Cyber-attacks could cost Australian economy $16bn

Cyber breaches and attacks in major Australian cities could cost the economy up to US$16bn, according to Lloyd’s, the specialist insurance and reinsurance market.

A joint Lloyd’s and Cambridge University study found that of the world’s 301 major cities, Sydney has the 12^th most GDP at risk from cyber-attack, with $5bn of GDP at risk from 2015-2025.

Top of the global list is New York, with $14.08bn of GDP at risk. Singapore came in 19^th place at $3.41bn.

Speaking in Sydney, Lloyd’s global CEO Inga Beale said businesses of all sizes and from all sectors needed to plan for cyber attacks.

“It’s not just for banks to worry about – it impacts retailers, travel and hospitality firms, education and healthcare providers, and any business with proprietary information worth protecting. Where a decade ago people would talk about preventing a cyber-attack, the reality is firms will be subjected to attacks. The issue is how you mitigate against that,” Beale said.

“We are living in a world where people carry a globally-connected supercomputer in their pocket and almost every important work document is stored in the cloud, on servers or online. The result is an explosion in the potential for cyber risk. The latest series of high profile data breaches is just the beginning. With the emergence of the Internet of Things the potential for cyber risk is enormous.

“This is where insurance can play a critical part. Not only are we there to assist financially, we can also provide advice and assistance on how to manage the risks and respond to them.

Lloyd’s has seen the amount of cyber insurance purchased in Australia increase 168-fold (16,828%) in the past two years.

Regulation is expected to drive this even further.

In 2018, the EU is introducing the General Data Protection Regulation (GDPR). This means that any company holding European customer data will be required to disclose data breaches to national data protection authorities and, where warranted, affected individuals.

The Australian Government last week introduced mandatory data breach notification laws into parliament for the fourth time. The proposed legislation requires companies that have been breached and lose personal details, tax file numbers, medical records or credit card information to report the incident and notify affected customers.