July 2024 Market Update – Cyber Liability Insurance

16 July 2024
Cyber Liability, Market Update

Cyber Liability premiums remain stable as newer market entrants establish themselves and diversify market share, maintaining favourable conditions for buyers. The cover offered by cyber policies has expanded, with some insurers broadening their service offering to include network monitoring as part of the policy coverage.

Proposed reforms to the Privacy Act 1988 (Cth) together with greater enforcement powers to the OAIC will see more regulatory action brought against more organisations, not only those in the public eye.

The majority of cyber claims (by frequency) trigger the ‘first-party’ section of a traditional cyber policy. Following the proposed reforms, it is expected that the regulator and affected third parties will be more inclined to lodge complaints and bring claims for compensation arising out of identity theft and breaches of privacy/data.

Insurers will look more favourably upon those businesses that proactively demonstrate cyber risk resilience. To reiterate which measures should be considered, we refer to the ‘Essential Eight’. The Essential Eight steps to prevent and mitigate cyber security incidents are a good starting point and have been formulated by the Australian Signals Directorate (ASD) and the Australian Cyber Security Centre (ACSC). They are as follows:

  1. Creating, implementing and managing a whitelist of approved applications.

  2. Implementing a process to regularly update and patch systems, software and applications.

  3. Disabling macros in Microsoft Office applications unless specifically required. Training employees not to enable macros in unsolicited email attachments or documents.

  4. User application hardening by ensuring web browsers are configured securely to block malicious content. Only using necessary browser extensions and keeping them updated.

  5. Restricting administrative privileges to those who need them.

  6. Setting up automatic updates for patching operating systems.

  7. Using strong, unique passwords and enabling multifactor authentication.

  8. Conducting daily backups of critical data and isolating backups from your network.

Other key measures which should be taken include:

  • Regular risk assessments

  • Utilising an endpoint detection and response (EDR) solution deployed across all endpoints

  • Creating a well-defined incident response plan

  • Cyber awareness training/simulated phishing attacks for employees.

Continue reading our full range of market updates here:

For more in depth market updates by product class, profession and industry, please see our individual reports below:

Workplace Risk
Executive & Professional Risk
Construction

Stay informed with our latest articles

* indicates required

Search Articles

Articles & Resources

Recent Posts
© 2021 Bellrock Broking Pty Ltd
ABN 68 122 809 830 AFSL 310 545
and Bellrock Advisory Pty Ltd
ABN 78 611 143 410 AFSL 520 281
All Rights Reserved.
This website contains general information and does not take into account your individual objectives, financial situation or needs. Any advice contained in this website is General Advice.
Before acting on any of the information included in these articles you should consider whether it is appropriate to your particular circumstances, alternatively seek professional advice.
[ 29.10.2021 ]