Number crunchers are urging the Federal Government, businesses and insurers to close cyber protection gaps that are costing the Australian economy billions of dollars.
The risk experts of the The Institute of Actuaries released research on Wednesday showing the vulnerability of organizations, from small businesses to large enterprises.
“Sitting around and doing nothing should not be an option when cyberattacks cost the Australian economy $33 billion last year,” said institute president Annette King.
The report’s lead author, Win-Li Toh, found that only one in five (20%) small and medium-sized businesses had cyber insurance, compared to up to 70% for large businesses.
And yet, 75% of ransomware attacks in 2021 targeted businesses with less than 1,000 people.
Prime Minister Anthony Albanese told the Federal Parliament that the Optus breach, which revealed details of nearly 10 million customers, should be “an absolute wake-up call for Australian businesses”.
Australia clearly needs new laws governing data collection and security, he told Question Time.
Ms Toh said that with government support for skills, guidance and better regulation, a deeper and better informed cyber insurance market could do more than provide payouts when the first line of defense fails. .
“It can also strengthen that frontline, offering clear signals and incentives to companies – in the form of eligibility, pricing and information sharing – on best practice standards,” she said. .
With Russia’s invasion of Ukraine adding to the risks, another concern for companies is declaring acts of cyber warfare as excluded from insurance coverage.
The global insurance market recently issued instructions to underwriters on the exclusion of liability for losses resulting from any state-sponsored cyberattacks.
Cyber risk was already rising to unprecedented levels around the world, with ransomware attacks more than tripling in two years.
Ransomware is a form of malicious software, or malware, that can lock computer users out. Hackers then demand payment in exchange for restoring access to data and systems.
In recent years, the targets of ransomware attacks in Australia have ranged from logistics giant Toll Group to hospitals in Victoria.
“The accessibility of ransomware as a service, combined with the development of cryptocurrencies allowing untraceable payments, has accelerated the growth of cyberattacks,” Ms. Toh said.
“This has brought more organizations of different types and sizes under the growing net of cybercriminals to the point where it is now clear that no business is immune.”
But government departments are far from minimum cybersecurity standards and many companies are also falling short, she warned.
“To these challenges are added the escalation of cyber losses which have reduced the appetite of insurers for this class, a significant shortage of capacity to provide the levels of protection necessary in the market and increases in premiums to two or three numbers over the past two years,” Ms. Toh said.
Former Home Secretary Karen Andrews has proposed new cyber extortion laws so that cybercriminals who use ransomware face an increased maximum sentence of 10 years in prison.
Attacks on critical infrastructure such as telephone networks would carry a maximum sentence of 25 years in prison, under the bill which she reintroduced in Parliament this week after failing to pass it through the government.