BDO partner and national leader of cyber security Leon Fouche said while cyber attacks and data breaches are an increasing concern, selecting the right cyber insurance policy to help manage the risk can be complicated.
“The cyber insurance market is evolving, and due to the lack of reliable data about the cyber security trends in local markets, insurance companies are limited in their ability to develop robust risk modelling for the costs of cyber attacks,” he said.
“They mitigate this by having restrictive terms and exclusions in their cyber insurance policies.”
There are a number of steps businesses can take, he said, to help understand the risks and the cyber insurance coverage required.
“If you are a business owner or key decision-maker, you need to first understand whether cyber insurance is right for your business, and if so, which policy best suits your needs,” said Mr Fouche.
Businesses, he said, need to quantify any risks and model the potential impact they would have on the business.
“For instance, you need to understand what the financial impact is if your organisation suffers a data breach,” he said.
“Then, evaluate cyber insurance policies for those risks you can’t remediate, and select a policy that provides the cover you need. As a final check, you need to validate if the insurance policy will provide you the required cover by looking at cyber attack scenarios to confirm that the policy would respond to claims for those scenarios.”
Mr Fouche said once a policy is selected, it is also vital that businesses implement a security risk remediation program to address the gaps and apply cyber incident detection and response processes that allow effective responses to cyber incidents when they happen.
BDO said it is currently conducting a cyber security survey in collaboration with AusCERT, the Australian cyber emergency response team, to help understand the challenges businesses and organisations face.
AusCERT general manager Thomas King said benchmarking is an important step in getting cyber security right.
“This survey will help to identify current cyber security trends, issues and threats facing businesses in Australia and New Zealand,” said Mr King.