Cyber security health checks at Australia’s biggest companies may not be hugely beneficial to brokers in the short term, but according to a leading cyber insurance broker they’re a step in the right direction.
The voluntary cyber security health checks, which will form part of the Federal Government’s $230m Cyber Security Strategy, will be offered to the top 100 ASX-listed companies and be coordinated by the Australian Securities Exchange.
While the government’s policy focuses on the top end of town, Arthur J. Gallagher’s Branch Manager, Sydney Commercial, Lynette Walsh says hopefully the good practice will trickle down to SMEs.
“The government has clearly recognised that cyber crime is costing the economy a lot of money,” she told Broker Buzz.
“It’s a very real risk and this recent announcement by the government certainly is another reason why brokers can proactively contact SME clients, and not necessarily wait until renewal time.”
Walsh says that while cyber risk policies are still low penetration products, that will change if the government continues to implement education policies.
“SMEs still think having virus protection will keep them safe from cyber crime,” she said. “So when we see the government talk about it and introduce policies, it certainly helps in our conversations with clients. Any opportunity for it to be in the media is good for brokers.”
But Walsh says what brokers really need is the government to produce a report that provides statistics on cyber crime within the SME market specifically.
“Because a lot of the reports – and they’re wonderful reports – predominately research large companies it’s hard to have that real conversation with a SME and provide them with data and figures that represent their risk.”
In the meantime, Walsh says the best way for brokers to sell the risk of cyber crime to SMEs is to use anecdotal evidence.
“It’s a huge risk that has a bigger probability than an office being burnt down by a fire – which everyone insures for,” she added.
“Being able to give them a real story of a client who’s suffered through a cyber loss really helps them identify with it.”
Walsh says the future turning point for cyber crime products will likely be when the government introduces mandatory data breach notification for companies.
“Right now, 43% of entities are not reporting cyber incidents,” she said. “So when we see mandatory data breach notifications introduced, that’s when we’ll be able to support our conversations with real statistics.”