Lloyd’s requirement for cyber war exclusion in Cyber Insurance policies is now a reality

Lloyd’s requirement for cyber war exclusion in Cyber Insurance policies is now a reality

Date

By March 2023, all cyber policies written by Lloyd's Syndicates and Lloyd's coverholders must include suitable war exclusions for losses resulting from state-backed cyberattacks, as announced by Lloyd's in August 2022. With this mandate in mind, the Lloyd's Market Association (LMA) developed four model cyber war exclusions as market standards. These exclusions exclude "cyber operations" and "war", both defined terms in the exclusions. The cyber war exclusion replaces long-standing war exclusions that lacked modern definitions and have become less relevant in the cyber world.

What Happened in the Not-Petya Cyber Attack


What happened in the “Not-Petya” attack in June 2017 best exemplifies the significance of the bystander cyber asset write-back. The US, UK, and Australian governments blamed the Russian military on behalf of the Russian government for the attack, which targeted critical infrastructure in Ukraine. The attack had an impact on some Australian businesses, including Cadbury.
With cyber-attacks on the rise and the lines between government-sanctioned actions and state-sponsored threat actors becoming increasingly blurred, protection for innocent bystander cyber assets is critical.


What is considered a cyber war?


A cyber war is a form of conflict between two or more nations or groups that involve the use of technology, particularly computer networks and the internet, to launch attacks on each other’s computer systems, networks, and infrastructure.

A cyber war may involve a wide range of activities, such as hacking, virus and malware attacks, denial-of-service attacks, and other forms of cyber espionage and cyber sabotage. The goal of these attacks may be to disrupt critical infrastructure, steal sensitive information, damage systems, or gain a strategic advantage over the opposing side.

The term “cyber war” is often used interchangeably with “cyber conflict” or “cyberattack,” but it generally refers to a more sustained and coordinated effort to disrupt or damage an opponent’s computer systems and networks rather than isolated incidents of hacking or cyber espionage.



Does the Australian government have a cyber war fund?


Yes, the Australian government has a cyber war fund known as the Australian Cyber Security Centre (ACSC) Fund. The ACSC Fund was established in 2016 to support cybersecurity initiatives and assist in protecting Australia’s critical infrastructure, networks, and systems from cyber threats. The fund is managed by the Department of Home Affairs and provides financial support for cybersecurity research, development, and education initiatives, as well as for the development and enhancement of cybersecurity capabilities within the government and the private sector. The fund is intended to support Australia’s efforts to defend against cyber threats, respond to cyber incidents, and build resilience against future attacks. Read more https://www.cyber.gov.au/acsc/small-and-medium-businesses

More
articles

What Is the Essential Eight Maturity Model

What Is the Essential Eight Maturity Model

Date

The Essential Eight Maturity Model is a framework developed by the Australian Cyber Security Centre to guide organizations in improving their cybersecurity posture. The model consists of eight mitigation strategies, including application control, patching applications, patching operating systems, privileged access management, endpoint protection, data backup, limiting lateral movement, and multi-factor authentication. The model is designed to help organizations assess their current level of maturity in implementing these strategies and provides guidance on steps to take to improve their cybersecurity posture. The mitigation strategies are considered essential because they can effectively address the most common cyber threats.

The Essential Eight Maturity Model

  1. Mitigation strategies
  2. patching applications
  3. patching operating systems
  4. privileged access management
  5. endpoint protection
  6. data backup
  7. limiting lateral movement
  8. multi-factor authentication

More
articles

Security risks in digital supply chain’s

Security risks in digital supply chain’s

Date

Production and supply chains are constantly yo-yoing in the midst of Covid-19life. From a digital perspective, Cyber supply chains are complex series of interactions across the lifecycle of all products and services used by an organisation. Think every time your business interacts with a supplier, orders from a manufacturer, distributor or retailer there is an inherent risk.

What happens if a one of these interactions or partners are targeted by cybercriminals? Supply chain risk mitigation is an essential component of risk management strategies and information security programs.

The more a business adds to its online ecosystem, the more opportunity cybercriminals have. Digital risks are the unavoidable byproduct of digital life, and when unaddressed, these risks can develop quickly into supply chain threats such as Ransomware attacks, Security breaches, Malware infection, and Intellectual property theft. But the risk for Cyber Supply chains dont stop there.

With many organizations relying on outsourcing to handle at least some aspects of their day-to-day operations, third-party risk should be front of mind. Supplier fraud, or vendor fraud events are becoming increasingly difficult to identify, as fraudsters commonly adopt advanced social engineering techniques, using everything from AI-generated voicemails and Deepfake video recordings. Fraud is still on the rise since its sudden prevalence during the pandemic. Australians have lost over $270,000 to these scams so far this year, an increase of 301%.*

Finally, Data integrity throughout the supply chain is a significant area of security concern. Security measures should ensure all data states are secure. Data encryption practices are especially important between third-party integrations because hackers know that a target’s third-party vendor likely has access to their sensitive data. Earlier this month, Email marketing service Mailchimp revealed a data breach that resulted in the compromise of an internal tool to gain unauthorized access to customer accounts and stage phishing attacks.

Cyber insurance can help cover financial losses to your business, your customers and other parties following a cyber security breach. It is important to understand the PDS of the Cyber policy chosen to ensure you are adequately covered, as not all policies offer protection from all the security risks noted.

Speak to our team to find out how we can assist business owners with peace of mind and protection against cyber-attacks, such as computer hacking, ransomware and data theft. Keep in mind, what is covered and what is excluded will vary between policies, it is important to work with your Cyber Insurance Comparison Broker to ensure your Cyber policy is suitable for your needs.

Article originally shared via Ausure.com.au

More
articles

Could a cyber risks cause disruptions to critical business infrastructure

Cyber Risks to critical business infrastructure

When a scheduled flight of a wide-body airliner is cancelled it can cost the airline up to $43,000. So you can imagine what kind of day executives at LOT, the Polish national airline, were having last year when 20 flights were cancelled after computers that issue its flight plans were breached.

“The aviation industry’s growing reliance on data networks, and onboard computer and navigation networks, is rendering it increasingly vulnerable to cyber risks,” says Erlend Munthe-Kaas of Bloomberg Intelligence. “Airlines rely on computers for almost every aspect of operations. As a result, cyber incidents can have devastating consequences, including business interruption and loss of reputation.”

“There’s beginning to be a shift beginning to educate businesses to see the wider, deeper cyber risks picture that in many cases has gone unacknowledged.”

Think of it as cyber creep. The risks aren’t just about protecting your customer’s data, although that remains important. They are insinuating themselves into every nook of your business, creating the possibility of mass disruption to operations and critical infrastructure. As the world becomes more connected, and businesses rely more on machine-to-machine communication and automated manufacturing, the cyber risks pile up. One day, production might grind to a halt. Critical transactions might not take place. Shipments could be steered to incorrect destinations. Planes might not take off.

(more…)

How to protect yourself from cybercrime

How to protect yourself from cybercrime

While you’re on your phone or laptop, would you like a crash course on cybercrime and how you can be protected? If the answer is no, then you probably already have cyber insurance cover on your business or home. If yes, read on...

What is cybercrime?
Basically, it is identity theft, online scams, cyberbullying and financial fraud, committed via computers or other digital devices.


Who does it relate to?
These numbers tell the story. Maybe you are less exposed if you live in a cave, off the grid in the middle of Australia with no phone and internet. But even then, you have some details recorded on the internet like your Tax File Number, and registered address for your cave…

sourced from Emergence

Even if you take out cyber insurance, what are your responsibilities?
Don’t re-use passwords or share passwords. Make sure to use multi-factor authorisation, like when you get a verification code as an SMS. Aside from that, generally, be vigilant, ensure you’ve installed good anti-virus software on your devices and don’t open links you’re unsure of. We can all do more, but this is a good start

Small business claim example

Compare Cyber Insurance Policies 5 Staff

Compare Cyber Insurance Policies $1M turnover

BACKGROUND

The Insured’s employee inadvertently misplaced a company laptop, which contained a list of 1000 client tax records and credit card details.

OUTCOME

A total cost of $250K was paid for the cost of notifying the affected individuals and the privacy commissioner of the data breach. This also included the costs incurred in retaining a Public relations firm to assist the insured in re-establishing their business reputation. 

Payment: $250,000

Cyber Crime

If you’re reading this article and you’ve never thought about protecting yourself, your family or your business against cyber offences,

Share This Post

More To Explore

News

Lloyd’s requirement for cyber war exclusion in Cyber Insurance policies is now a reality

By March 2023, all cyber policies written by Lloyd’s Syndicates and Lloyd’s coverholders must include suitable war exclusions for losses resulting from state-backed cyberattacks, as announced by Lloyd’s in August 2022. With this mandate in mind, the Lloyd’s Market Association (LMA) developed four model cyber war exclusions as market standards. These exclusions exclude “cyber operations” and “war”, both defined terms in the exclusions. The cyber war exclusion replaces long-standing war exclusions that lacked modern definitions and have become less relevant in the cyber world.

News

What Is the Essential Eight Maturity Model

The Essential Eight Maturity Model is a framework developed by the Australian Cyber Security Centre to guide organizations in improving their cybersecurity posture. The model consists of eight mitigation strategies, including application control, patching applications, patching operating systems, privileged access management, endpoint protection, data backup, limiting lateral movement, and multi-factor authentication. The model is designed to help organizations assess their current level of maturity in implementing these strategies and provides guidance on steps to take to improve their cybersecurity posture. The mitigation strategies are considered essential because they can effectively address the most common cyber threats.

Kochie’s Business Builders Explains Cyber Insurance

Kochie’s Business Builders Explains Cyber Insurance

To help explain cyber insurance, Steadfast have partnered with Kochie’s Business Builders to produce this short explainer video.

30% of small businesses in Australia experiencing a cybercrime incident

Most cyber attacks are caused by human error the average cost of business was a huge $276,000 in 2015 with over 30% of small businesses in Australia experiencing a cybercrime incident

Why do I need it?

If your business has a website or electronic records, you’re vulnerable to cyber hackers. In fact, it’s likely that your business will suffer a cyber attack at some stage. A cyber attack could cost your business more than money. It could also threaten your intellectual property and put customers’ personal information at risk – which could damage your reputation.
Kochie's Business Builders
What usually isn’t covered?

Exclusions and the excess you need to pay can vary greatly depending on your insurer. Policies generally won’t include cover for:

  • Damage to computer hardware
  • Criminal actions committed by you or your business
  • A cyber attack based on facts of which you were aware
  • Criminals using the internet to steal money from you

Compare Cyber Insurance Quotes from leading Australian Insurers like AIG, Allianz, Brooklyn Underwriting, CGU, Chubb, Dual, Emergence and Zurich.

 

Compare Cyber Insurance

1300-Insure

Please note Cyberliabilitycomparison.com.au Insurance News is an information service sometimes provided by third parties Insure 247 Australia doesn’t warrants the accuracy of any information contained there in, readers should make their own enquiry’s before relying on information in the stories Terms of Service

Compare Australian Cyber Insurers

Please note that any advice given has been provided without taking into account your objectives, financial situation or needs. It is also based on information we have obtained from you. You must ensure the information is accurate and complete. Otherwise, this advice may be based on the inaccurate or incomplete information. You should consider whether the advice is appropriate in light of your objectives, financial situation and needs

Cyber Insurance Know Cyber Risk

cyber-risk

Cyber Insurance Know Cyber Risk

We live in a modern, connected world and from our computers at work, to our laptops, tablets, phones and even our TVs, we’re vulnerable online.

While it’s easy to think you would never be the victim of a cyber-attack, studies are showing that it is happening more and more every day, which is why we’ve put together these resources on how you can protect yourself, your family and even your business online.

Trolls and Trojans – thievery in the digital age

In the vast world of the online there are things you need to do to keep your information safe.

Cyber Insurance

Did you know that almost seventy per cent of Australian businesses have experienced a cyber-attack in the last 12 months? With technology being so important to the way we work and with more attacks predicted in the near future, cyber insurance isn’t just a nice-to-have, it’s a necessity.

Cyber insurance for small businesses

Information for small business owners on cyber risk and cyber insurance.

Privacy and your business

Some information on how the new Privacy Act will affect your business.

5 ways to protect yourself online

Some helpful hints to protect your personal information when online.

7 Ways to hack proof your password

Here are seven tips on how to make your internet passwords stronger.

Learn how to keep track of your digital footprint

Information on how to protect yourself online.

Don’t put up with cyberbullying

Info on how to beat the cyber bullies.

How can you keep your kids safe online?

Information on how to keep your children safe from online predators.

10 Silly things people do with their smartphones

How many silly things do you do with your smartphone?

BYOD is not just a BBQ buster

Tips on how to prevent security issues with your mobile device.

Five tips to protect yourself from webcam hackers

Stop hackers from breaking into your home while not even there.

Social media – it’s harmless…right?

The pitfalls of social media, and how you should protect your privacy.

Cyber Security. Evolved.

This short video highlights how in less than 300 seconds you can experience the speed and intensity of a cyber attack.

Other resources cyber risk

Find more information on cyber security at:

Source knowrisk.com.au

Do you need to know more about Cyber Insurance speak to one of Insure 247’s brokers on 1300 046 787

1300-Insure

Cyber Risk

Please note Cyberliabilitycomparison.com.au Insurance News is an information service sometimes provided by third parties Insure 247 Australia doesn’t warrants the accuracy of any information contained there in, readers should make their own enquiry’s before relying on information in the stories Terms of Service

Compare Australian Cyber Insurers

Please note that any advice given has been provided without taking into account your objectives, financial situation or needs. It is also based on information we have obtained from you. You must ensure the information is accurate and complete. Otherwise, this advice may be based on inaccurate or incomplete information. You should consider whether the advice is appropriate in light of your objectives, financial situation and needs

3 steps you can take to manage cyber risk

Manage cyber risk

Internet usage continues to rise across the globe. Along with this, comes an increase in cyber-crime, which according to a report by Mcafee, is estimated to have cost the global economy USD$445 billion in 2013 . In Australia, the cost is estimated at 0.08% of GDP per year, or approximately AUD$1.28 billion. The Mcafee report attributes this partly to the fact that, ‘Cybercrime produces high returns at low risk and (relatively) low cost for the hackers.’

In addition to taking out cyber insurance, businesses can proactively mitigate the cyber risk and a cyber-attack by undertaking a range of measures including:

  • Implementing business-wide cyber-risk management
  • Seeking external specialist advice
  • Identifying the type of data that needs to be secured

Don’t just leave Cyber Risk to IT

Cyber-risk management should not only be considered the domain of the IT department. It affects the entire business and from the board down, the business needs to think about how to manage that risk and how to develop contingency plans if something does go wrong.

Seek external specialist advice
The increasing variety and sophistication of cyber-crimes mean that independent specialist external advice on securing systems is essential for businesses. It is very rare that a business will have sufficient internal resources to address this problem fully both prior to and certainly following the loss.

Identify the type of data that needs to be secure
Firms should conduct an audit of their network to ensure sensitive records have an appropriate level of security. Companies in the business of dealing with sensitive financial that hold personal information including name, address, date of birth – the very kind of data that could be the target of an attack.

 

Cyber Insurance

Allianz currently offers cyber insurance for the top end of the market through AGCS and we are working on the release of a cyber insurance product tailored specifically to the needs of SME customers. We expect to make it available to the market by the end of the year.
1 Reference

Source allianzinsight.com.au

Speak to one of Insure 247’s brokers on 1300 046 787

Please note Cyberliabilitycomparison.com.au Insurance News is an information service sometimes provided by third parties Insure 247 Australia doesn’t warrant the accuracy of any information contained therein, readers should make their own inquiry’s before relying on information in the stories Terms of Service

Cyber Insurance Comparison

Please note that any advice given has been provided without taking into account your objectives, financial situation or needs. It is also based on information we have obtained from you. You must ensure the information is accurate and complete. Otherwise, this advice may be based on the inaccurate or incomplete information. You should consider whether the advice is appropriate in light of your objectives, financial situation, and needs

Cyber Risk

 

Cyber risk is bigger than an IT issue

Cyber risk is bigger than an IT issue

One thing is becoming clear about cyber risks: the problem is much bigger than any organization’s information technology department.

Background

My background as an IT leader and information security professional before I joined XL Catlin gives me a good vantage point on how businesses can make the mistake of thinking that cyber risk begins – and ends – with their technology operations. Regardless of a company’s size and resources, IT operations play a critically important role in cybersecurity. But the total cost of cyber risk affects the entire enterprise, and a cyber incident frequently causes problems that no IT professional, however talented, can solve.

Business continuity, third-party liability, reputational damage and regulatory compliance – those are beyond the purview of IT. A well-run IT department can minimize downtime and get systems back up, which is critical. The value of data and the cost of a disruption, however, are ultimately determined by the data owners in the business operations. While a system shutdown can be catastrophic for some organizations, business interruption and data recovery insurance are available to mitigate that risk. Regulations regarding cyber security are evolving, and insurance is available to manage that uncertainty too.

But the business itself must communicate with its employees, customers, investors and perhaps regulators, after an incident. If a data breach has occurred, a forensic investigation and notification of affected parties are likely required. A strong, unified message is critical to convey, and that is best delivered with the help of senior executives and crisis communication professionals. One of the valuable benefits of cyber insurance is access to expert resources, from PR to forensics to IT specialists, who can quickly come in to assist.

The complexity of responding to a cyber incident and communicating with stakeholders are strong reasons to have a team, such as an executive control group. The composition of such a team depends on the size of the entity and the nature of its business. In larger organizations, it likely will include enterprise risk management staff as well as C-level leaders, such as the chief technology or chief information officer. For smaller and midsize organizations, the team might include the general counsel, chief operating officer and the head of IT, for example. Regardless of the specific titles, the functions that need to come together to discuss cyber risk include risk management, operations, IT, legal, marketing and communications. Ideally, a cyber risk steering committee or group is convened to ensure that all relevant areas of the organization are represented and kept informed. The job of managing cyber risk shouldn’t fall to one person, however; a cyber risk team can ensure that the entire organization understands the risk and adjusts procedures accordingly.

It’s important to think about cyber insurance as similar to property or commercial general liability – as a form of protection that your organization needs to continue operating.

Midsize companies have particular challenges when it comes to cyber risk. Often they have fewer IT resources, which makes them attractive targets for cyber attacks. Statistics on cyber attacks bear this out. The 2015 Cyber Claims Study from risk assessment firm NetDiligence found that 71% of cyber claims came from organizations with less than $2 billion in revenue, and 56% came from those firms with less than $300 million.

Many midsize companies also have contractual requirements with bigger organizations that increase their need for high cyber insurance limits. Based on their own perceived exposure, a midsize organization might not think it needs to purchase a lot of cyber insurance coverage, but that situation can change if a business relationship requires it. The lesson here is to look closely at your business and all risks relating to your systems and networks. How long could your firm afford to remain offline, if a cyber incident disrupted your IT operations? Could your company lose revenue or customers if that happened? Would you be able to meet your obligations to business partners?

There is a lot to understanding and managing cyber risk. A team approach is a good way to cover the bases, as well as working with expert resources and strong insurance partners to help protect your business.

About the Author

Sean M. Donahue is assistant vice president and underwriter, Cyber and Technology Insurance, at XL Catlin.

Source XL Catlin

1300-Insure

Please note Cyberliabilitycomparison.com.au Insurance News is an information service sometimes provided by third parties Insure 247 Australia doesn’t warrants the accuracy of any information contained there in, readers should make their own enquiry’s before relying on information in the stories Terms of Service

Compare Australian Cyber Insurers

Please note that any advice given has been provided without taking into account your objectives, financial situation or needs. It is also based on information we have obtained from you. You must ensure the information is accurate and complete. Otherwise, this advice may be based on inaccurate or incomplete information. You should consider whether the advice is appropriate in light of your objectives, financial situation and needs

Are Home Networks a Cyber Risk for Your Business?

Are Home Networks a Cyber Risk for Your Business?

It’s not uncommon for staff to take home a company laptop and connect it to their domestic network. That network may be protected by a firewall but internally it is still vulnerable. For example, other devices may be connected, such as family members’ PCs and smartphones, as well as smart TVs, DVD recorders, child monitors, CCTV systems, and even fridges. All of these are capable of being hacked.

Infections From Other Networks

A company laptop may become infected by a virus initiated from another network-connected device. There have been cases of someone else, perhaps a child, using the laptop to surf the Internet unsupervised and allowing the machine to be infected by malware. The staff member then unwittingly spread the infection when the laptop was reconnected to the company network.

The same can apply to smartphones that are connected to both home and company networks.

Cyber Risk from smart TVs and other domestic wi-fi-capable devices

The manufacturers of smart TVs and other domestic wi-fi-capable devices do not usually update their software outside that model’s maintenance cycle, so older devices will not get updates at all. Any infection will spread though the home network.

The best way to avoid contaminating a company network is to insist that strong anti-malware software is installed on every device that may be connected.

Staff should also be encouraged to run two separate networks on their routers. One network should then be used exclusively for the company laptop or smartphone; the other for everything else.

Source: Steadfast

[pardot-form id=”489″ title=”Cyber Insurance”]

Cyber Insurance ComparisonPlease note that any advice given has been provided without taking into account your objectives, financial situation or needs. It is also based on information we have obtained from you. You must ensure the information is accurate and complete. Otherwise, this advice may be based on inaccurate or incomplete information. You should consider whether the advice is appropriate in light of your objectives, financial situation and needs