Share this article on:
Global insurance broker Marsh has identified that the cost of taking out cyber cover had doubled on average every year for the past three years, which has contributed to the sharp rise in premiums.
Backed by data from another broker, Honan Group, the 80 per cent rise in premiums in the past 12 months has been determined following a 20 per cent increase in the cost of cover in each of the previous two years.
According to Craig Claughton, a senior executive at Marsh, "cyber has become the new D&O", referring to sharp rises in directors' and officers' insurance premiums since 2018.
According to The Australian Financial Review, Claughton and Honan chief executive Andrew Fluitsma who were hopeful premiums would ease, have now warned insurers would continue to demand companies prove they had strong security systems and policies in place before agreeing to sell them insurance.
"We are seeing signs of improvement, but like D&O, we are not at the end," Claughton said.
There’ll be a number of insurance companies that won’t even look at a business that doesn’t have a bunch of security measures in place, Fluitsma added, warning that, "They’ll just turn around and say, 'we’re not going to insure you'."
The price rise is the result of an increase in the number and size of claims relating to ransomware, where criminals use malicious software to block access to an organisation’s computer system until a sum of money is paid.
Some insurers have also left the market, while remaining players attempted to recoup the cost of underpriced contracts written in previous years.
In the past year, 38 per cent of cyber incident claims in Australia involved ransomware payments, Fluitsma estimated, with the rise in the premiums "mainly due to answer ransomware".
The Australian Cyber Security Centre (ACSC) received more than 67,500 cyber crime reports last year, an increase of about 13 per cent from the previous 12 months, although the true number of attacks is understood to be much higher. About half of all incidents were categorised as significant.
Higher risk for larger companies
The cost of cover is even higher for larger companies because they are considered a greater overall risk.
A small or medium-sized business wanting to buy $10 million of cover would, on average, face a $60,000 premium, up from $33,000 a year ago.
According to Honan, a large company wanting to purchase $20 million of cover would pay about $350,000, up from $194,000 a year ago, Honan said.
Victims of cyber attacks in the past two years include the Sydney headquarters of Nine Entertainment, publisher of Financial Review, which was attacked by hackers in March last year. Around the same time, Taylors Wines was subjected to a cyber attack that temporarily froze an ordering system and crashed the winemaker's email. Logistics firm Toll Holdings, which in 2020 suffered two attacks, included one crippling attack from Russian-based hackers in January that year.
Cyber attacks can be costly because of the reputational damage and the disruption to operations.
In late 2020, a cyber hit forced the collapse of Levitas Capital, a high-performing hedge fund, after an attack triggered by a fake Zoom invitation led its trustee and administrator to mistakenly approve $8.7 million in fraudulent invoices.
Companies are generally reluctant to publicly admit paying a ransom to regain control of their networks, for reputational reasons.
Data from a survey last year by McGrathNichol found that 80 per cent of business leaders surveyed said they would be willing to pay a cyber ransom if they had a crippling attack.
The average amount they would be willing to pay was $690,000, but the average estimated payout was $1.04 million.
Companies should look at a series of security guidelines published by the ACSC, known as the Essential 8, David Tudehope, chief executive of Macquarie Telecom urged, in order to ensure their network systems were as secure as possible and support their efforts to buy insurance.
[Related: Labor to overhaul national cyber security strategy]