Cyber criminals are more cunning than ever and, under the cover of COVID-19, have been targeting business supply chains and taking advantage of the acceleration of remote working.

A recent Allianz survey of the biggest threats to corporate Australia during the next 12 months puts the danger into context, with 41% of respondents nominating business interruption and digital incidents such as cyber-attacks, IT failure and ransomware incidents as the No. 1 concern. Climate change (34%) and natural catastrophes (29%) round out the top three.

Supply-chain risk management is also on the agenda for business leaders, with many cyber-attacks seeking to gain access to critical data and information.

In this potentially fraught environment, it is crucial to seek sound advice from a broker or experienced insurance consultant to get the right liability insurance in order to protect your business from financial risks relating to cyber incidents. While a wide range of cyber insurance options are available for businesses, some insurers are limiting their coverage, imposing higher deductibles and raising premiums.

Global broker Marsh reports that premiums spiked 20% to 30% in Australia in the first quarter of 2021, followed by a 60% to 80% rise in the second quarter, compared with the same periods from 2020. Many insurers are also changing the way they assess risks and are adopting stricter underwriting guidelines, with the focus being on an entity’s business-continuity and incident-response plans. 

Protecting your operations and data

In tandem with cyber insurance, businesses should be taking mitigating action to safeguard their operations, people and data, including via the following basic steps.

1. Back up your data – it is essential to have backups of key technology platforms and data. Ransomware attackers, for example, want to seize control of your critical technology and then try to extort the business for its return. If you have off-site backup measures, it gives your business more options in the case of an attack and it will help you recover any information you lose through a cyber incident.
2. Use multi-factor authentication – this verification security process requires employees and clients to provide two or more proofs of identity before they can access accounts and information. For instance, it could require a password and a code sent to a mobile device before access is granted. The risk-management tool should be used on everything that provides access from the internet, including virtual private networks and remote desktop access through to cloud systems such as Office 365.
3. Install security software – such protection on your computers and devices will help prevent malware infections and other threats. You should also make a habit of patching your systems with software updates, and in response to cyber-scam alerts from entities such as the Australian Cyber Security Centre.
4. Use passphrases instead of passwords – simple passwords represent one of the biggest weaknesses in most businesses’ cyber wall. Passphrases can consist of a phrase, or a collection of different words. They should be simple for humans to remember, but difficult for machines to crack.

Businesses that implement such basic cybersecurity measures are likely to be looked upon more favourably by cyber insurers, potentially leading to cheaper premiums and more comprehensive cover.

Make your insurance fit for purpose

At its core, cyber liability insurance can help your business cover the costs of recovering from a cyber-attack. As with any insurance product, it is important for your business to have clarity around what the insurance actually covers, and it does not cover.

Standard coverage should include costs related to elements such as:

• Business interruption
• Extortion
• Forensic investigation
• Theft or fraud
• Data loss.

Each business may have different cyber-insurance needs, so the role of your insurance broker is critical, along with the possible assistance of external insurance specialists who can help advise on the best possible cover. Their capabilities and expertise could mean the difference between your business surviving a cyber-attack, or being put out of operation.

Seek specialist advice

Given such high stakes, it is wise to conduct an audit of existing insurance policies to ensure they will be suitable and effective in the event of incidents such as ransomware attacks.

While cyber insurance is important, getting just any generic insurance cover is not the answer, especially at a time when cyber threats are becoming more common and sophisticated. Poorly structured insurance can often be a waste of money and fail to prevent a business from experiencing significant distress.

The message is clear – work closely with your insurance broker and other specialists to ensure that your cyber risks are clearly understood, and that you have insurance cover when you need it most.

Determining the most appropriate form of cyber insurance for different businesses can be difficult speak to one of our experienced insurance experts to discuss the complex exercise of getting the right cyber cover.

Also read - Your important complete cyber liability market update.