Reinsurance pool eyes cyber terrorism cover

Cyber terrorism will be on the agenda of the government terrorism reinsurance agency, the Australian Reinsurance Pool Corporation (ARPC), as part of its tri-annual review.

ARPC, the statutory government body dealing with terrorism-related insurance claims and protection, says cyber terrorism is the biggest black hole in the insurer’s framework, and it is an increasing threat.

Michael Pennell, ARPC’s Chief Underwriting Officer, noted that most Australian businesses rely on their computer systems to run their daily operations and many buy cyber insurance to cover loss of data. However most cyber policies exclude acts of terrorism.

“ARPC wants to ensure the scheme addresses terrorism risk that may not be covered by the market, yet could threaten the Australian economy. For this reason, we think including cyber risk should be considered in the 2018 Triennial Review of the ARPC scheme.

“If cyber terrorism is excluded, many businesses could be exposed to losses from these acts and may be unable to purchase reasonably priced insurance with adequate coverage,” added Pennell.

What is ‘cyber terrorism’?

According to Pennell, cyber terrorism is an act of terrorism which uses computers or involves cyber-crime and fulfils the definition of terrorism as defined in the Australian Criminal Code 100.1.

The ARPC, which acts as a reinsurer after incidents are officially declared a terrorist event by the Federal Treasurer, only recently extended the scheme to cover high-rise, high-value residential buildings worth more than A$50 million (US$38 million). That was an area of the insurance market where there was little or no insurance cover available.

ARPC provides back-up insurance coverage for 220 insurance companies around the world that cover major commercial and infrastructure assets in Australia. The companies must have deductibles of between A$100,000 and A$10 million per insurance contract before they can turn to the ARPC for back-up insurance for claims above these levels if an event is declared a terrorist event under the legislation.

And what are the implications if cyber terrorism is included in the scheme?

“We are currently working through what legislative or regulatory changes may be needed to include cyber terrorism in the ARPC scheme, but, at this stage, it appears that necessary changes to the regulations would be minimal,” says Pennell.

What action should brokers take?

Pennell encourages brokers to continue doing what most diligent brokers consistently do: “Identify risks specific to their clients’ operations and then research the insurance market to assess whether there are products that fulfil their clients’ needs. They should also recommend appropriate risk mitigation measures to minimise their client’s exposure to cyber-attacks.”