The legislation, which was passed by the senate in February, has opened up another opportunity for insurers, along with other factors, including the rising number of cyber incidents and the urgings of the federal government for organisations to conduct cyber risk health checks.
The legislation provides that organisations and Commonwealth Government agencies must inform the Australian Privacy Commissioner and affected or at-risk individuals of the breach.
Non-compliance could incur civil penalties of up to $360,000 for individuals and $1.8 million for bodies corporate.
Mark Doepel, a partner with Sparke Helmore Lawyers, said insurers have been quick to exploit the fast growing cyber risk market, even as local businesses continue to struggle with understanding the implications of cyber risk, InnovationAus.com reported.
An Insurance Council of Australia (ICA) spokesperson said “cyber insurance is recognised as the fastest growing commercial segment of the Australian market,” with Lloyds saying the demand for cyber insurance rising by 168-fold in the past two years.
“In many ways the insurance market has been very quick to adapt to this emerging risk and to commoditise it and offer a product which provides a degree of protection should you be the recipient of a cyberattack,” Doepel said.
Doepel noted that there isn't a huge of amount of sophistication in Australia, however, around the meaning of cyber risk.
“We are a sophisticated jurisdiction in relation to understanding privacy principals, we still have a long way to go in understanding cyber,” he told InnovationAus.com.
“One source of confusion is that when you use the word cyber it is a big, umbrella term. When you talk about cyber risk you are talking about any number of issues.”
Doepel said the passage of the mandatory breach notification legislation has sparked the interest of many Australian organisations to the commercial risks of cyber risks, the report said.
“This time last year a lot of people were talking about cyber risk and cyber insurance but very few people were buying it.
“Now with the mandatory notification provisions, everyone is interested in what they need to do in response to the risk and what products are available in relation to taking out insurance against this risk.”
He said underwriters seek more and more sophisticated information from clients before they take on their cyber risk.
“One of the things that’s very important is to know when a breach is happened,” he said. “A lot of people just don’t appreciate when a breach has happened so insurers are very keen to educate in that regard.”
‘Serious disconnect’ on major risk
Extent of cyber attacks in Australia revealed
Willis Towers Watson lifts off cyber product for global airlines
An expert on professional indemnity insurance and cyber risk has stated that Australia remains “unsophisticated” in its understanding of cyber risk despite the advent of mandatory breach legislation in the country.