5 December, 2017
Regulatory changes expected to lead to spike in claims.
Numerous commentators have referred to 2017 as the year of “Ransomware”. The WannaCry and Petya attacks had wide reaching global effects as malicious actors became increasingly resourceful and deployed new methods to commit cyber extortion. As an example, new malware strains were deployed in 2017 that exported and publicly displayed a company's sensitive records in the event a ransom payment was not made. There were also frequent high profile intrusions throughout 2017.
2018 will see a number of new regimes commence. Australia's Notifiable Data Breach regime under the Privacy Act 1988 comes into force on 22 February 2018. The General Data Protection Regulation also comes into force on 25 May 2018 and will apply to many businesses that collect or process the data of European citizens.
We anticipate these legal changes will lead to a noticeable increase in claims under cyber insurance policies in Australia in 2018, especially later in the year as regulators explore the powers available to them under the new legal regimes. We also anticipate the number of Ransomware claims notified to increase.
In 2018, we expect that cyber extortion coverage clauses will be closely scrutinized by brokers and the market to ensure they capture the growing scope of potential ransom events. An increased frequency of claims will place pressures on insurers in relation to how they set policy deductibles for extortion claims, and the approaches they adopt to triage these claims.
For further information, please contact:
Dean Carrigan, Partner, Clyde & Co
dean.carrigan@clydeco.com