Cyber insurance in the wake of the Optus breach

Could the Optus breach been avoided?

Optus was hit with a “basic” cyber attack that should not have happened to a company of its size and resources. With over 9.8 million people potentially affected (that’s almost half the Australian population), Optus should have had data encryption in place as well as closed and protected API’s and adequate cyber security practices to prevent any breach.

It’s a big no-no to store production data in a test environment and almost all security frameworks say to keep the data separate. So it’s clear Optus have a lot of work to do on their cyber security practices.

Whilst Optus looks backwards and the Australian Government lays blame, the state of Optus’ security defences reflects poorly on the business.

Most businesses are underprepared

According to the Actuaries Institute, in Australia, a cyber crime was reported every eight minutes over the past financial year – an increase of 13% on the previous year. Reported total economic losses in the year amounted to $33 billion, impacting government and the private sector, all sizes of organisations – from SMEs to the largest corporations – across industries and disrupting supply chains.

Globally, 623 million ransomware attacks were recorded in 2021. That is 20 attacks every second and more than triple the number recorded in 2019.

Best practice in cyber risk management is for companies to undertake scenario planning to consider the possible outcomes from a cyber attack. Organisations that undertake proper scenario analysis for cyber put a financial value on both the tangibles, such as forensic investigation costs, and the intangibles, such as damage to brand reputation.

One of the natural outcomes of scenario planning should be taking out cyber insurance.

NewSure General Manager, Brett Edmonds says the Optus breach has shown every business owner in Australia how important cyber insurance coverage is to safeguarding their business.

“The Optus cyber attack has been another eye opener – another example of how wrong things can go for a major corporate,” said Edmonds. “But if you’re prepared and know what your insurance will cover, you’ll better navigate the long-term impact and what steps you may need to take to rebuild your company,” he says.

Cyber insurance coverage

The evolution of cyber insurance means there is no one standard cyber insurance policy.

Typical cyber insurance policies protect businesses against:

• Business interruption losses
  Covers financial loss you may suffer as a result of a cyber attack
• Cyber extortion
  The costs of a cyber attack, such as hiring negotiation experts, covering extortion demands and prevention of future threats
• Electronic data replacement
  The costs of recovering or replacing your records and other business data
• Security and privacy liability
  Damages to your reputation resulting from data breaches, such as loss of third-party data held on your system
• Defence costs
  Funds the legal costs of defending claims
• Regulatory breach liability
  Covers legal expenses and the costs of fines arising from investigation by a government regulator
• Electronic media liability
  The costs of copyright infringement, defamation claims and misuse of certain types of intellectual property online
• Crisis management expenses
  Provides cover for the costs of managing a crisis caused by cyber hackers
• Notification and monitoring expenses
  The costs of notifying customers of a security breach and monitoring their credit card details to prevent further attacks

Compared with more traditional forms of insurance, cyber insurance is a relatively new product covering a rapidly evolving form of risk, which has arisen from technology. This evolution means the exact cyber insurance coverage varies between insurers, and so it is critical organisations understand their risks and ensure covers are tailored to their needs.

Compared with more traditional forms of business insurance, cyber insurance is a relatively new product covering a rapidly evolving form of risk, which has arisen from technology. This evolution means the exact cyber insurance coverage varies between insurers, and so it is critical organisations understand their risks and ensure covers are tailored to their needs.

NewSure are a specialist small business insurance service provider, helping you compare quotes understand which cyber insurance policy is best for you.

We work with a range of cyber security insurers including Chubb, AIG and Emergence.

We offer complete insurance solutions for all types of businesses – from start-ups to medium and large size enterprises. Let us help you.

Talk to us or request a callback.

Important notice – NewSure Insurance Brokers Pty Ltd

This article provides information rather than financial product or other advice. The content of this article, including any information contained in it, has been prepared without taking into account your objectives, financial situation or needs. You should consider the appropriateness of the information, taking these matters into account, before you act on any information. In particular, you should review the product disclosure statement for any product that the information relates to it before acquiring the product.

Information is current as at the date the article is written as specified within it but is subject to change. NewSure Insurance Brokers Pty Ltd make no representation as to the accuracy or completeness of the information. Various third parties have contributed to the production of this content. All information is subject to copyright and may not be reproduced without the prior written consent of NewSure Insurance Brokers Pty Ltd.