Cyber breaches and attacks in major Australian cities could cost the economy up to US$16 billion, according to Lloyd’s, the world’s specialist insurance and reinsurance market.
With businesses of all sectors and sizes dependent on digital technology, it is essential that firms now ensure they have appropriate risk mitigation strategies and coverage in place to help them manage a cyber-attack, as it is increasingly a case of when – not if – a breach will occur.
A joint Lloyd’s and Cambridge University study has found that of the world’s 301 major cities, Sydney has the 12th most GDP at risk from cyber-attack, with $5 billion of GDP at risk from 2015-2025.
Lloyd’s global CEO Inga Beale said: “Dealing with the reality of a cyber-attack is critical for businesses of all sizes and sectors. It’s not just for banks to worry about – it impacts retailers, travel and hospitality firms, education and healthcare providers, and any business with proprietary information worth protecting."
"Where a decade ago people would talk about preventing a cyber-attack, the reality is firms will be subjected to attacks. The issue is how you mitigate against that,” Beale said.
“We are living in a world where people carry a globally-connected supercomputer in their pocket and almost every important work document is stored in the cloud, on servers or online."
"The result is an explosion in the potential for cyber risk. The latest series of high profile data breaches is just the beginning. With the emergence of the Internet of Things the potential for cyber risk is enormous."
“This is where insurance can play a critical part. Not only are we there to assist financially, we can also provide advice and assistance on how to manage the risks and respond to them."
“Lloyd’s has seen the amount of cyber insurance being purchased in Australia increase 168-fold (16,828%) in the last two years, as more and more businesses seek to protect their balance sheets from this emerging threat.”
In the US, regulations have put the onus on businesses to protect their systems and approximately 25%of businesses now have cyber insurance. Such is the emphasis now placed on managing cyber risk in the US that even small businesses take out cyber insurance cover.
Whilst Europe is six or seven years behind the US in this regard, that looks like it is about to change; in 2018, the EU is introducing the General Data Protection Regulation (GDPR). This will have implications for any Australian business holding European customer data.
“The European Union General Data Protection Regulation means that for the first time any company holding European customer data will be required to disclose data breaches to national data protection authorities and, where warranted, affected individuals,” Beale said.
“As the risks around us become increasingly man-made, understanding exposures and the impact they will have on the global economy has never been more important for business and governments right across the world.
“Managing cyber threats requires a joint effort between government and businesses to protect the economy and the individuals within it. An important part of that is information-sharing. For insurers that is critical, as we need to understand the risk to be able to price it and provide protection,” Beale said.
The Australian Government recently confirmed that “foreign spies” hacked into the Australian Bureau of Meteorology to steal sensitive documents.
In addition, according to the Australian Cyber Security Centre, government systems were subjected to 1,095 cybersecurity incidents considered serious enough to warrant an operational response in the past 18 months. A PwC survey last year found a 109% increase in detected security incidents in Australian companies, compared to a 38% global average.
The Australian Government last week introduced mandatory data breach notification laws into parliament for the fourth time. The proposed legislation requires companies that have been breached and lose personal details, tax file numbers, medical records or credit card information to report the incident and notify affected customers.
According to The Lloyd’s City Risk Index 2015-2025 the global GDP at risk of cyber-attack is A$385 billion.
In Australia, the risk is measured at more than $16 billion spread over our six major cities:
· Sydney ($4.86 billion)
· Melbourne ($3.87 billion)
· Brisbane ($2.05 billion)
· Perth ($1.83 billion)
· Adelaide ($1.01 billion)
· Canberra ($2.80 billion).