The broking and consultancy service provider said the rise of cloud computing and social media, combined with increased obligations to protect personal information, requires organisations to allocate greater commercial and risk management attention to cybercrime.
Aon Financial Specialties managing director Jenifer Richards said that despite this, many businesses “seem slow to understand the mounting imperative to take action”.
Ms Richards said the protection of data will only become increasingly important if the Privacy Amendment Bill is passed since it will require businesses to notify customers of serious data breaches.
“Combined with recent amendments that include greater accountability for organisations and significant penalties for privacy breaches, cyber security is having an increasing impact on businesses,” said Ms Richards.
She said organisations need to ensure they have the adequate measures to address network security and privacy risks ranging from systems and processes on the IT front in relation to harvesting, storing and disseminating information through to controls around personnel access.
Specialist cyber insurance policies, Ms Richards believes, are also important for organisations since they can cover expenses such as “immediate crisis management, forensic analysis, the reparation of computer systems and any loss of income resulting from the incident”.
“Third-party costs such as customer compensation and any legal expenses can also be covered by cyber insurance and potentially save companies millions should they be subject to a breach or attack,” she said.
According to Aon, there are a number of gaps in conventional insurances that leave businesses vulnerable to network security and privacy risks.
General liability, material damage and property policies for instance often do not extend to intangible assets or losses caused by non-physical perils such as viruses or hackers, and crime policies do not cover third party property such as customer data, said Aon.
Aon also noted that many insurance policies “have defined geographical coverage limitations”.
Ms Richards said ASIC is also urging businesses to establish risk management systems to ensure adequate levels of resilience in the event of a network breach, with ASIC chairman Greg Medcraft describing cybercrime as the next “black swan event” at the ASIC annual forum.
