Q&A with Principal Robert Crittenden:
What technology risks are emerging and what are the implications for insurers?
A: Emerging technology risks include cyber attacks and data breaches; software malfunctions in commercial settings; mobile internet and cloud data solution vulnerabilities; information/data that has been lost, stolen, disclosed, destroyed or corrupted; and cyber outsourcing (i.e. outsourcing data handling to third party providers).
Industry relies on technology to streamline work processes and increase output. In many industries, technology is now performing tasks previously performed by people. Insurers should expect to see claims arising from, for example, computer malfunctions, failure to update software and human error interacting with new technologies. Industries where claims have previously arisen purely from human error will now face risks arising from the integration of technology into their business.
Cyber breaches may also raise breach of privacy issues and breaches of confidentiality. Businesses might have a liability in negligence or contract for failing to protect personal information against cyber attacks. Insurers and insured businesses both need to be aware of where liability will fall in the case of a cyber attack.
What impact could cyber risk have on traditional insurance cover?
A: Traditional insurance policies may not cover the unique risks arising from cyber attacks. Directors and officers and professional indemnity policies might not adequately cover company officers and professionals for their liability in the event of a cyber attack. Furthermore, property damage policies could exclude claims for loss of or damage to electronic data.
What can we do to prepare?
A: In May this year Gumtree notified all of its users that their details had been hacked. It seems almost every week we read about a corporation being hacked or subject to a cyber attack of some form. So the Australian Government’s $230m cyber security strategy can only be welcome news, although some say it is merely catching up to the rest of the world. One of the initiatives receiving coverage is the voluntary “cyber security health check” offered to the top 100 ASX listed companies.
Those in governance positions in any organisation with an online presence must prepare by placing an audit of their cyber security high on the agenda and ensure they continually monitor cyber resilience. Further, careful regard must be had to the adequacy of cyber insurance coverage. There is no doubt cyber attacks will only continue to rise and while the government is taking steps towards improving cyber security, ultimately the private sector has a vested interest in protecting itself via good cyber risk management strategies and adequate insurance coverage.
Q&A with Principal Nevena Brown
A recent PwC paper on healthcare (“Australia can see further by standing on the shoulders of giants”, August 2016) focusing on the move to digital healthcare states, “Improved models of care are required to meet the challenges healthcare systems face globally and in Australia… Digital healthcare will play a central role in enabling these changes”. How could the apportionment of liability shift in relation to future claims in the health sector?
A: As institutions start implementing systems to streamline and coordinate the provision of services of healthcare providers (including sharing of patient data), institutions may be apportioned greater liability if there are deficiencies in those systems. Exposures that need to be addressed in risk management strategies include privacy and confidentiality obligations regarding access to and use of patient sensitive data, which involves data security processes, and assurance of complete and current data, particularly if any system is an “opt-in” system.