Australian businesses can no longer ignore the financial threat posed by major data breaches. Cyber insurance is becoming increasingly relevant to all levels of business in Australia, and you should expect that premiums will soon be affected by conformance (or non-conformance) to a standard set of data security policies.
A serious data breach in your organisation can be catastrophic from a financial perspective. You may lose sensitive business information and see your reputation and level of trust shattered among clients and consumers alike. Cyber insurance provides a much-needed buffer against the loss of cash flow and expense of added security layers following a breach, but here’s the thing – insurance companies don’t like to pay out on their policies. And to make sure that the insurer comes out on top, we predict that we’ll soon see different premiums for different levels of preparedness.
How Will Cyber Insurance be Calculated Going Forward?
Determining the potential cost of cyber threats to insurance companies has been a challenge. Insurer IAG has created a ‘value-at-risk modelling’ project that uses actuarial expertise to put a dollar figure on specific threats. Insurers are of the opinion that data security should be commensurate with the specific value of the information being protected.
Following on from this modelling, we expect to see additional premiums and perhaps even loss of cover for businesses who don’t follow certain security principles. With this in mind, now is an ideal time to ensure your cyber security practices follow agreed-upon industry guidelines, such as the ‘Essential Eight’ strategies listed by the Australian Signals Directorate.
Top of the ASD’s list for information security is Application Whitelisting, followed by a host of other measures such as restricting administrative privileges and imposing multi-factor authentication. Such is the success of Application Whitelisting at reducing malware, however, that we think it will become one of the cornerstones of cyber security over the next decade.
We predict that those firms that implement Application Whitelisting will see the least loading on their cyber insurance cost. Maybe it’s time to familiarise yourself with the service.