How big could the next cyber breach be?

  • By the source below
  • 18 Jul, 2017

Insurance Business Mag 15.07.17, Jordan Lynn

Cyber risk and insurance is top of mind for both insurance businesses and the wider business community following the recent WannaCry and Petya ransomware attacks.

According to one cyber expert, things could be about to get a whole lot worse for the insurance industry.

Search and compare product listings for Cyber insurance from specialty market providers here

“It’s exceptionally likely that we will see an event over the next months that will seriously affect insurers,” Graeme Newman, chief innovation officer at CFC Underwriting, said, according to Bloomberg .

“It would only need a combination of WannaCry’s wide reach and Petya’s destructive force to cost cyber insurers something like $2.5 billion, or a full year of gross premium income in the market.”

Speaking after the Petya attack, Fergus Brooks, Aon Australia’s national practice leader for cyber risk, said that he believes attackers are “just flexing their muscles” in terms of the damage they can cause as he fears attackers may have something bigger planned.

“I still think that these things are not being realised to their full potential,” Brooks told Insurance Business .

“I still hold by my assertion that the first one [Wannacry] was a shot over the bow and I think this one [Petya] they have just gone, ‘I bet there are still some machines out there so let’s do it’.”

As awareness of cyber risk and insurance continues to grow in the wake of these global attacks, so too does the exposure insurers face.

As a new insurance market, cyber payouts have so far been limited but Thomas Seidl, an analyst at Sanford C. Bernstein, in London, told Bloomberg that this limitation may soon disappear.

“Sooner or later we will see a billion-dollar cyber claim and the insurance market is well positioned to absorb that,” Bernstein said.

“Everybody has exposure to cyber risks and the best precaution can’t eliminate that, so there is a strong demand for insurance, making cyber coverage by far the biggest opportunity for non-life insurers for the next years.”

By the source below 07 Aug, 2017
General insurer Virginia Surety will refund more than 500 customers over $330,000 in premiums, ASIC has said.

The insurer will offer refunds and will have a condition placed on its Australian financial services licence, for improperly selling consumer credit insurance policies.

From June 18, 2013 to December 31, 2015, Virginia Surety sold consumer credit cover, a bundled add-on which includes both life and general insurance, to customers taking out loans at car yards in Queensland and New South Wales.

Search and compare insurance product listings for Financial Institutions from specialty market providers here

ASIC found that the insurer had stated that the life cover in the add-on policy was underwritten by TAL Life, without TAL’s permission, leaving customers at risk that claims could be rejected even for paid policies.

ASIC placed a condition on Virginia Surety’s AFSL so the firm has to refund the life premium paid by affected customers and engage an independent external compliance expert approved by ASIC to review compliance practices and report to the regulator.

Peter Kell , ASIC deputy chair, said that consumers should have confidence when purchasing insurance cover that claims will be recognised.

“The fact that Virginia Surety was selling this insurance without the life insurer’s approval indicates serious deficiencies with its compliance,” Kell said. “We have put all insurers in this market on notice that they need to change their practices and ensure they are properly considering the interests of consumers.”

TAL has agreed to honour the life cover for those consumers with impacted policies and pay claims even though consumers will receive a refund from Virginia Surety.

By the source below 07 Aug, 2017

On one of the television channels special report shows they had an session last week (May 2017) criticizing the insurance industry including a broker over damage to a vehicle that had been insured for only third party property damage.

This form of cover is risky in itself as there is no cover for damage to the vehicle when the driver themselves is at fault and or if it is damaged whilst parked and the person that hit the vehicle does not leave an honest note. Further there is no damage for weather perils or if the car catches fire or is stolen.

Having said this there are fire, theft and third party property damage covers available, but they are still not as good as comprehensive.

I do not know the circumstances of the matter and cannot comment as to why the other vehicles insurer is not coming to the party. There may be an exclusion such as  drink driving, unregistered vehicle, or the vehicle may have been un-roadworthy. it is possible that the insurance may have expired. These are all risks you take when you do not have full comprehensive insurance.

In addition to remind people of this issue I also want to again warn that there are a lot of unscrupulous firms preying on unsuspecting people. They typically focus on people in the lower socioeconomic community. This group of course can least afford to be caught up in the scam financially and often do not have the training or experience to know how to fight the fraud.

What we have seen is such a person, end up with a repair bill of say $10,000, plus a hire car bill of over $25,000, kindly provided by the scammer, when the damaged car has a net value after salvage of say $5,000.

This is becoming a major problem in Australia, along with staged accidents, dodgy repairs. It was great to see arrests reported a little while back on fake injury claims and I know the insurance industry is throwing a lot of resources on building the case against many others as well.

The sooner the better as it sickens that any one is caught by scammers but particularly those who are already victims and can least afford it.

Any journalists out there please be careful of the companies you inadvertently promote in your programs and please go back after a few months and ensure that the whole thing has had a good ending for the innocent party.

By the source below 07 Aug, 2017

The great promiseof autonomous vehicles , aside from saving you from the tyranny of commuting, is their ability to save lives by replacing stupid humans with intelligent computers. But these cars, at least in the short-term, could make driving riskier because people don't yet understand the technology or just how it works.

British auto insurance companies call this "autonomous ambiguity," and it is not an abstract issue. Automakers like Audi, Cadillac, Mercedes-Benz, Tesla, and Volvo already or will very soon offer vehicles that do some of the driving for you. In a new white paper, the Association of British Insurers argues that drivers don’t understand the limitations of these semi-autonomous systems, and believe their car is more capable than it really is.

“This risk of autonomous ambiguity could result in a short term increase in crashes,” said Peter Shaw, CEO of Thatcham Research which collaborated on the report.

As magical as it may seem to sit in a luxury sedan as it zips down the highway without any assistance from you, these semi-autonomous systems remain somewhat basic. They combine adaptive cruise control to main a safe following distance and automatic lane keeping to keep the car within its lane. Such systems typically require clearly delineated lane lines, reasonably good weather, and, most crucially, driver attention in case something goes awry.

Dire warning aside, the British insurers “strongly support” vehicle automation, arguing that artificial intelligence will reduce accidents and save lives. Some 40,000 people died on US roads last year, and the figure is rising .

But the technology's early days worry the researchers. Systems differ, as do their capabilities. Automakers have varying ideas on how best to implement the technology, and because there are no standards, drivers can't be sure how a particular system works. And it's not like automakers are in a rush to explain what these semi-autonomous systems can't do—their flashy adverts typically highlight how clever they are.

With that in mind, the Association of British Insurers suggests a simple, two-stage, classification for cars—assisted or automated—and says international regulators should get on board. Under its proposal, an "automated" car is capable of driving itself in virtually all situations, come to a stop safely if it cannot drive itself, avoid every conceivable crash, and continue working even if something in the system fails.

Few people expect the automotive industry to reach that level of autonomy at a large scale for at least another decade. And that means just about every vehicle with any kind of autonomous tech will be labeled "assisted." That may seem like a small distinction, but the idea is to remind drivers that the car is not fully in control.

The Insurance Institute for Highway Safety in the US agrees about the looming problem, but says terminology isn’t going to fix it. The automakers must find ways of ensuring that drivers understand they must be alert and ready to take the wheel. “They need to make sure the technology keeps the drivers engaged,” says IIHS President, Adrian Lund. “Just putting it in the owner’s manual won’t work.”

Automakers are taking heed. After Joshua Brown died when his Model S sliced under a truck that turned across his path in Florida in May 2016, Tesla modified its AutoPilot system with increased visual and auditory cues when drivers take their hands off the wheel for too long. Mercedes-Benz offers a similar trick with its Drive Pilot, although it can be confusing to use .

Cadillac takes things a step further with its Super Cruise , which the automaker calls the first truly hands-off semi-autonomous system. It monitors drivers using a camera behind the steering wheel to ensure they're looking up at the road, not down at their phone. It also engages only on divided highways.

The day is coming when your car is a better driver than you are. But until that day, consumers must remember that semi-autonomous vehicles are not infallible. Anything that automakers–and regulators—can do to remind them of that will only make everyone safer.


By the source below 07 Aug, 2017

Cyber breach could kill your business, Lloyd's warns

As sophisticated cyberattacks increasingly target businesses, the world's specialist insurance market is warning them to be properly prepared or face significant financial losses that could kill their business.

According to Lloyd's report, titled “Closing the gap – insuring your business against evolving cyber threats,” businesses face the rising threat of ransomware, such as last month's Wannacry and the recent Petya attack, distributed denial-of-service attacks, and CEO fraud.

The study, which was made in partnership with KPMG and DAC Beachcroft, cited Lloyd's underwriter Beazley , for instance, as having seen a fourfold increase in ransomware attacks on its customers from 2014 to 2015. It also predicted that this number will double this year.

Study findings also revealed that financial services firms are the most targeted by organised cybercrime, and named retail as another sector that's seeing increasing cyberattacks.

Oil and gas, meanwhile, can fall victim to espionage and occasional high-end disruptive attacks as they find themselves caught in national politics, the study said.

The study also revealed the susceptibility of the public and telecommunication sectors to espionage-focused cyberattacks.

Commenting on the study findings, Lloyd's CEO Inga Beale stressed the need for adequate protection against looming cyber threats.

“The reputational fallout from a cyber breach is what kills modern businesses. And in a world where the threat from cybercrime is when, not if, the idea of simply hoping it won’t happen to you, isn’t tenable,” she said.

“To protect themselves businesses should spend time understanding what specific threats they may be exposed to and speak to experts who can help handle a breach, minimise reputational harm, and arrange cyber insurance to ensure that the risks are adequately covered.

“By reacting swiftly to mitigate the impact of a cyber breach once it has occurred, companies will be able to minimise the immediate costs and their exposure to subsequent slow burn costs,” she said.

Matthew Martindale, director in KPMG 's cyber security practice, also cautioned businesses to prepare against a breach's long-term damage: “Dealing with things like reputational issues and litigation in the aftermath of a breach, can add substantial costs to the overall loss. Businesses really need to start thinking about the cyber risk holistically rather than one that is currently very short sighted.”

This sentiment was echoed by Hans Allnut, partner and head of cyber & data risk at DAC Beachcroft, who said businesses should not only focus on immediate business impact, which he said “may only be the tip of the iceberg,” but also legal consequences which could take months, even years to deal with.

“Once notified, it is not uncommon for regulatory investigations to take more than a year before they reach a conclusion, “ he said. “Subsequent litigation can take even longer, particularly because the law surrounding data security and privacy is a relatively evolving area. In one UK data protection case, it took three years and a failed appeal before the litigation was finally settled.”

By the source below 18 Jul, 2017
Cyber risk and insurance is top of mind for both insurance businesses and the wider business community following the recent WannaCry and Petya ransomware attacks.

According to one cyber expert, things could be about to get a whole lot worse for the insurance industry.

Search and compare product listings for Cyber insurance from specialty market providers here

“It’s exceptionally likely that we will see an event over the next months that will seriously affect insurers,” Graeme Newman, chief innovation officer at CFC Underwriting, said, according to Bloomberg .

“It would only need a combination of WannaCry’s wide reach and Petya’s destructive force to cost cyber insurers something like $2.5 billion, or a full year of gross premium income in the market.”

Speaking after the Petya attack, Fergus Brooks, Aon Australia’s national practice leader for cyber risk, said that he believes attackers are “just flexing their muscles” in terms of the damage they can cause as he fears attackers may have something bigger planned.

“I still think that these things are not being realised to their full potential,” Brooks told Insurance Business .

“I still hold by my assertion that the first one [Wannacry] was a shot over the bow and I think this one [Petya] they have just gone, ‘I bet there are still some machines out there so let’s do it’.”

As awareness of cyber risk and insurance continues to grow in the wake of these global attacks, so too does the exposure insurers face.

As a new insurance market, cyber payouts have so far been limited but Thomas Seidl, an analyst at Sanford C. Bernstein, in London, told Bloomberg that this limitation may soon disappear.

“Sooner or later we will see a billion-dollar cyber claim and the insurance market is well positioned to absorb that,” Bernstein said.

“Everybody has exposure to cyber risks and the best precaution can’t eliminate that, so there is a strong demand for insurance, making cyber coverage by far the biggest opportunity for non-life insurers for the next years.”

By the source below 18 Jul, 2017

At Austbrokers Coast to Coast we are always looking for tools to assist our clients to minimise their risk. A claim is not always the best result and, even though we can put cover in place to protect you against lost stock and machinery breakdown - sometimes prevention is the best measure!

Maxichill Refrigeration and Air Conditioning Specialists have kindly supplied the following information on a device that monitors your cold rooms over 24 hours 7 days a week and prevents you arriving to work the next day to a disaster!

This not only keeps your business running but prevents multiple claims damaging your claims history and pushing your premiums up or, at worst, resulting in uninsurable items.


FRIGBOT Info Guide

Frigbot is designed to work with all major electronic refrigeration controllers such as Carel, Dixell and Eliwell.

 

How it works –

Your refrigeration is at your command with Frigbot. With immediate access to all the information from anywhere you know exactly what is happening at all times. You even receive alerts so your equipment can call you when it's in trouble. Download the free companion app to have your Frigbot's information in your pocket.

Frigbot is a system of  new business methods that connects refrigeration companies to fridge owners creating great value for our valued and future customers

 

Features –

Cloud Based:

Apple of Android Based APP

With Frigbot there is no software to download, no backups and no configuration issues with your PC or Mac. Why? Because it’s all in the cloud.

We do all the backups and take care of all the other tricky stuff like security and updates. Super easy. Always on. It’s the new way to do business.

 

Reports:

Frigbot collects the operational data from your equipment and presents it in an easy to read graph. This can not only tell you the current status of your equipment but the Frigbot report* can tell you what was happening yesterday, or last week, or however long you want to go back. It’s your very own crystal ball that provides compliance documentation and is an essential tool for fault finding and troubleshooting equipment malfunctions. The Frigbot reports can also be used as a tool to predict equipment faults (maybe before they happen).

 

Configuration:

With Frigbot you can log in and update your configuration anytime you like and from anywhere you have internet access. But the  magic doesn’t stop there because Frigbot also has an incredible and unique backup feature that saves all your settings - so when you need to replace a faulty controller you can download and restore your  last known working configuration . This is unique to Frigbot and a genuine labour saving efficiency.

 

Alerts:

When refrigeration equipment breaks it can be a disaster: spoilt food and loss of trade sales (plus the emotional and financial stress of the whole event) and the only person who can solve the problem is usually the very LAST person to get involved. That’s the old way of doing business!

The  NEW way alerts MAXICHILL Refrigeration FIRST . This simple alert triggers faster response and quicker repairs that mean less down-time. When there’s a breakdown the focus is all about turning the situation around as fast as possible and keeping any disruptions to a minimum.

 

Technical Info –

Frigbot has the ability to measure electrical current in real time. This is a more advanced feature but essential if you need the operational status of refrigeration equipment. If you measure electrical current  you can remotely determine if a compressor has a potential fault - this is a huge time saver for a busy refrigeration mechanic.

Diagnostic and activation information is presented automatically on the low-power ePaper display.

The Frigbot uses the cellular network to send refrigeration status and configuration information to our cloud servers. No need for any Wi-Fi connectivity, use your Frigbot’s anywhere that a mobile phone works!

 

                                    MAXICHILL REFRIGERATION & AIR-CONDITIONING

                                    Ph: 0419 102 754

                                    Email: info@maxichill.com.au

                                    ABN: 85 041 779 812

                                    ARC: AU31134

                                    BSA: 1271764


By the source below 18 Jul, 2017

The Australian and New Zealand Institute of Insurance and Finance ( ANZIIF ) has announced the nominees for its annual awards.


In the small broking company of the year category, Austbrokers Coast to Coast, Remingtons Insurance Brokers and Simplex Insurance Solutions make it two nominations in a row – with Austbrokers Coast to Coast hoping to secure an award-winning double.

In the medium broking company category, Adroit Insurance Group will look to retain their title, as they face off against GSA again.

In the large broking category, last year’s winner Aon goes up against Marsh and Insurance Advisernet.

“With 106 submissions received this year, these awards recognise the outstanding performers and high achievers in the industry and the positive impact our industry has on the community,” Prue Willsford , CEO, ANZIIF said.

Last year’s underwriting agency of the year PetSure faces competition from CHU and NTI whilst, in the large general insurance company category Allianz , CGU , QBE and Suncorp are all nominated.

Small-medium general insurance company of the year sees both RAA and RACT nominated.



By the source below 18 Jul, 2017
In an important decision by the Fair Work Commission (FWC), the FWC has decided to insert a provision for the conversion of casual employment to full-time part-time employment into all Awards. The decision was part of the FWC’s 4 yearly review of Awards. 

Some awards already contain a casual conversion provision. For those Awards that don’t, the FWC will insert a clause that allows casual employees to convert their casual role to the full-time or part-time position. There are about 85 such Awards.

The FWC decided that the conversion to full-time/part-time employment should become an entitlement after a casual employee completes a qualifying period of 12 calendar  months of casual employment on an ongoing regular basis.

The ACTU had argued for a 6 month qualifying period. A further qualification is that the work performed by the casual employee can be performed by a full-time or parttime employee without significant adjustment to the pattern of work hours.

An employer can only refuse to convert the casual employment to full-time/part-time employment if:
  1. doing so would require a significant adjustment to the hours of work; or
  2. the employer can foresee that within the next 12 months, the casual employee’s position will either cease to exist, or the hours of work will significantly change or be reduced; or
  3. there is another reasonable ground, based on reasonably foreseeable facts.
In addition, the clause will require employers to provide the casual employee with a copy of the casual conversion clause in the Award within the first 12 months of the casual employee’s initial engagement.

The FWC decided to include the casual conversion clause in all Awards to remedy what it held to be the detriments associated with long-term casual employment. These detriments, the FWC held, are inconsistent with the objective of all Awards, namely to provide a fair and balanced safety net for employee. The detriments identified by the FWC were:

1. a lack of career path
2. diminished access to training
3. poorer health and safety outcomes
4. a diminished ability to obtain loans from financial institutions
5. a tendency to still attend work when sick
6. an increased reluctance to take recreational leave (due to concerns about ongoing employment if they do)
7. an incapacity to attend to personal carer responsibilities; and
8. the potential for a sudden loss of regular work without proper notice or adjustment payment.

In a further aspect of the decision, the FWC noted that some Awards do not provide for a minimum engagement period for casual employees. The ACTU proposed a 4 hour minimum engagement period. The FWC decided to include 2-hour minimum engagement period for casual employees into about 34 Awards.

What does this mean for employers

This decision will have a particular impact on employers who use high degree of casual employment. Employers may do this as a means of regulating work hours, to meet peaks and troughs in customer demand and to minimise employment costs such as notice periods and potential redundancy payments and the costs of possible dismissal claims.

Employers will need to consider the manner in which their long-term casual employee are rostered and whether this pattern of rostering creates a clear and systematic pattern of work for casual employees. They will also have to consider whether the roster pattern could be carried out by full-time or part-time workers.

It will also be important to identify which roles cannot be done by full-time/part-time workers without significant adjustment to the hours available for work or if there are other reasonably foreseeable issues make converting casual employment unreasonable in terms of the business’s operational needs.

While the FWC noted that the casual loading is meant to compensate for a range of entitlements such as leave entitlements, casual loading does not, in fact compensate for all of the detriments associated with casual employment.

This may result in businesses having to rethink the reasons and objectives behind employing casual workers. It is better to consider and identify these issues now rather than upon an application for conversion to full-time or part-time work.

If you have any further questions, please contact one of our lawyers.
By the source below 08 Jun, 2017
A new report from international insurer   Beazley   has found a new cyber threat that clients should be made aware of.

The latest   Beazley   Breach Insights report, from the cyber specialist   Beazley   Breach Response (BBR) Services, said that phishing scams aimed at accessing direct deposit funds have emerged as a growing threat, particularly in the higher education sector.

Phishing scams aimed at accessing employee tax information also rose, representing 9% of all breaches handled by   Beazley   in the first quarter of 2017.

Beazley ’s BBR Services handled 641 breaches on behalf of clients in the first quarter of the year, compared to 462 during the same period of 2016.

“Organisations continue to face increasingly sophisticated threats as hackers adapt and employ new methods to seize data and funds,” Katherine Keefe, global head of BBR Services said.

Direct deposit phishing sees hackers try to access an employee’s email and, once inside, request a password reset for the firm’s payroll provider. Hackers then chance an employee’s forwarding rule to send all emails from payroll to a junk email folder as funds are stolen.

Higher education was a particular target of these style of attacks where hacks and malware caused 48% of data breaches in the first quarter.

Ransomware continues to be a major threat for businesses with attack numbers up 35% compared with this time last year.

Financial institutions also remain a key target with firms in the sector suffering a number of breaches. The sector has seen an increase in unintended disclosure breaches which see bank account details or personal information sent to the wrong recipient.

In a bid to up cyber security and resilience   Beazley recommends that businesses deploy prevention and detection tools, use threat intelligence services, and utilise staff and manager training and conduct risk assessments focused on identifying and protecting sensitive data.
By the source below 08 Jun, 2017
The Australian Competition & Consumer Commission (ACCC) has warned that thousands of homeowners across the country could still be at risk of fire and electrocution due to faulty electric cables.

Infinity cables installed in New South Wales homes in 2010 may already have started cracking, with other state and territories where the cable was installed from 2011 coming into danger next year.

The product safety regulator is warning that the dangerous cable could become prematurely brittle and break under stress near heat sources and roof access areas. This could lead to fire or electric shock if cables are disturbed by home or business owners or tradespeople.

Delia Rickard, ACCC deputy chair, said that whilst the product recall is in its fourth year, only 54% of the 4,313km of dangerous cable has been found and fixed.
“Your home might be a ticking time-bomb if you haven’t had Infinity cabling replaced,” Rickard said.

Rickard urged those who had electrical cables installed between 2010 and 2013 to organise an inspection with a licensed electrician.

Brokers should discuss with both home and business clients if their properties have undergone any electrical work during this timeframe.

"In some circumstances, suppliers, installers and property owners may be liable to pay compensation for injury or property damage caused by Infinity cable installed in buildings,” Rickard continued.

The national recall began in August 2013.
More Posts
Share by: