Insurance should be your last line of defence when it comes to preparing for a cyber attack. In fact, insurers expect businesses to have a number of risk mitigation strategies in place. These strategies can reduce your premium on a cyber policy.

These include up-to-date anti-virus and anti-spam tools and system backups that are regularly tested. Rigid protocols around passwords are also essential. Staff training to ensure employees understand what a cyber attack or threat is and how to prevent one is also essential.

Insurance, can play a role. “I liken it to the mythical beast from Greek legend called Hydra, a serpent with many heads. That's what cyber protection is like, because it can come up in lots of different policies,” says Michael White, Steadfast’s broker technical manager.

“Staff training to ensure employees understand what a cyber attack or threat is and how to prevent one is also essential”

Cyber policies can provide cover in the event of a financial loss as a result of a cyber attack, which are common. Attacks of this nature include ransomware attacks, in which a criminal locks a business out of its IT system in exchange for a ransom. Other cyber threats include malware attacks. This is when a criminal goes into a business’ IT system to store malicious software, for instance a tool to steal customer data or infect the business with a virus. Some sources suggest there are more than 350,000 malware attacks a day.

In a recent portfolio analysis conducted by cyber insurance specialist underwriting agency Emergence Insurance, showed FY19 cyber claims frequency was up 29 percent compared with FY18. Despite this alarming statistic, too few small businesses take out cyber cover.

Professional, scientific or technical service industries accounted for 20 percent of claims; healthcare and social assistance 14 percent; and financial and insurance services 12 percent.

Cyber policies cover businesses for the cost of responding to a cyber event such as a denial of service attack that results in a firm, or its staff and clients, not being able to access its IT systems. Cover pays for a technician to resolve the issue, as well as any economic loss the business suffers as a result of the attack, for instance lost sales. 

It’s also important to understand the elements of an attack for which cyber policies do not provide cover. Cyber policies can provide protection for a financial loss, but they don’t usually provide cover for a physical loss, White explains.

“If someone hacks into a car’s system and causes it to crash, the event would normally be covered under traditional vehicle insurance, rather than by a cyber policy.”

Similarly, if an attack causes the business’s servers to fail, this should be construed as property damage and could be covered under a separate policy to the cyber policy.

As this shows, businesses require a range of different insurances to help ensure they are properly protected in the event they suffer a cyber incident. As such, they are advised to work with an insurance broker so they have the right protections in place should they, like so many other businesses, find themselves under a cyber attack.   

 

Important note - the information provided here is general advice only and has been prepared without taking in account your objectives, financial situation or needs. Steadfast Group Ltd (ABN 98 073 659 677, AFSL 254928)

Important notice - Steadfast Group Limited ABN 98 073 659 677 and Steadfast Network Brokers

This article provides information rather than financial product or other advice. The content of this article, including any information contained in it, has been prepared without taking into account your objectives, financial situation or needs. You should consider the appropriateness of the information, taking these matters into account, before you act on any information. In particular, you should review the product disclosure statement for any product that the information relates to it before acquiring the product.  

Information is current as at the date the article is written as specified within it but is subject to change. Steadfast Group Ltd and Steadfast Network Brokers make no representation as to the accuracy or completeness of the information. Various third parties have contributed to the production of this content. All information is subject to copyright and may not be reproduced without the prior written consent of Steadfast Group Limited.