The new technologies used by hackers to invade victims’ systems are becoming a concern for organizations and companies. Many organizations are providing cyber insurance to protect the data of users and businesses.
Australian companies are investing more than $800 million in cyber insurance in the next two years. This is a part of their strategy to create the protection of the companies and safeguard them from malicious attackers. The government has also put up higher penalties in case of breaching data.
The malware attacks on Optus and Medibank caused great harm to their financial building. Macquarie Research proved that there has been an increase in investment by companies to safeguard themselves against such attacks.
The analyst of the investment bank evaluated that the premium cyber insurance had doubled since 2020 to $840 million this year in Australia. They also added in the report that this number will rise to $815 million by 2024.
Cyber insurance is comparatively an unpopular market, and it is still a smaller market than other insurances. However, a rise in cyber insurance demand has been noticed by analysts which is complemented by an increasing need for cyber protection.
In one of the reports, the analysts explained that attacks on Medibank and Optus will increase the number of cyber insurances. Currently, 68% of the ASX 200 companies have already bought cyber protection.
It is expected that there could be further significant price increases across all industries over the next 12-24 months in response to the proposed backdating of higher fines in Australia.
Analysts believe that the majority of costs incurred by companies as a result of a cyberattack are legal and consulting expenses to rebuild their technology. This is besides fines and ransoms when a company is attacked. The research found that, despite previous warnings for boards to pay more attention to cyber risks, rating agencies still did not pay enough attention to the same when assessing companies' environmental, social, and governance (ESG) risks.
In other words, "Data is the new coal - once the greatest asset on the balance sheet, it is now the greatest contingent liability on that balance sheet," said a recent study.
Additionally, there has been a breach of data at a shopping website owned by Woolworths over the last month. This is in addition to the hacks of Optus and Medibank. In the past week, there has been an attack on the Smith Family.
Insurers may be able to absorb the losses incurred as a consequence of the Optus and Medibank attacks without the need to increase premiums, according to Ben Robinson, placement manager at insurance broker Honan. Despite these incidents, the head of the insurer said companies should pursue cyber risk management to deal with the challenges of the digital age.
According to Robinson, who practices cybersecurity risk management as part of his firm's corporate consulting services, compliance requirements are getting tighter as they try to reduce vulnerabilities. His clients range in size from $250 million to about $3 billion in market capitalization.
Moreover, Macquarie's research indicated that insurers were "dramatically" altering their risk appetite, with some insurers declining to quote for companies that were not equipped with the correct controls, and others declining to offer them quotes in the first place.
The analysts also pointed out that smaller organizations could have difficulty getting adequate cyber protection by relying on local insurers. This is because only half of those on the local market offer cyber products to small and medium businesses, as their survey indicates.
A small amount of cover is provided by ASX-listed insurers in the cyber insurance market, though Macquarie’s analysts believe that Insurance Australia Group and QBE will be looking at ways of gaining a small amount of market share shortly.
According to a spokesperson for QBE, "cyber insurance constitutes a small fraction of the company's global business, and it has traditionally not been a focus for the company. However, as a priority, meeting the needs of our customers is crucial, and we need to make sure that our products are designed to address these needs."
IAG offers small and medium-sized businesses cyber insurance through its brands CGU and NRMA, which are available through its Insurance division. It has, however, been reported that demand for the company's products has not significantly increased as a consequence of the attacks on Optus and Medibank.