ICA calls for overhaul of cyber policy settings

Australian businesses, insurers and government must work together to establish the settings for a vibrant and sustainable cyber insurance market to underpin economic growth into the future, the Insurance Council of Australia (ICA) said on Monday.

Released in its Cyber Insurance: Protecting our way of life in a digital world paper, ICA highlights challenges to maintaining and developing a cyber insurance market to support Australian individuals, businesses and organisations operating in the digital economy following the COVID-19 pandemic.

This unprecedented growth in digitisation and connectivity has led to increased cyber risk. The spectrum of cyber risk includes inadvertent or deliberate data breaches by employees at one end, and ranges to criminal gangs and nation states targeting business operating systems at the other end.

Responding, rectifying and reporting a cyber incident can be challenging and expensive for a victim’s business. Cyber insurance provides an important support to these businesses, including facilitating access to expert assistance, which is particularly valued by smaller businesses.

ICA has acknowledged that in Australia standalone cyber insurance is not, as yet, a well-known or understood insurance product. This and a small number of insurance providers in the market has implications for the pool size by which risk is transferred.

This together with increasing loss ratios and reducing risk appetite can make it harder for some Australian businesses to purchase cyber insurance, prompting the industry’s call to overhaul the government’s policy settings.

Among the recommendations made, ICA is calling for better data sharing, both from industry to government and importantly from government to industry to prevent, detect and report cyber-attacks.

Minimum security requirements and third-party certifications for software and hardware should also be made mandatory to reduce the vulnerability of cyber-attacks.

Investment incentives for education around cyber risk, as well as for businesses willing to disclose and work with enforcement agencies are also needed.

ICA has also called for the Government to develop and issue an Australian cybersecurity standard to ensure that government agencies and contractors with whom they do business evaluate their cyber maturity according to uniform and constantly evolving standards.