Introduction

Australian manufacturers are standing at a critical crossroads as the landscape of both manufacturing and cyber insurance undergo significant shifts. Insurance, while often viewed as a safety net, provides extremely limited coverage when it comes to digital threats. Securing a policy requires significant effort, including detailed assessments, strict underwriting processes and meeting specific criteria. Even then, it only addresses certain financial risks like reimbursements for some direct costs. Crucially it does not cover major impacts like reputation, prolonged outages, or the loss of customers. These ‘big ticket’ items remain the responsibility of the company, underscoring the need for comprehensive cybersecurity measures beyond just having insurance. As insurers impose stricter limitations, manufacturers must revise their risk management strategies and implement proactive measures to uphold operational security. A recent Tenable poll of over 200 IT and cybersecurity leaders underscores this shift, showing up to a 15% decrease in cyber insurance premiums with proactive cybersecurity efforts.

A New Frontier

The surge in cyber incidents, including high-profile attacks and data breaches, has propelled cyber insurance to the forefront of organisational risk management discussions. According to the Australian Cyber Security Centre (ACSC), the 2022–23 financial year alone saw over 94,000 cybercrime reports, with staggering self-reported losses amounting to A$80 billion. Medium-sized businesses bore the brunt with an average loss of A$97,200 per cybercrime, followed closely by larger organisations at A$71,600. These figures underscore the pervasive impact and financial implications of cyber threats across sectors.

In response to the escalating threat landscape, insurers have adjusted their policies to reflect the heightened risks associated with cyber incidents, particularly ransomware attacks. A recent KPMG report highlights increasing cyber threats to Australian manufacturers, projecting a 15% annual rise in ransomware attacks over the next five years. Policies now frequently incorporate exclusions or limitations on ransom payments, aligning with insurers’ efforts to mitigate their financial exposures. For manufacturers that operate within intricate and interconnected digital ecosystems, this shift necessitates a strategic re-evaluation of their approach to cybersecurity and risk management.

The Approach

Insurance coverage, while important, is no longer sufficient as the only comprehensive risk mitigation strategy. The evolving cyber insurance landscape now requires manufacturers to adopt a proactive approach, encompassing several key strategies:

1. Implement Preventive Security Measures: Prioritise strategies that reduce the likelihood of breaches, such as enhancing cyber hygiene, maintaining full visibility across all attack surfaces (including cloud and OT environments), promptly addressing vulnerabilities, and optimising Active Directory configurations.

2. Align Preventive Measures with Insurance Requirements: Encourage policyholders to integrate preventive security practices into their operations. This alignment not only enhances cyber maturity and reduces overall risk but also simplifies the insurance process through standardised reporting, risk assessment tools, and dashboards that insurers can trust.

3. Collaborate for Risk Reduction and Cost Savings: Foster collaboration between insurers and policyholders to quantify and manage portfolio risk effectively. This collaboration can lead to lower premiums, expedited renewal processes, and a better fit between insurance coverage and the organisation’s cybersecurity needs.

Summary

Adopting a proactive cybersecurity strategy strengthens manufacturers against present threats and prepares them for future challenges. Prioritising preventive security is crucial for both organisations and cyber insurance companies. Aligning cyber insurance policies with cybersecurity best practices incentivises organisations to implement proactive security measures, effectively reducing risks. Measures like exposure management promote essential cyber hygiene practices, aid in quantifying cyber risks, improve the chances of obtaining comprehensive coverage and potentially reduce costs.