Growth has only just begun for cyber insurance
IN Partnership with
Brooklyn Underwriting’s Grace Coleman sees society’s increasing reliance on digital as foreshadowing the day when the cyber insurance market is on par with car insurance
More
IF THE Australian cyber insurance sector were a sports car, the post-pandemic period would be when it accelerated from zero to 60 in terms of capacity and market competition.
Between 2019 and 2023, gross written premium for cyber insurance in Australia is estimated to have ballooned fivefold from around $100 million to $500 million, according to an analysis by Finity. This growth isn’t expected to stop any time soon.
“Cyber insurance is currently the single-largest organic
Brooklyn Underwriting’s approach to business is underpinned by the values and strengths it shares with AXA XL, operating with honesty and integrity for the benefit of their customers. Brooklyn became part of AXA XL in 2016. It drives excellence in its multiple-award-winning product suite including cyber, IT, liability insurance, property, management liability, professional indemnity and crisis response/security risk. With strong ties with AXA XL, Brooklyn can also connect its clients to experienced AXA XL underwriters to utilise their expertise, global reach and financial security, should there be a need.
Find out more
Types of cyber incident costs companies face
First-party costs
“I anticipate a sustained high level of demand for cyber insurance, to the point where it will become as commonplace as car insurance”
Grace Coleman,
Brooklyn Underwriting
growth opportunity for the commercial insurance sector,” says Grace Coleman, underwriter, cyber and technology, for international financial lines at Brooklyn Underwriting.
This breakneck expansion is expected to continue across the board, within markets ranging from SMEs to large global players. Some estimates show the global market for cyber insurance doubling in size by 2027.
As society becomes more reliant on digital processes at every level, Coleman sees a future in which cyber insurance will have evolved from the insurance minnow it was a few years ago into a whale.
“I anticipate a sustained high level of demand for cyber insurance, to the point where it will become as commonplace as car insurance. It’s more common for people to have smartphones than to drive cars, so it only makes sense to protect yourself in the digital space as you would in the physical space,” she says.
When people look back in time a decade from now, COVID will be seen as a key turning point and accelerant for this market. The pandemic forced employees to work remotely and digitally, further deepening our dependency on digital infrastructure.
“Remote working in response to lockdowns was a positive game changer for many organisations – it increased productivity and efficiency and saved money on everyday expenses such as travel and office rent,” says Coleman. “The flip side of this, however, was the vastly distributed surface attack area for cyber threats.”
Companies everywhere suddenly saw their key digital assets set adrift without a lifeboat, presenting an opportunity for malicious actors. But there’s no putting the genie back in the bottle now.
“Our world has very quickly become heavily dependent on digital infrastructure, so the cyber insurance product has developed hastily to keep up with market demand. Whilst the benefits outweigh the risks by far, they must still be managed effectively.
As the risks and companies’ awareness of cybercrime have increased, insurers have scrambled to meet demand.
“We are seeing substantial investment from insurers into this
Coleman likens cyber insurance to car insurance, in that it covers both first- and third-party costs.
First-party costs can include, for example, data recovery costs or business interruption losses, while third-party costs could arise from regulatory fines or the increasing number of privacy claims coming from individuals both in Australia and abroad.
“At Brooklyn, we have a global panel of breach response providers that can be immediately mobilised, ranging from forensic IT experts to ransom negotiators, privacy lawyers and public relations consultants, as well as identity and credit monitoring experts,” says Coleman.
Most smaller companies don’t have the capacity to handle such delicate situations as deciding whether and how to negotiate with cybercriminals. The reality is that experienced professionals are needed.
“Using these resources and professionals for these tasks is a relief for many businesses, particularly those at the smaller end of the scale who don’t employ full-time chief information security officers or cybersecurity professionals,” says Coleman.
that had failed a compliance audit in the past 12 months, 31% had experienced a breach that very same year. This compares to just 3% of those that had passed compliance audits.
The growth of data regulations globally also poses a key risk for companies with offshore business, for example. Those with reporting obligations in multiple regimes need to keep abreast of constantly changing rules in those regimes.
Several states in the US have passed or amended privacy regulations in the last few years. Updates to the EU’s General Data Protection Regulation, and the extension of regulations in the California Consumer Privacy Act through the enactment of the California Privacy Rights Act, which took effect in 2023, are some of the latest rules that tech firms need to be across as part of their professional indemnity obligations. More regulatory change is also expected in the EU, the UK, Singapore, Australia and Japan in 2024.
The silver lining of all these factors is a much higher awareness of the need for cyber insurance than a few years ago.
“A new social attitude is emerging, and all of us have a part to play, whether it’s adhering to privacy legislation, implementing cybersecurity training for organisations, or enabling MFA on our personal banking apps,” says Coleman.
Insurers face a major challenge in closing the gap between economic losses and insured losses, especially at SMEs. Given the prolific growth of risks in a digitised economy, higher insurance penetration for cyber risks is vital.
“The more businesses that take up cyber cover, the better the position we will collectively be in to combat the ongoing threat of cybercrime.”
Share
A market still in its infancy – especially for SMEs
Growing threats, digital economy driving market
Published 20 May 2024
Share
“With increased competition from carriers, coupled with significant improvement in applicants’ approaches to risk management, options for clients are plentiful. It’s a good time for new entrants to make their first cyber purchase”
Grace Coleman,
Brooklyn Underwriting
Third-party costs
Forensics to determine the scope of the breach
Data recovery
Removal of malware and reconstruction of data
Ensuring the organisation is compliant with the relevant legislation
Business interruption loss (including profit) that the insured may incur during
a shutdown
Extortion negotiation and payment
Regulatory defence and investigation
Regulatory fines
Privacy claims from individuals
Class actions
Source: Brooklyn Underwriting
Source: ASD Cyber Threat Reports
the growing financial impact
of cybercrime
Small business
Medium business
Large business
$0
$20,000
$40,000
$80,000
$100,000
July 2021–
June 2022
July 2022–
June 2023
• Total number of cybercrimes reported between July 2022 and June 2023: 94,000 (up 23% year-on-year)
$60,000
A sea change in thinking around cyber
space, whether it be in technology, personnel or broader capacity,” says Coleman. “With increased competition from carriers, coupled with significant improvement in applicants’ approaches to risk management, options for clients are plentiful. It’s a good time for new entrants to make their first cyber purchase.”
But despite this surge in demand, the consistency of coverage varies depending on the size of the companies involved.
A majority of large, publicly listed companies are now thought to have cyber insurance, but a survey by the Insurance Council of Australia shows the same is not true for SMEs, with just 20% owning a policy.
“This is the space we are focusing on at Brooklyn. Companies at the smaller end of the scale may not always have the capabilities or the budget for the comprehensive controls that larger organisations do,” says Coleman.
Large corporations normally have the resources to recover from a cyberattack, but with smaller companies often bearing most of the risk on their own, such an incident can be a life-or-death situation.
Insureds are also buying the capability of a global brand when purchasing cyber insurance from Brooklyn, underpinned by the expertise, global reach and financial security provided by AXA XL.
“Cyber incidents affecting unprepared small businesses can take years to recover from or force them out of business altogether. The impact can be financially and mentally detrimental for a small business and its owners and employees.”
This is where Brooklyn Underwriting plans to help.
“Our aim is to provide cover, but also reassurance and peace of mind, through our fit-for-purpose policy and resources. We provide pre-loss service and a dedicated incident response team equipping our insureds with strategies to handle a cyber incident,” says Coleman.
But this doesn’t mean that SMEs can sit back on their laurels just because they have purchased a policy. Like a car, safe driving and regular maintenance are an important part of preventing needless accidents.
What does an SME get when it buys cyber cover?
Mitigation is key for SMEs, both to improving outcomes and reducing premiums. Some basic strategies for easing risks around cyberattacks include using multi-factor authentication (MFA); backing up data; and putting in place a robust system for alerting the business to vulnerabilities and patching them as soon as possible.
Coleman says MFA should be implemented for all users accessing a company’s network remotely, given how easy it is to hack passwords, especially as the same ones are commonly used across multiple platforms.
“A second form of authentication – usually by SMS, face ID or an authenticator app – is one of the best defences against intrusion.”
Backing up data can make all the difference to whether a cyberattack is an existential disaster for an SME or a mere inconvenience. Back-ups need to be done frequently, safely, and separately from the business’s normal operating network.
Companies should have alerts set up for when emergency vulnerabilities are identified.
“Insureds need to have a process for identifying and patching critical vulnerabilities immediately, but also a process for performing regular ordinary patches,” says Coleman. “It’s good digital hygiene.”
Mitigation steps to prevent cyberattacks
The extraordinary growth of cyber insurance is a corollary to the proliferation of related threats. The market is driven by the awareness of the increasing frequency and sophistication of cyberattacks, including the potential financial repercussions – and these attacks will only increase in future.
The 2024 Thales Data Threat Report, based on a survey of nearly 3,000 IT and security professionals across 37 industries in 18 countries, found that 93% of IT professionals believe security threats are increasing in volume or severity, a significant rise from 47% last year.
“Despite many new market entrants that are eager to write cyber, there has been little impact on the frequency, size and complexity of cyber insurance claims – in fact they seem to be drastically increasing,” says Coleman.
Other factors driving growth include ongoing digital transformation and technological advances in all sectors, and concrete requirements to be satisfied by business partners within the supply chain.
Stricter regulatory requirements are also boosting demand. Thales research found that there was a very clear correlation between compliance and data security. Of those organisations
RSS
Sitemap
Contact us
About us
Conditions of Use
Privacy policy
Terms & conditions
People
Copyright © 2024 KM Business Information Australia Pty Ltd
Contact Us
Specialty
Best in Insurance
Resources
Risk Management
TV
News
AU
RSS
Sitemap
Contact us
About us
Conditions of Use
Privacy policy
Terms & conditions
People
Copyright © 2024 KM Business Information Australia Pty Ltd
Contact Us
Specialty
Best in Insurance
Resources
Risk Management
TV
News
AU
Copyright © 2024 KM Business Information Australia Pty Ltd
RSS
Sitemap
Contact us
About us
Conditions of Use
Privacy policy
Terms & conditions
People
Contact Us
Specialty
Best in Insurance
Resources
Risk Management
TV
News
AU