Q&A with Principal Robert Crittenden:
What technology risks are emerging and what are the implications for insurers?
A: Emerging technology risks include cyber attacks and data breaches; software malfunctions in commercial settings; mobile internet and cloud data solution vulnerabilities; information/data that has been lost, stolen, disclosed, destroyed or corrupted; and cyber outsourcing (i.e. outsourcing data handling to third party providers).
Industry relies on technology to streamline work processes and increase output. In many industries, technology is now performing tasks previously performed by people. Insurers should expect to see claims arising from, for example, computer malfunctions, failure to update software and human error interacting with new technologies. Industries where claims have previously arisen purely from human error will now face risks arising from the integration of technology into their business.
Cyber breaches may also raise breach of privacy issues and breaches of confidentiality. Businesses might have a liability in negligence or contract for failing to protect personal information against cyber attacks. Insurers and insured businesses both need to be aware of where liability will fall in the case of a cyber attack.
What impact could cyber risk have on traditional insurance cover?
A: Traditional insurance policies may not cover the unique risks arising from cyber attacks. Directors and officers and professional indemnity policies might not adequately cover company officers and professionals for their liability in the event of a cyber attack. Furthermore, property damage policies could exclude claims for loss of or damage to electronic data.
What can we do to prepare?
A: In May this year Gumtree notified all of its users that their details had been hacked. It seems almost every week we read about a corporation being hacked or subject to a cyber attack of some form. So the Australian Government’s $230m cyber security strategy can only be welcome news, although some say it is merely catching up to the rest of the world. One of the initiatives receiving coverage is the voluntary “cyber security health check” offered to the top 100 ASX listed companies.
Those in governance positions in any organisation with an online presence must prepare by placing an audit of their cyber security high on the agenda and ensure they continually monitor cyber resilience. Further, careful regard must be had to the adequacy of cyber insurance coverage. There is no doubt cyber attacks will only continue to rise and while the government is taking steps towards improving cyber security, ultimately the private sector has a vested interest in protecting itself via good cyber risk management strategies and adequate insurance coverage.
Q&A with Principal Julie Somerville
The Insurance risk study: Global insurance market opportunities (2015, AON), states “…we expect enormous increases in our ability to model cyber risk, to mitigate it, and to transfer it to insurance markets. In 10 years, we anticipate cyber will be a major line of business”. How do you see cyber risk impacting on insurance cover?
A: Cyber insurance is a rapidly growing area. However, there are marked differences in the types of cover available and the extent of the indemnity provided. Increasing expertise will be expected from insurance brokers in relation to the extent of cover required. Brokers will be required to understand the extent to which an insured has integrated technology into its business so they can assess the extent of coverage required. For example, if an insured’s data is compromised as a result of hacking, if there is potential for ransom attacks, corporate data loss, breaches of data protection by outsourced providers, reputational damage as a result of a data breach, network interruption losses, defence costs associated with investigations and inquiries and costs associated with advising clients of data compromises, just to name a few.
What type of claims are you seeing as a result of the increasing use of social media and what challenge does social media pose for insurance cover design?
A: Workplace claims such as harassment, bullying and defamation have been the most obvious claims that have been coming out of social media use, however in recent months there has been an increase in claims arising from misrepresentations and disclosure of confidential information. For example, a real challenge exists for businesses when people inadvertently reveal confidential or company information through the use of chat rooms and bulletin boards. In many jurisdictions it is a statutory offence to disclose private and/or personal information. Exclusion clauses could get activated quite easily when people reveal private and/or personal information on social media sites as to do so may amount to a deliberate breach of statutory regulations. So as a result the scope of such exclusion clauses will need to be reviewed.
Q&A with Principal Nevena Brown
A recent PwC paper on healthcare (“Australia can see further by standing on the shoulders of giants”, August 2016) focusing on the move to digital healthcare states, “Improved models of care are required to meet the challenges healthcare systems face globally and in Australia… Digital healthcare will play a central role in enabling these changes”. How could the apportionment of liability shift in relation to future claims in the health sector?
A: As institutions start implementing systems to streamline and coordinate the provision of services of healthcare providers (including sharing of patient data), institutions may be apportioned greater liability if there are deficiencies in those systems. Exposures that need to be addressed in risk management strategies include privacy and confidentiality obligations regarding access to and use of patient sensitive data, which involves data security processes, and assurance of complete and current data, particularly if any system is an “opt-in” system.
Meridian Lawyers was the platinum sponsor of the 2016 ANZIIF Liability Conference in Australia in October.