With cybersecurity attacks spiraling into billions, ABIE’S webinar on cybersecurity and cyberinsurance on Wednesday, September 16, was well timed.

Posing the question “How Safe is Your Business?” the speakers’ response was a resounding “Not enough”.

The event was organised by ABIE, in association with the OECD, and brought together three leading specialists: Greg Medcraft, Director of Financial and Enterprise Affairs, OECD,  Rogier Soer, Head of Cyber and TMT Europe AXA XL, and Alice Dalgleish, Cybersecurity consultant, Anaya.

Guests were welcomed by Dr Alex Robson, Australian Ambassador to the OECD, who introduced the speakers and also made the closing remarks.

Greg Medcraft opened the subject with some startling statistics on the transformation of business. E-commerce in the EU, he said, has doubled in 10 years, with intangible assets accounting for almost 85% of the market value of the largest companies in the S&P500.

Yet while property and liability insurance coverage is almost 100%, stand-alone cyber insurance reached just 40% in Europe, and 20% in Australia, despite the fact that attacks are becoming more frequent, with costs that spiral into the hundreds of millions.

“There is a huge uninsured exposure for business, and a constantly changing risk environment”, he explained.

“The use of digital tools and the effectiveness of security practices is continually evolving. This makes it difficult to quantify policyholders’ exposure, which has led insurers to be cautious about the amount of coverage they provide.”

He warned that gaps remain that could have real implications for the resilience of businesses, which in turn could affect the wider economy.

Rogier Soer pointed out that companies were increasingly taking up cyberinsurance, citing cyber attacks as among the five top business concerns. Especially worrying was the boom in home working due to Covid 19, with financial institutions particularly vulnerable.

Ransomware, estimated at $US 1 billion globally last year, is likely to explode to $20 billion in 2021. With 45% of attacks targeting small to medium sized businesses,  “it is not if a company could get hacked, but when.”

Premium costs, he said, depended on the risk quality evaluation, deductible levels, the industry and the limit of indemnity. “But cyber security is all about people, training and awareness.”

Cybertechnology consultant Alice Dalgleish said she fully agreed. Asked what was the weakest link in protection, her answer was one word. “Human. People can be unaware, careless and/or naïve.”

“The core of security is organisation and human best practices.  If you follow the rules, most of the time hackers can’t get in. For example, one person clicking on an email without verifying the source can allow a virus to spread throughout the organisation.

“Insurance will encourage businesses to be compliant with both the regulatory framework and security management.”

Summing up, all agreed that cybertheft would increase dramatically as working from home became accepted as the new norm, calling for more personnel training and consideration of insurance as a tool to both protect from losses and drive better security practices.