• Support
  • Log In
  • Sign Up
ANZIIF Logo
Go back
Professional Development

Need help with professional development?

Contact Support

View by Kind
Go back
View by Kind
Short Courses Qualifications Skills Units Compliance Webinars Events Articles Videos Activities Whitepapers Ask an Expert
View by Sector
Go back
View by Sector
Claims General Insurance Insurance Broking Reinsurance Risk Management Life and Retirement Income
All Professional Development The Journal Recognition of Prior Learning Your Career in Insurance
Studying with ANZIIF
Go back
Studying with ANZIIF Enrol Academic Calendar Assessments FNS20 Training Package Student Support
For Companies
Go back
For Companies Train your staff Life Insurance Professional Standards General Insurance Claims Handling Framework Reference books Government Training Incentives
Go back
Membership

Need help with your membership?

Contact Support

Member Tools
Go back
Member Tools
Login Become a member Renew or Reinstate your membership
Members Centre - Professional Development
About membership
Go back
About membership
Your Membership Guide Member Levels Benefits Certified Insurance Professionals Digital Badge Member Directory
Scholarships and Awards
Go back
Scholarships and Awards
Australian Industry Awards New Zealand Industry Awards Academic Awards Lloyds Scholarship Turks Bright Light Award ICNZ and ANZIIF Scholarship
Go back
About ANZIIF

ANZIIF is the leading membership, training and professional development organisation for the insurance and finance industry in the Asia-Pacific region. We partner with a broad range of organisations and government to provide services that support professional excellence. We help enhance standards and improve community understanding of insurance and finance.

Overview
Go back
Overview History Boards and Councils Annual Reports Media Governance Corporate Sponsorship Partners Careers at ANZIIF Contact
Community Initiatives
Go back
Community Initiatives
Your Career in Insurance Careers in Insurance Corporate Supporter Making a Difference Awards Donna Walker Awards Life Insurance Professional Standards General Insurance Claims Handling Framework Generation i
ANZIIF Logo
Professional Development Articles
Article
0.25CIP Points

The third-party liability considerations of cyberattacks

Anna Game-Lopata — ANZIIF writer
05 Aug 2022 - Reading time 2 minutes
General Insurance Claims Insurance Broking Reinsurance Risk Management
 The third-party liability considerations of cyberattacks

Joe Fitzgerald, Partner at Wotton + Kearney, knows from experience that getting hacked is ‘pretty terrible’.

‘It’s not something people should have to work through themselves,’ says Fitzgerald, who leads the firm’s Cyber, Privacy and Data Security team.

One of the things Fitzgerald most loves about his job is having the opportunity to help people in the midst of a crisis.

‘I’ve been lucky to be involved in many great cases, but the ones that stick with me most are the ones where you can see you’re helping.’ 

Technology geek

Having always been a 'technology geek', Fitzgerald says he found himself gravitating towards disputes and insurance at the start of his career. 

The two came together in 2016 when he took a year away from practice and completed a Master of Laws in computer and communications law in London. 

He’s been working in cyber and technology liability ever since.

Fit for purpose

As a speaker at the latest ANZIIF New Zealand Cyber Market Insights Webinar, Fitzgerald discussed the constant change he has observed in the cybercrime landscape.

‘Insurers will need to review their offerings regularly to ensure they remain fit for purpose,’ he says. 

‘We see relatively frequent tweaks and revisions to the wordings we work with, and the underwriting approaches adopted.’

Fitzgerald says the reaction to ransomware over the last 24 months has been a ‘case in point’.

‘Insurers around the world have been required to decide how they can address a risk that saw an explosion in very expensive claims,’ he says. 

‘Going forward, I anticipate we’ll see a more forward-looking and robust approach to writing these risks.’ 

Growth in cyber claims

While he can’t point to definitive numbers, Fitzgerald says all the evidence (including what he’s seeing at Wotton + Kearney) suggests the number of cyber related claims are generally growing.

‘There does appear to have been some slowdown around the invasion of Ukraine,’ he says. 

However, pinning down the actual cost of a cyberattack is often very difficult.

‘Insurers will obviously only feel that in so far as the policy responds,’ Fitzgerald concedes. 

‘I would say cases are generally getting more complex. Remediation and recovery costs are certainly going up, as are the costs of conducting privacy and information reviews where data has been exfiltrated.’

Supply chain attacks

Over the last few years Fitzgerald has observed the greater frequency and ubiquity of supply chain attacks.

‘We’ve seen cybercrime hit hundreds, if not thousands, of entities at once,’ he says. 

‘They often leverage zero day exploits (no defence in place at the time of the compromise) and involve relatively poorly executed ransomware attacks.’

This ‘scattergun’ approach means entities of all shapes and sizes can be in the firing line.

Security steps are missing

Outside of these ‘systemic’ attacks, Fitzgerald is seeing more claims involving the infiltration of a third-party or IT provider which failed to implement a particular security step or control. 

‘It seems victims of cybercrime are increasingly willing to point the finger at third parties, even if they have an entrenched relationship with the affected supplier,’ he says.

The focus of Fitzgerald’s presentation at the webinar is third-party liability considerations and risk mitigation tactics insurers and insureds may wish to utilise. 

‘It seems cyber incidents are still viewed as technical IT issues in many sectors,’ he says.

‘The reality is there are a range of third-party factors to account for.

‘My hope would be that people leave the webinar with a few things to think about such as pre-incident preparation and risk management, and post incident third-party liabilities and how they might inform recoveries, including defensive steps that insureds should be taking.’

Search ANZIIF webinars

This is Worth

0.25 CIP Points

Login to Collect Points & Comment
What are CIP Points? About ANZIIF Membership
Your comment has been successfully posted

Comments

Loading comments

Remove Comment

Are you sure you want to delete your comment?
This cannot be undone.

kitchen sink logo
  • About
  • Professional Development
  • Membership
  • Compliance
  • Contact Us
  • Enrol
  • Become a Member
  • Login
  • Privacy Statement
  • Terms & Conditions

© Copyright The Australian and New Zealand Institute of Insurance and Finance Inc. 2021

RTO NO. 3596