Mr Fluitsma said: âThere will be a number of insurance companies that won’t even look at a company that hasn’t put a bunch of safety measures in place. They’ll just turn around and say, “We’re not going to insure you.”
Ransomware is rampant
The main reason for the price hike is the increase in the number and size of ransomware claims, where criminals use malware to block access to an organization’s computer system until a amount of money is paid.
In addition, some insurers left the market, while the remaining players tried to recover the cost of undervalued contracts written in previous years.
Over the past year, 38% of cyber incident claims in Australia involved ransomware payments, Mr Fluitsma estimated.
“[The rise in the premiums is] mainly due to response ransomware,â he said.
Cyberattacks have increased sharply in recent years.
The Australian Cyber ââSecurity Center (ACSC) received more than 67,500 cybercrime reports last year, an increase of around 13% over the previous 12 months, although the actual number of attacks is well higher. About half of all incidents were classified as significant.
Higher risk for large companies
A small or medium-sized business looking to buy $10 million of coverage would, on average, face a premium of $60,000, up from $33,000 a year ago, Honan said.
The cost of hedging is even higher for larger companies as they are considered a bigger overall risk.
A large company wanting to buy $20 million in coverage would pay about $350,000, up from $194,000 a year ago, Honan said.
Among the victims of cyberattacks in the past two years is the logistics company Toll Holdings, which suffered two attacks in 2020, including a crippling attack by Russian-based hackers in January of the same year. In March last year, the Sydney headquarters of Nine Entertainment, publisher of The Australian Financial Review, was attacked by hackers. Around the same time, Taylors Wines fell victim to a cyberattack that temporarily froze an ordering system and blocked the winemaker’s email.
In late 2020, a cyber coup forced the collapse of highly successful hedge fund Levitas Capital after an attack triggered by a fake Zoom invite led its trustee and administrator to mistakenly approve $8.7 million worth of fraudulent invoices .
Companies are generally reluctant to publicly admit to having paid a ransom to regain control of their networks, for reputational reasons.
But a survey conducted last year by McGrath Nichol found that 80% of business leaders surveyed said they would be willing to pay a cyber ransom if they suffered a crippling attack. The average amount they would be willing to pay was $690,000, but the estimated average payment was $1.04 million.
David Tudehope, managing director of Macquarie Telecom, said businesses should review a series of security guidelines published by the ACSC, known as Essential 8, to ensure their network systems are as secure as possible. and support their efforts to purchase insurance.