Login
iscover
Premiums are rising, says HLB Mann Judd specialist, and now price will put insurance against online criminals out of reach for many.
Newsletter
Cyber hack insurance ‘harder to get’ in wake of Optus scam
05 October 2022
•
12 minute read
You’re out of free articles for this month
To continue reading the rest of this article, please log in.
Create free account to get unlimited news articles and more!
Increased cyber security insurance premiums or higher barriers to getting cover will be a direct result of the Optus hack, according to a specialist at HLB Mann Judd.
The outlook for companies hoping to protect themselves against future criminal cyber activity just got bleaker, according to Kapil Kukreja, director – risk, assurance and advisory at the firm in Melbourne, with insurance premiums already on the rise.
“The Optus attack highlighted a major gap in security preparedness as the media reports suggest it was not a very sophisticated attack,” he said.
“The key aspect at the moment is that premiums for cyber security insurance are rising and it is making it very unaffordable for small to medium sized businesses.
“Some of these insurance companies are also denying cyber insurance coverage or heavy restrictions are being imposed.”
The Optus hack late last month compromised the personal details, including in some cases passport, Medicare or driving licence numbers, of almost 10 million customers.
==
==
Mr Kukreja said insurers were now closely assessing the preparedness of companies who wanted cover against hackers.
“Insurers were already looking into the cybersecurity controls and IT systems of organisations that wanted to be insured, and this will only increase in the wake of the Optus attack,” he said.
“They are looking into a company’s risk management processes, cybersecurity controls and other aspects, such as legacy systems, before providing cyber insurance coverage.”
Mr Kukreja said that while cyber insurance could cover a company for tangible financial losses incurred from an online attack, the costs would run much deeper.
“Reputational loss and loss of confidence by customers may continue to plague a company for many years following a cyberattack, as Optus may find out,” he said.
“Companies need to be aware that cyberattacks are a real threat that can significantly impact valuations and share prices.”
The Optus security breach is expected to cost the telco millions of dollars in replacing lost documents and reputational damage to its brand, with criticism for its handling from government.
Last week, Optus took out huge adverts in daily papers apologising.
In future, company boards had to make sure they had an appropriate understanding of cybersecurity risks, Mr Kukreja said.
“Everyone is talking about cybersecurity in the wake of the Optus attack, but in terms of the skill set, boards should have the appropriate knowledge base to provide adequate governance over cybersecurity,” he said.
Hackers were learning how to use artificial intelligence to raid company data and the number and sophistication of cyberattacks had increased dramatically over the past 12 months alone, he said.
The Optus attack highlighted how vulnerable many companies were even against attacks with a low level of sophistication, Mr Kukreja said, while
legislation had failed to keep up with reality.
“Organisations need to see that the risk is a reality and increase their understanding and awareness in terms of cybersecurity.
“Organisations need to implement adequate security systems, including baseline controls suggested by the Australian Cybersecurity Centre.”
You are not authorised to post comments.
Comments will undergo moderation before they get published.