• Support
  • Log In
  • Sign Up
ANZIIF Logo
Go back
Professional Development

Need help with professional development?

Contact Support

View by Kind
Go back
View by Kind
Short Courses Qualifications Skills Units Compliance Webinars Events Articles Videos Activities Whitepapers Ask an Expert
View by Sector
Go back
View by Sector
Claims General Insurance Insurance Broking Reinsurance Risk Management Life and Retirement Income
All Professional Development The Journal Recognition of Prior Learning Your Career in Insurance
Studying with ANZIIF
Go back
Studying with ANZIIF Enrol Academic Calendar Assessments FNS20 Training Package Student Support
For Companies
Go back
For Companies Train your staff Life Insurance Professional Standards General Insurance Claims Handling Framework Reference books Government Training Incentives
Go back
Membership

Need help with your membership?

Contact Support

Member Tools
Go back
Member Tools
Login Become a member Renew or Reinstate your membership
Members Centre - Professional Development
About membership
Go back
About membership
Your Membership Guide Member Levels Benefits Certified Insurance Professionals Digital Badge Member Directory
Scholarships and Awards
Go back
Scholarships and Awards
Australian Industry Awards New Zealand Industry Awards Academic Awards Lloyds Scholarship Turks Bright Light Award ICNZ and ANZIIF Scholarship
Go back
About ANZIIF

ANZIIF is the leading membership, training and professional development organisation for the insurance and finance industry in the Asia-Pacific region. We partner with a broad range of organisations and government to provide services that support professional excellence. We help enhance standards and improve community understanding of insurance and finance.

Overview
Go back
Overview History Boards and Councils Annual Reports Media Governance Corporate Sponsorship Partners Careers at ANZIIF Contact
Community Initiatives
Go back
Community Initiatives
Your Career in Insurance Careers in Insurance Corporate Supporter Making a Difference Awards Donna Walker Awards Life Insurance Professional Standards General Insurance Claims Handling Framework Generation i
ANZIIF Logo
Professional Development Articles
Article
0.25CIP Points

Risk mitigation on the agenda as insurers see a spike in cyber claims

Susan Muldowney — ANZIIF Writer
27 Sep 2021 - Reading time 4 minutes
Claims General Insurance Insurance Broking Risk Management
Risk mitigation on the agenda as insurers see a spike in cyber claims

In May this year, Colonial Pipeline paid hackers a USD4.4 million ransom to end a cyberattack that halted US fuel supplies from Texas to New Jersey. 

One month later, meat processing company JBS Foods paid USD11 million to a criminal network after a cyberattack froze its global operations.

These are just two high profile examples of the rise in cybercrime since the global pandemic began. How is cyber insurance responding?

GROWTH IN INCIDENTS

This is one of the questions to be addressed in an upcoming ANZIIF webinar, ‘Cyber Capacity and Claims. 

Hosted by cyber experts from Marsh — Nicole Pallavicini, Managing Principal, Cyber, and Fiona Fong, Cyber Incident Management and Claims Lead, Pacific — it will include unique insights into cyber insurance and the challenges and opportunities the Australian market presents.

A recent report by the Australian Institute of Criminology estimates the economic impact of pure cybercrime in Australia at approximately AUD3.5 billion in 2019, with that figure looking set to rise since COVID-19 hit last year.

The Australian Cyber Security Centre received one cybercrime report every eight minutes over the 12 months to 30 June 2021.

‘We have seen is an increase in the severity and frequency of ransomware events, which is really affecting insurers from a global perspective,’ says Pallavicini.

‘The global market has been hit relatively hard from these large ransomware events and, here in Australia, we have had some large-scale incidents as well.’

CONSIDERING PORTFOLIO REMEDIATION

Pallavicini says the growth in cyber incidents has caused insurers to consider remediation of their portfolio.

‘That may include reduction in line sizes, increased retentions, or pressure on premiums.

And, in some instances, it may include coverage restrictions, such as supplements for ransomware or co-insurance for ransomware as well where organisations are not meeting insurers minimum requirements.’

When Pallavicini began her career in insurance in 2011, cyber insurance was barely on the radar.

After completing a Bachelor of Business and Commerce, she joined Aon where she worked primarily with financial institutions and professional services clients.

FOCUS ON CYBER

She moved to Marsh in 2018 to focus on cyber insurance, while maintaining her connection to directors’ and officers’ insurance and professional indemnity insurance for large financial institutions.

‘I was passionate about cyber insurance and what we can do for a lot of our clients who, over the course of the last couple of years, have not necessarily struggled with cyber risk, but have certainly needed assistance from an education perspective,’ she says.

At the time, Australia was a much softer market with a degree of client hesitancy about purchasing cyber cover.

‘Clients didn't quite understand its value and how it could help them, it was still quite in its infancy here in Australia,’ she says.

‘You would hear of large losses from a global perspective, and maybe smaller incidents from an Australian perspective, but there were few-to-no major cyber claims that I had personally experienced back then. That's obviously changed.’

PAIN POINTS

Pallavicini says Marsh has recorded almost a 50 per cent increase in claims in the first half of 2021, compared to the same time period in 2020.

Ransomware attacks have dominated the headlines in recent times, and Pallavicini says systemic risk exposures are beginning to impact insurers.

‘There are a number of cyber risk controls that organisations should have in place, which can result in pain points for the insurance market if they’re not implemented,’ she says.

‘For example, from a global perspective, there are certain insurers unable to provide quotation terms to an organisation that does not have multi-factor authentication rolled out across all remote access vendors, contractors, backups in the Cloud and so forth.

‘There's also an increased focus now on vulnerability and patch management in relation to managed service provider incidents,’ Pallavicini adds, ‘which incorporates the use of correct releases of patches as part of a suite of adequate controls from vulnerability.’

‘Locally, some insurers are now considering ways they can mitigate exposure, whether by applying higher waiting periods or deductibles, where organisations may outsource services to a managed service provider.’

MITIGATING RISK

Pallavicini recommends that brokers take time to educate clients about cyber risk and mitigation, as well as establishing claims protocols.

‘We undertake self-assessments for organisations, to understand what their strengths and weaknesses are from a risk maturity perspective,’ she says.

‘We have created tools to get a more granular level of understanding of risk controls, what the impacts may be from a threat actor perspective, and how to remediate them.’

Marsh conducts ransomware workshops with clients to increase their awareness. It also helps them to map out whether or not to engage with a cyber threat actor, should an incident occur.

‘A lot of the work that we do is around preparedness for a cyber incident,’ says Pallavicini. ‘We also spend a significant amount of time working with the clients from  policy inception, to really prepare them for cyber claims,’

‘We work through claims protocols and do some onboarding work with them to get the right vendors on-boarded for when an event occurs.’

MANAGING CLAIMS

With cyber claims increasing across the Marsh portfolio, attention has turned to smooth claims management processes. Fiona Fong leads the cyber incident response and claims team and works closely with the wider cyber team as soon as an incident arises.

‘When we’re notified of a cyber incident, we set up a briefing call with the client to ascertain what is occurring,’ says Pallavicini.

‘At that point in time, we're also engaged with incident response managers to assist in the triage of the incident, and then bring in relevant third parties to assist from an IT forensics perspective.

‘We also have regular briefing calls with insurers, because it's really important that they come on the journey as well,’ adds Pallavicini.

‘Ransomware, for instance, is a crisis for organisations. It can be quite exhausting, so we do whatever we can to assist them throughout that journey. The incident response panel that's afforded under the insurance policy provides meaningful value to a lot of clients.’

EDUCATION IS KEY

During the ANZIIF webinar, Pallavicini and Fong will provide an overview of the state of the cyber market, how insurers can help client prepare for incidents, and the value of cyber insurance policies.

‘We do a lot of work educating brokers who sit outside of cyber about what the threat landscape looks like, how to talk to clients about it and tips for mitigation,’ says Pallavicini.

‘Given that travel is restricted now, the industry can’t bring in international talent, so we need to build up local talent from a cyber perspective, regardless of whether it’s at Marsh or at one of our competitors.

‘We really want to educate colleagues from our peer organisations about what we're being faced with from a cyber perspective, so that they can educate their clients, because the education is critical.’

This is Worth

0.25 CIP Points

Login to Collect Points & Comment
What are CIP Points? About ANZIIF Membership
Your comment has been successfully posted

Comments

Loading comments

Remove Comment

Are you sure you want to delete your comment?
This cannot be undone.

kitchen sink logo
  • About
  • Professional Development
  • Membership
  • Compliance
  • Contact Us
  • Enrol
  • Become a Member
  • Login
  • Privacy Statement
  • Terms & Conditions

© Copyright The Australian and New Zealand Institute of Insurance and Finance Inc. 2021

RTO NO. 3596