Cyber risk under insured in spite of high awareness

The recently released ASX 100 Cyber Health Check Report has found that awareness of cyber risk is on the rise but take up of cyber insurance continues to increase at a slow pace and is reported at only 38 per cent.

Findings in the global Ponemon Institute 2016 Cost of Cyber Crime Study that cyber attacks cost Australian businesses an average of US$4.3 million per incident. 62 per cent of directors say that the level of attempted malicious cyber activity against their company has gone up over the past year and 80 per cent expect a further increase in cyber risk over the next year.

But awareness of the risk is not the same as understanding. 63 per cent of boards say that their understanding of the biggest IT security exposures is limited or non-existent, and only 11 per cent  have a clear understanding of where the company’s key information or data assets are shared with third parties.

Similarly, while the ASX Report suggests that news of the recently passed mandatory data breach notification scheme has found its way into boardrooms, 24 per cent  of companies have still not considered how they will notify customers of a data breach once the new law comes into effect.

Cyber resilience is widely regarded as one of the most significant concerns for the financial services industry. Prime Minister Malcom Turnbull states in his forward ASX 100 Cyber Health Check report, “For Australia to be truly competitive we need to be world leaders. In business. And in cyber security.”

ASX Chairman Rick Holliday-Smith said, “Boards are increasingly ranking cyber risk as a key strategic issue that requires their focus and leadership. They are becoming more aware of the potential for financial and reputational damage from cyber attack. They are also more aware of the opportunities for those who can effectively and safely leverage the digital economy”.

The Australian Securities & Investments Commission’s (ASIC’s) corporate plan identified cyber resilience as a key priority, signalling increased regulatory scrutiny of this issue.

Ongoing priorities and areas of focus for ASIC’s market integrity work in 2017 includes: Firm culture and conduct risk, confidential information and conflicts of interest, technology risk and cyber resilience, and market innovation.