Kiwi companies are underestimating the risks of cyber attacks, even though there's a growing number of incidents as threats become more sophisticated and targeted, says a commercial insurance expert.
New Zealand SMEs in particular have been slow to include cyber insurance in their business protection plans, but are also more likely to be at risk due to a lack of IT support and the increasing frequency of attacks, says Jonathon Gillham, Apex Insurance special risks team account director.
“Only around one in every 300 (0.3%) businesses in New Zealand are estimated to have cyber insurance,” says Gillham.
“The majority of those that do have protection are large companies or companies that operate in the software industry who are very aware of the dangers,” he says.
However, Apex Insurance says there is a real risk for any company that holds an electronic database with client information or operates an email system.
“A database could be hacked and private information can be accessed such as credit card details of all the customers.
“In terms of emails, a virus could be spread from a company’s email system, and that company could be liable for the damage that does to others’ systems,” says Gillham.
“Obviously some businesses have much more to lose in this regard than others. For example, if a patent attorney was to be hacked, the losses for intellectual property stolen could be in the millions,” he says.
While large companies usually have IT services on hand to ensure virus protection software is up-to-date and cyber security is as tight as possible, SMEs often don’t spend money on cyber defences or have specialist support on call which puts them at greater risk, says Apex.
In response to this, Apex says it’s becoming more common for cyber insurance to be included as part of a management liability package for businesses.
Apex says there are two main types of cyber insurance in New Zealand.
The first is for business interruption, which will cover lost revenue for the days when a company is unable to trade, and the cost of IT specialists needed to fix problems caused if a cyber attack occurs.
The second is liability cover, which protects a company in the event that a hacker obtains personal data such as credit card information, and the company then has to cover clients’ costs for replacements.
While cyber insurance is fairly new in New Zealand, there have already been some substantial claims made, according to Apex.
“There have been a handful of claims in the hundreds of thousands of dollars range. It’s not on the scale of the US, where there have been some claims in the tens of millions of dollars, but it is happening,” Gillham says.
“People assume we aren’t a prime target here, but one local digital advertising company we are aware of is attacked once a week by hackers they have traced to Korea.
“All they can do is keep upgrading their security to try and stop them getting in,” he says.