BHSI ready for challenges facing tech firms
IN Partnership with
Tech companies face a range of evolving risks in 2023, from cyber to regulatory, but some may be caught flat-footed without the right insurer to back them
More
TECHNOLOGY FIRMS boomed as internet access accelerated during the pandemic, even while globalisation overall took a step back. The companies at the vanguard of this continuing evolution face a particular set of problems requiring robust insurance support, ranging from cyber issues to an increasing risk of legal disputes as the economic outlook wavers.
Perhaps the poster child for risk threat in the tech sector is cybersecurity.
CERT NZ data shows that individuals, small businesses and large organisations in New Zealand reported 8% fewer cybersecurity incidents overall in 2022 than in 2021, but related financial losses were 19% higher at $20m versus $16.8m. So even as cyber threats might be better controlled, each loss is costing more.
Despite the higher-risk environment than before the pandemic and the jump in financial damage, many companies globally seem to be relying heavily on technology to keep them safe, while paring back on things such as basic governance and insurance. A survey of large European tech firms by law firm DLA Piper showed that those that held insurance specific to cybersecurity fell to 60% of respondents in 2022 versus 65% in 2020 and 80% in 2018.
The trend is evident in New Zealand too.
“Despite all the discussion around cyber breaches and ransomware attacks over the last decade, cyber insurance as a whole is still the area where we see the lowest take-up,” says senior underwriter for executive and professional at Berkshire Hathaway Specialty Insurance (BHSI) New Zealand Ryan McGehan.
For the country’s lead underwriter in professional indemnity and cyber, this trend is worrying. “Cyber threats continue to evolve,” McGehan says. “The ways you can be attacked change every day, and the ability and number of bad actors who want to come after you grows.”
Berkshire Hathaway Specialty Insurance (BHSI) New Zealand provides commercial property, mining and energy, construction, casualty, executive and professional lines, marine, transport and logistics liability, accident and health, healthcare liability, surety, and multinational solutions and risk engineering. BHSI’s wide range of insurance products is expanding; this is combined with financial strength, a yes-oriented culture and great flexibility in customising solutions for customers’ needs. BHSI is customer-first, through and through. It views every claim as an opportunity to strengthen its customer relationships and industry reputation because, as BHSI says, “Claims is our product”.
Find out more
“Cyber threats continue to evolve – the ways you can be attacked change every day, and the ability and number of bad actors who want to come after you grows”
Ryan McGehan,
Berkshire Hathaway Specialty Insurance (BHSI) New Zealand
The types of cyberattacks that are prevalent each year change according to how technology manages to counter the various incursions. In 2022, New Zealand saw spikes in phishing and credential harvesting, unauthorised access, scams and fraud but a large drop in the number of malware reports.
Compared to many other countries, New Zealand has a high proportion of people who work from home. The annual InternetNZ Insights survey shows 34% work out of home exclusively and another 44% do so at least sometimes. Worldwide, the trend is expected to grow even post-pandemic.
This has led to more cyber incidents.
“The rapid adoption of remote work and remote access technologies has led to an increase in cyberattacks targeting remote workers and their employers – it’s harder to sense-check an odd email with a dubious attachment when you’re sitting alone in your home office,” says McGehan.
The speed at which remote working had to be adopted at the onset of the pandemic meant that many companies ended up taking shortcuts.
“A rush to implement this technology and/or a desire to make it easy to use has led to a number of businesses not employing basic controls like multi-factor authentication, which in turn leaves the door wide open for bad actors to wreak havoc,” says McGehan.
To mitigate risk, strong physical controls, including multi-factor authentication and endpoint detection and response tools, are important. Staff training, backing up systems and testing to ensure the back-up has worked are also vital.
“It’s no good having a plan if no one remembers what it is in the middle of a crisis!” says McGehan.
It’s also important to work with high-quality partners to review networks and the incident response plan.
“Our technology liability product blends professional liability, general liability and cyber to provide a seamless policy response and avoid gaps in cover”
Ryan McGehan,
Berkshire Hathaway Specialty Insurance (BHSI) New Zealand
“Vulnerability assessments and penetration testing can be expensive, but it’s cheaper than shutting down your business because your customers have lost faith in your ability to provide your service and keep their data secure.”
While it’s inevitable that the threat focus for tech firms revolves around cyber, the insurance options available to these companies cover a much broader range of exposures than cyber alone.
“Our technology liability product blends professional liability, general liability and cyber to provide a comprehensive policy response and limit gaps in cover,” says McGehan.
Cyber is not the only area of tech that’s seen a contraction in insurance capacity. Technology professional indemnity has also taken a hit.
This comes at an inopportune time as the economic outlook becomes less certain, creating the conditions for an increase in legal disputes. Slowdowns generally lead to businesses facing greater risks of increased litigation, especially potential commercial claims due to contract disputes, for example.
This negative factor is exacerbated by stricter regulation around privacy for tech firms. Updates to privacy laws related to the General Data Protection Regulation (GDPR) in the EU or the review of the Australian Privacy Act are some of the rules that New Zealand tech firms need to be across.
Share
Share
Work from home becomes permanent
Not just cyber
Work from home becomes permanent
Not just cyber
Published 24 Apr 2023
Contact Us
Specialty
Best in Insurance
Resources
Risk Management
TV
News
RSS
Sitemap
Contact us
About us
Conditions of Use
Privacy policy
Terms & conditions
People
Copyright © 2023 KM Business Information NZ
Contact Us
Specialty
Best in Insurance
Resources
Risk Management
TV
News
RSS
Sitemap
Contact us
About us
Conditions of Use
Privacy policy
Terms & conditions
People
Copyright © 2023 KM Business Information NZ
Contact Us
Specialty
Best in Insurance
Resources
Risk Management
TV
News
Copyright © 2023 KM Business Information NZ
RSS
Sitemap
Contact us
About us
Conditions of Use
Privacy policy
Terms & conditions
People
FREQUENCY OF WORKING FROM HOME IN NEW ZEALAND
34%
44%
16%
6%
All the time
Sometimes
Once or twice
Never
Source: InternetNZ Insights survey 2022
MOST COMMON CYBERSECURITY INCIDENTS REPORTED
Phishing and credential harvesting
Scams and fraud
MALWARE
Unauthorised access
4,315
(up 16% vs 2021)
2,296
(up 21% vs 2021)
225
(down 88% vs 2021)
931
(up 23% vs 2021)
Source: CERT NZ Cyber Security Insights reports 2022
“New Zealand tech firms typically look to trade offshore to scale up their business. This means they often end up in jurisdictions which can be very different both legally and culturally,” says McGehan.
“It’s important in doing so that they have support from their various service providers to be able to manage those varying requirements.”
Companies that are slow to implement compliance programs for the GDPR data protection regime generally pay the price later with extensive remediation exercises.
Environmental, social and governance obligations are increasingly becoming another area that managers need to keep up with and proactively embed into their business practices.
“Understanding these new and differing obligations is vital for businesses that intend to operate globally,” says McGehan.
“From breadth of cover to just the pure ability to provide cover at all for some risks, the insurance market has been very volatile, with a lot of decisions being made offshore. Finding an insurer who has local underwriting expertise, local decision-making, a large balance sheet and is committed to this industry sector is a great way to navigate that challenge with a sustainable long-term solution.”
Number of cyber incidents reported by type in 2022
“Vulnerability assessments and penetration testing can be expensive, but it’s cheaper than shutting down your business because your customers have lost faith in your ability to provide your service and keep their data secure.”
Not just cyber
IN Partnership with