Australian insurance companies are forced to restrict requirements when insuring companies against cyberthreats. Now business management must prove they have taken preventive measures in order to reduce risks of cyberattacks. Very often cybersecurity of their enterprises is at a low level because it is funded residually.
These same managers think that cybersecurity insurance will protect them from all negative scenarios connected with cyberattacks. As a matter of fact, in case of financial losses induced by ransomware or confidential data theft insurance companies only pay out a small compensation declining part of responsibility. This happens because of increase in the number of cyberattacks using ransomware and growing ransom sums. In the USA in the first quarter of 2020 alone they grew up by 400%.
Considering exponentially growing risks insurance companies have no choice but increase premiums and decrease payout limits. In 2020 it led to insurance price rise by over 30% in the US and 20% in Australia.
This is why companies that do not eliminate cyber risks and do not inform about ransomware attacks they have already experienced will be denied insurance.
Besides that, the Department of Home Affairs is going to amend the current law according to which company management will bear personal responsibility for cyberattacks. It is the management that must eliminate the company’s vulnerabilities against possible cyberthreats and make sure that their insurance company will reimburse the damage from cyberattacks.