Latest News

  • Experience our difference – Steadfast launch new brochure

    13 November 2014 | Chris

    Read about all the services that Asset Insurance Brokers can provide to you, as part of the Steadfast network.

    As part of the Steadfast Group, the largest insurance broker network in Australasia, we have access to services that help us provide our customers with current advice and tailored insurance solutions.

    Find out more about Steadfast and how we at Asset Insurance Brokers provide our customers with strength when you need it.

     

     

  • Cyber Crime: The elephant in the room?

    23 September 2014 | Asset Insurance Brokers

    SOURCE: by Chris Sheedy and David West | Insurance & Risk Professional online

    Cyber crime encompasses almost any criminal activity that can be perpetrated via the internet and computers. Cyber crimes include cyber-stalking, industrial espionage and information theft, fraud, extortion, identity theft, phishing scams and cyber terrorism.

    What is cyber crime?

    Cyber crime encompasses almost any criminal activity that can be perpetrated via the internet and computers. Cyber crimes include cyber-stalking, industrial espionage and information theft, fraud, extortion, identity theft, phishing scams and cyber terrorism. Cyber criminals use malware and viruses, computer and network hacking, denial of service attacks and fraudulent online scams to perpetrate their crimes. They find it relatively easy to access computers and networks inadequately protected by virus software or passwords. They will also directly steal laptops, computers and mobile devices and take advantage of computers that are left unattended.

    Cyber crime costs Australian businesses $4.5 billion annually, yet it remains one of the least insured policy areas. Insurance & Risk Professional delves into a high-risk world that’s up until now being largely ignored by brokers and your clients.

    Earlier this year, Julia Gillard launched Australia’s first national cyber security strategy and announced the establishment of the Australian Cyber Security Centre.

    Australia, the PM said, is “an attractive target for a range of malicious cyber actors” thanks to threats from politically-motivated hackers, as well as criminal networks in nation states.

    It highlights a very serious – and potentially expensive – issue that all Australian businesses are facing right now.

    Yet many are doing very little about the potential damage that can be caused by cyber crime.

    In fact it’s been highlighted by several within the insurance industry as one of the few high-risk areas that is largely ignored by industries and brokers.

    Matthew Clarke, Australasian PI Manager, Financial Lines, Chartis, describes cyber crime as “the most talked about, least sold insurance policy in the market”.

    He said research from ‘Unisys Security Index – Australia, 2011’ revealed that 85% of Australians would stop dealing with an organisation if their data was breached.

    But the PR problems caused by a breach are really just the tip of the iceberg.

    According to a 2011 study commissioned by Symantec, the problem of cyber crime currently costs Australian businesses around $4.5 billion annually in cash and productivity losses. The average cost of a data breach in Australia, Clarke quotes from Symantec’s 2011 Cost of Data Breach Study, is $2.16 million.

    In November last year, computer hackers from a Romanian syndicate allegedly accessed the IT systems of 100 small Australian retail outlets and stole credit card details of over 500,000 customers.

    Losses from the single incident – the biggest theft of credit card data in Australia so far – added up to around $30 million. The probe to bring down the gang involved law enforcement officers from agencies in 13 countries. The Australian Federal Police now considers cyber crime one of its major areas of investigation.

    “The internet is an affordable and effective place for small businesses to sell and promote their goods and services,” says research analyst Alice Hutchings in a paper produced for the Australian Institute of Criminology. “However, the internet also provides opportunities for fraudulent behaviour and unauthorised access to business and client data. Attacks on the computer system of a business can have immediate and ongoing effects, such as targeting customers for identity crimes or infecting website visitors with malicious software. It is contended that small businesses in Australia have been slow to implement security technology and policies that may protect their information systems, making them vulnerable to current and future threats.”

    But it’s not just the organised crime gangs that create such a threat. Beazley’s cyber expert Paul Bantick, who leads the Technology, Media and Business Services team, says that last year six out of the world’s top ten insured cyber breaches came from staff “doing something silly, such as losing a laptop, misplacing a back-up tape, rogue employees etc”.

    Bantick mentions several case studies to illustrate the point. One involved a financial services firm that gave a data back-up tape to a delivery service to take to a secure location. The delivery person’s car was broken into and the tape stolen before it could be delivered. Another involved a hospital that, during a move to new premises, lost a filing cabinet containing confidential patient information. Finally, another breach involved a bank employee regularly stealing customer data and selling it onwards.

    “The result of a breach is enormous cost in terms of legal fees, forensics to find out what happened and the impact, notifications to all potential individuals and clients that could have been affected, the offering of a product such as Data Alert to minimise the damage to affected individuals, the need for call centres to handle queries and complaints and, of course, a PR company to manage media,” Bantick says. “The USA is four to five years ahead of Australia because in America legislation was introduced long ago around what must happen after a breach. The result has been an increase in Beazley’s cyber premiums from zero to approximately $100 million in four years. Australia is quickly realising it must go the same way as the PR damage and crisis management resulting from a breach is the same anywhere in the world and the service levels required are just as complex and vital. Delivering a breach response to insureds is more key than the insurance of liabilities in many cases .”

    However it occurs, cyber crime adds up to a very real and serious threat to Australian businesses. It’s one that relatively few brokers have the knowledge to brief their clients on. Those businesses, therefore, are operating without a level of protection that could well be essential in the current and future technological climate.

    Need To know

    Professor Allan Manning, Managing Director of LMI Group, says brokers must fully understand the business risks to ensure they’re providing the right advice and cover. “This goes for all the risks of the business, not just cyber crime,” he says.

    Brokers must also understand the measures that businesses have already put in place to minimise cyber risk. “Today’s cyber criminals are increasingly clever at gaining undetected access and maintaining an on-going, low-profile presence in a company’s IT environment,” he says.

    “Too many organisations are leaving themselves vulnerable to cyber crime based on a false sense of security, in view of the software they have in place which they believe is protecting them. For example, many organisations focus heavily on foiling hackers and blocking pornography while potential and actual cyber crimes may be going undetected and unaddressed. This has generated significant risk exposure, including exposure to financial losses, regulatory issues, data breach liabilities, damage to brand and loss of client and public confidence.”

    Some industries have far higher risk profiles than others. At the very top of the tree are businesses that collect confidential information on clients, such as those in the banking, finance and health fields. However, any business that sells products to clients or charges them for services, and does so by collecting credit card and bank details, is at risk. But some organisations are better prepared to face that risk than others.

    Kelly Butler, Account Manager, Professional Risks FINEX at Willis Group, agrees that a thorough understanding of the organisation’s current levels of protection is vital to setting a suitable premium. “Look at all of the company’s preventative measures as well as their pre-planned response strategies to a hack or breach,” Butler says. “If a thorough, organisation-wide breach response plan is in place then this is a good demonstration to the insurer that a lower premium is justified.”

    “Other good signs are high levels of data encryption, solid anti-virus programs, laptop and mobile security and monitoring, intrusion detection software, adequate and secure data back-up, utilisation of firewall technology and strong social media policies and management. Many well-publicised events have come from defamation and breach-of-IP issues via social media. Cyber policies can cover such issues.”

    The application for a quotation for cyber cover, in fact, can be a fantastic cyber-health check for any organisation, Butler says. “As it stands the level of information needed when completing the proposal form requires an in-depth look at current systems, policy and procedures and tends to involve a variety of people throughout the business. Managers have often told me that the application process has led to some major changes within the business by helping them identify some security or procedural deficiencies,” she says.

    The Future

    Australia has become recognized as a soft target for cyber criminals, says Clarke. Our organisations are easier to infiltrate because of a past lack of privacy legislation and the lack of preparedness that this brings. But the Prime Minister’s recent announcements point to a major shift in policy and legislation towards a far more secure future. As a result, brokers and insurance clients are becoming far more knowledgeable about, and interested in, the field of cyber cover.

    “Australia has dragged its heels, particularly in comparison with the USA,” Clarke says. “But there is now a drive in some broker groups to skill up in this space. Some brokers are now raising the topic with clients, and many clients are raising the topic with their brokers. The government’s concern is causing many of our clients to become interested in cyber issues.”

    “I think the opportunities offered by this development, for those within the insurance industry, are twofold. First, it is about retention – if brokers aren’t talking about this to their clients then their competitors will be. Second, it is about new business – if you can specialise and become extremely knowledgeable and well-known in the area then you can claim that niche, that space, as your own. Cyber cover is a serious growth area and it’s not one that any business insurer can afford to ignore right now.”

    Case Studies

    These case studies, from Kelly Butler at Willis Group, demonstrate the breadth of cyber issues.

    Retail – A hacker accessed a retailer’s network and stole the personal details of 15 million customers. The retailer incurred significant costs to deal with the breach including forensic costs, notification costs, fines and credit monitoring costs. Liability claims followed.

    Hotel – A hotel group’s point of sale network was hacked and credit card details of six million customers were taken. The hotel experienced high forensic costs to isolate the hack. Additional expenses included mandatory notification costs and fines. The hotel offered all of the individuals two years of credit monitoring services. They also received liability claims for damages from banks.

    Airline – An airline received a Distributed Denial of Service (DDoS) attack, bringing down their online sales platform for 48 hours. The airline experienced a significant loss of revenue during the network downtime plus serious costs in dealing with the issue.

    Financial Services – An employee of a financial services company left a laptop, containing the personal financial details of its clients, in a public place. Costs included the hire of a PR firm, notification of all of the customers affected, setup of an ID theft/credit alert service call centre and credit monitoring services.

    Tips for preventing cyber attacks

    Passwords, email, social networking and out-of date software all provide opportunities for cybercriminals. To prevent attacks:

    1. Protect your computer with both a firewall and an anti-virus program. Keep your anti-virus program up-to-date and remember to renew your annual subscription.

    2. Back-up all important data. Viruses and malware can destroy vital information.

    3. Create a password of more than six characters with a combination of letters and numbers. Do not save the password on your computer or share it with others and change it regularly.

    4. Email is the most likely route for viruses and hackers. Do not open any email attachments from people you do not know.

    5. Use the privacy settings on social networking sites to prevent malicious access to your personal information.

    Pointers from the US

    In 2012 both Australia and the US passed new cybercrime legislation aimed at increasing the level of cooperation and accountability between countries in order to combat cyber crime and intellectual theft and to further bolster the Council of Europe Convention on Cyber Crime. The convention has 34 signatories including the US and Australia.

    On August 2 2012, the US Senate passed the International Cybercrime Reporting and Cooperation Act which has muscular provisions to help improve the capacity of other countries to combat cyber crime. To do this the bill requires US agencies with oversight of cyber crime to report to Congress on the capacities of other countries including the effectiveness of their laws and the measures taken by their government to protect consumers from cyber crime.

    Under the bill the US President will be able to give aid to other countries to give priority to improving the effectiveness and capacity of their legal and judicial systems and the capabilities of law enforcement agencies with respect to cyber crime. The aid will include providing foreign countries with the tools to improve critical infrastructure, telecommunications systems, financial industry, legal or judicial systems, or law enforcement capabilities of that country necessary to combat cybercrime.

    Based upon the report to Congress the President must create an action plan that will assist the government of a given country to improve the capacity of the country to combat cybercrime. The President is then required to meet with the leaders of each country of “cyber concern” to formulate action plans to combat cybercrime. If a country fails to meet an action plan benchmark within one year, the US can opt to block any new financing or loans for the countries in question, restrict trade to the countries in question and restrict foreign assistance.

    Cyber crime – the true cost

    What is cyber crime really costing Australia and the rest of the world? Use these jaw-dropping stats if your clients need convincing of the need for cover against cyber crime.

    In 2012 the cost of cyber crime global was $114 billion annually – $388 billion if you include downtime.

    The annual global cost of cyber crime remediation is $1 trillion

    In 2012 information theft accounted for 44% of total external costs, up 4% from 2011.

    Disruption to business or lost productivity accounted for 30% of external costs, up 1% from 2011.

    There are 556 million cyber crime victims per year, 1.5 million per day and 18 victims per second.

    The total annual cost of cyber crime in Australia is $2 billion, the US $21 billion, Europe $16 billion and China $46 billion.

    The average cost per victim of cyber crime is $197 (Norton)

    Less than 50% of companies have a documented process for handling data breaches.

    73% of (US) companies have not purchased network liability insurance.

    Only 46% of worldwide companies have some form of cyber crime insurance.

    Full article published 5th June 2013 – http://www.insuranceandrisk.com.au/238496df/Cyber_Crime_The_elephant_in_the_room

  • Avoid the pitfalls of management liability claims

    23 September 2014 | Asset Insurance Brokers

    SOURCE: by Fran Molloy | Insurance & Risk Professional 

    Is your client sufficiently covered against management liability claims? Directors and line management staff can all be vulnerable to fines and lawsuits in the course of performing their roles; but there are traps in the products available, so brokers need to understand the implications of different products available.

    Is your client sufficiently covered against management liability claims? Directors and line management staff can all be vulnerable to fines and lawsuits in the course of performing their roles; but there are traps in the products available, so brokers need to understand the implications of different products available.

    Management liability cover is a relatively new class of insurance that is becoming increasingly important for small to medium sized enterprises (SMEs) as Australia’s regulatory framework grows ever more complex.

    “There has certainly been a significant increase in the amount of regulation and legislation that Australian directors and officers have to deal with over the last decade,” says Mike Pryce, who is the Regional Manager, Financial Lines, Chartis Australasia.

    Australia’s Corporations Act (2001) is one of the nation’s largest statutes, running to over 2000 pages. According to the Australian Institute of Company Directors, there are 663 State and Territory laws that impose personal liability on individual directors for corporate misconduct – even where involvement in a breach.

    The Australian Prudential Regulation Authority (APRA) and the Australian Securities and Investments Commission (ASIC) already play a significant role in the conduct of business in Australia. That’s likely to increase, according to Pryce, as the UK and US are even more heavily regulated than Australia in some areas and a tighter regulatory framework is likely. While publicly traded companies usually hold significant directors’ and officers’ liability cover, despite the risks, few smaller entities have such protection.

    “We estimate that between 80 and 85% of SMEs don’t buy any form of management liability policy,” Pryce says. As regulations tighten, these businesses are facing far greater financial risks.

    Costly actions

    Pretesh Patel is the National Underwriting Manager, Professional Liability for Wesfarmers. He says, “In some ways management liability can be more critical for SME businesses rather than their larger counterparts, as smaller businesses may struggle more to absorb the expense of a costly action, which could potentially lead to financial ruin.”

    The hundreds of State and Territory laws that impose penalties on individual directors are dwarfed by the regulatory framework imposed by various industry groups. Businesses operating in the construction industry, for example, must satisfy not just the Building Code of Australia and the Plumbing Code of Australia, but also State and Territory legislation, which will often vary or add to the national codes. Local Government planning by-laws and enforcement activities add to the complexity of the industry regulations.

    “While these covers were once seen as a luxury for large businesses, the heightened corporate governance requirements and regulatory surveillance applying to smaller businesses have made Management Liability a key product for all businesses,” Patel says.

    Getting selective

    While any policy is a good start, Mike Pryce from Chartis says that the insurances that cover the greatest exposures for smaller businesses are crime insurance (which includes first- and third-party theft, as opposed to the first-party only theft of fidelity cover) and employment practices cover.

    “If you’re operating a small business like a florist, with no debt and you own the business, then your directors’ and officers’ exposure is likely to be minimal,” Pryce says. “But if your business grows and you hire a few staff, you increase your risk substantially in respect of Crime and Employment Practice liabilities.”

    The biggest exposure includes employee theft from the company and disputes over employment practices – for example, if you need to dismiss a staff member.Check the wording of the policy to find out if the cover is for legal costs only, or if it covers compensation or fines, he warns.

    Grow the cover with the business

    Grant Cairns is the Financial Lines Manager Australia and New Zealand for ACE Insurance. He agrees that as a business grows, brokers need to ensure that the risks are covered.

    “Management Liability Insurance delivers protection for managers, directors and companies from the legal consequences of unintended errors. For leaders in fast-paced, high pressure roles, it is an important part of the professional toolkit,” he says.

    “Across the market, there are variations in the way management liability insurance works. The critical thing is for policyholders to understand their coverage and the claims handling abilities being offered by their insurer.”

    Exclusions are an area where brokers can be trapped, Cairns says. “For example, insolvency is commonly seen as a standard exclusion.”

    Check the wording

    With some underwriters, technology allows brokers to pick and choose inclusions and exclusions to tailor a policy that covers what a business needs (tempered by what the business can afford to pay).

    Mike Pryce says that tailoring the policy to the business is usually going to be a better option than picking up a standard package, if only to make sure that the appropriate risks are covered. For example, even in the SME market, some businesses will have multinational operations that they want to make sure are covered by more bespoke insurance programs.

    “Brokers need to be careful of the depth and quality of the cover, along with the claims handling service that is provided by the insurer and their policy wording,” Pryce says.

    But while the emergence of Management Liability as a mainstream product has created significant new revenue for brokers, it has also significantly increased the Professional Indemnity exposure of brokers in offering this insurance to their clients.

    These risks have evolved from the initial risk of not offering the insurance to their clients, to ensuring they offer the right cover to their clients. As there is significant variability in the covers offered, it has increased brokers’ PI exposures significantly.

    “This is a huge issue for brokers,” says Damien Coates, Managing Director of DUAL. “One major example is the crime cover offered under these policies, which can vary from a small first-part fidelity cover for stolen money at the narrowest end, through to a broad crime covering first- and third-party theft of both money and property with a significant sublimit owing to the balance sheet exposure for an SME as a result of the crime exposure.”

    Coates says DUAL has seen some very large claims for theft by third parties, including suppliers and customers of property, as well as money. There has also been a number of exotic claims such as the theft of tomatoes, alcohol and even lobsters.

    “Ensuring that brokers have offered their clients a comprehensive cover is arguably a greater PI risk for a broker than not offering the cover at all, such is the complexity of the differing levels of cover available in the market,” says Coates.

    Full article published Jun-Jul 2011 – http://insuranceandrisk.com.au/c42faedc/Avoid_the_pitfalls_of_management_liability_claims