threat of attack against IT infrastructure, coupled with demand of money to stop|
|Hacking/crimeware||Malicious or unauthorised IT Infrastructure access or malware that aims to gain control of your systems|
|Denial of service||Intentional compromising of networks and systems availability.|
|Point of sale||Remote attacks against retail transactions for card-present purchases|
|Human error||Mistakes made by staff that have unintentional actions that directly compromise security.|
|Social engineering||Social engineering exploits people who are tricked into divulging sensitive information, transferring money to hacker’s accounts or providing access to systems.|
Cyber insurance is designed to protect a business when its IT security (whether internal or Third Party), policies and procedures fail to stop an attack.
Some claim examples from one of our suppliers (Emergence) highlights the gravity of not having this cover in place:
|Hacking||A retail clothing store operated an E-commerce website which became infected with malicious code. As a result, the website showed black screens to customers and staff were unable to access orders in the system.|
|Socially Engineered Theft 3rd Party Loss||A real estate agent holds third party money in trust. The agent receives instructions from a lookalike email address to transfer money to the third party’s bank account. The email is fraudulent. The agent transfers the money and, as a result, the third-party funds are lost irrecoverably.|
|Socially Engineered Theft 1st Party Loss||An accountant’s employee receives a request from a regular supplier’s email address for payment of an outstanding invoice. The employee pays the supplier in good faith and in reliance upon the received invoice. As it turns out, the supplier’s invoicing system was hacked and the supplier’s bank account details were changed to the hacker’s account. The paid amount is unrecoverable as a result.|
In a world where we are relying more and more on our digital footprint it is vital important to ensure we have cover in place for cyber threat in the same way we do for our physical assets such as Building and contents.
Talk to our team of staff who may be able to assist you further.Back to News