The market for cybersecurity insurance may still be in its infancy in Australia, but the endorsement of a new insurance program by the United States' peak banking association looks set to provide new momentum for insurance efforts in the heavily-targeted banking and financial services industry.
The new cover, called Cyber Cover, has been introduced by ABA Insurance Services - the endorsed insurance provider to the American Bankers Association (ABA). It is built around three core insuring agreements and six optional coverage components, each targeted at a particular area of cybersecurity exposure.
Options for the insurance - which executive vice president for ABA's Community Bank Group Christine Walika said in a statement "addresses one of the industry's greatest needs" - allow additional coverage for electronic funds transfer liability and what the company is calling "actionable post-breach incident response content".
The policy's structure may provide helpful guidance for Australian insurers, who with a few exceptions (including, for example, AIG CyberEdge,Allianz Cyber Protect and CyberSecurity by Chubb) have been slow to integrate cybersecurity insurance policies into their portfolios despite growing demand and recognition that cybersecurity breaches represent real and material risks for all kinds and sizes of companies - and their boards. In the US at least, a court judgement last week ruled that trade-practices watchdog the federal trade commission (FTC) can sue for corporate cybersecurity shortcomings on consumers' behalves.
The exponential rise of cyber risk is of great concern. With more and more businesses falling prey to hackers, there is a general realisation that they need to have the necessary cover in place to protect network security," Aon Broking Australia warned in its recent 1H Australian Insurance Market Update.
"There is a real need for clients to be educated in this area as it does pose a significant risk to going concern....Cyber insurance is likely to be purchased more readily as clients become aware of the reality of the exposure and the cost to their business should an event occur."
A University of Canberra-based Centre for Internet Safety (CIS) analysis warned that conventional insurance policies may not cover cybersecurity breaches. Overseas experience suggests that even many cybersecurity policies may have onerous exclusions that are well worth examining, even as experts warn that vague policies and wide variations in policy structure can limit the use of cybersecurity insurance due to a lack of standardised assessments.
Cyber Cover joins a range of endorsed security-related offerings from ABA partners, including the Guardian Officer anti-fraud tools, governance and compliance management services; InstantID identity verification tools; Patriot Officer transaction monitoring software; vendor risk management; and more.
The addition of cybersecurity insurance to this panoply of endorsed solutions - which also include a range of conventional banking-related insurance products - will give the concept greater visibility within the ABA's membership, which together employ more than 2 million and hold more than $US15 trillion in assets and $US11 trillion in deposits.
Sign up for Computerworld eNewsletters.