Cyber risk Green Paper tackles major concerns for public and private sectors

By Win-Li Toh
Principal
28 September 2022


Co-authors

Ross Simmonds

By Win-Li Toh - Principal | Co-authors Ross Simmonds
28 September 2022

Share on LinkedIn
Share on Twitter
Share by Email
Copy Link


By Win-Li Toh
28 September 2022

Share on LinkedIn
Share on Twitter
Share by Email
Copy Link

Co-authors Ross Simmonds


In Australia, a cyber crime was reported every eight minutes over the past financial year and cyber risk cost the economy $33 billion. In a Green Paper commissioned by the Actuaries Institute, Taylor Fry authors Win-Li Toh and Ross Simmonds explore the challenges and opportunities in creating a vibrant, sustainable cyber insurance market – and why collaboration between government, business and insurers is key to filling major gaps in protection against attack.

The paper highlights how technology is woven into every aspect of our daily lives and cyber criminals take advantage of this dependence. Lead author Win-Li Toh says, “Despite increasing government and business spend, the approach to addressing the exposures appears disjointed and the losses are mounting. No one is immune – from SMEs to the largest corporates – across industries and disrupting supply chains.”

What’s more, Win-Li adds, government entities are a long way off baseline standards of cyber security, while many businesses are also behind in their resilience against rapidly shifting risks.

Cyber insurance as influencer, but there are gaps

In addressing these core issues, Win-Li says, “Importantly, cyber insurance is not the first line of defence – that role goes to good cyber hygiene and security. But cyber insurance can influence best practice in a major way – by boosting cyber hygiene and security resilience through eligibility criteria, pricing and insights.

“A vibrant cyber insurance market will do more than provide financial recompense for risks that break through the first line of defence.”

For this role to be effective, Win-Li says several gaps need to be addressed, including:

  • A severe shortage of qualified cyber security personnel
  • Limited understanding of the role of cyber insurance among Boards
  • Limited education on cyber risks among SMEs
  • Achieving sufficient capacity and profitability in the market
  • Managing accumulation risks
  • Cyber hesitancy in seeking the right insurance solutions.

The paper highlights cyber hygiene and security – not insurance – as the first line of defence

Cyber risk an explosive global concern

Globally, cyber risk is mirroring the Australian experience and growing at unprecedented levels, with ransomware attacks more than tripling in two years. Contributing factors to this expanding risk include:  the accessibility of Ransomware as a Service, the development of crypto currencies enabling untraceable payments, and cyber insurance hesitancy due to reduced cover, increasing premiums and a reduction in policy limits.

Compounding these issues, the paper points to the lack of geographical boundaries in cyber risk, where a computer virus can spread quickly around the world, resulting in multiple companies making a claim. “This is the accumulation risk challenge for an insurer,” Win-Li says. “The potential for a single event to trigger losses across business lines and global borders.”

A further hurdle is the difficulty in defining acts of cyber war (or terrorism) that are excluded from insurance policies, with Lloyd’s recently giving directions to underwriters towards excluding liability for losses arising from any state-backed cyber attack.

Problem too big to solve alone

The Green Paper offers several solutions-focused discussion points, as the authors examine the complementary roles of government, business and insurers.

“The problem is simply too big for any sole party to tackle on its own,” Win-Li adds. “Finding the right balance between guidance, education, mitigation, cover and regulation will require government, business and insurers coming together and appreciating one another’s perspectives.” Constructive conversation will encourage give and take, she says. “Active partnership between these stakeholders is critical in plugging the gaps, in heading off market failure and in creating a robust risk management framework, where cyber insurance can thrive and offer better protection against cyber risk.”

Listen to the Actuaries Institute podcast here.


Other articles by
Win-Li Toh

Other articles by Win-Li Toh

More articles

Win-Li Toh
Principal


RADAR FY2023 – Biggest profits since 2014, but affordability threatens sustainability

RADAR FY2023, Taylor Fry’s annual general insurance rundown in what’s been a turbulent and nuanced FY2023 for the industry

Read Article

Win-Li Toh
Principal


Effective cyber hygiene – what cyber claims tell us

Key insights from three insurance industry studies into what cyber claims data might reveal about strengthening barriers against cyberattack

Read Article



Related articles

Related articles

More articles

Scott Duncan
Principal


How inflation is changing the insurer landscape

We explore the drivers and impacts of inflation on general insurance, and what insurers can do to thrive amid the pressures ahead

Read Article

Ross Simmonds
Director


RADAR FY2023 New Zealand Snapshot

Our NZ general insurance FY2023 overview sheds light on New Zealand's insurance landscape to help insurers chart a steady path forward.

Read Article