Specialised cyber insurance policies starting to become available in Asia, says AIG APAC VP

There is a pressing need to identify cyber threat as a new risk category and not merely an incremental extension of existing risks, according to the vice-president of financial lines at AIG Asia-Pacific Ian Pollard (pictured).

Pollard said that data risk management and security must be top of mind for corporate leaders if they are to operate within new regulatory regimes of data privacy.

“As the digital world continues to grow, the legal and regulatory environment is racing to catch up,” Pollard said. “In 2009, only seven territories in Asia Pacific (Australia, Japan, Hong Kong, Macau, New Zealand, South Korea and Taiwan) had legislated data privacy laws, but today India, Malaysia, China and Vietnam have scrambled to introduce data privacy legislation as well.”

Pollard said that specialised cyber insurance policies were starting to become available in Asia, “which will play a vital role in helping companies manage the cost of cyber risk”.

AIG’s Australasian professional indemnity manager Matthew Clarke said that standard business insurance policies only covered tangible assets with electronic data. “Cyber insurance offers coverage for liability that arises from unauthorised use of, or unauthorised access to, electronic data or software within an organisation’s computer network or business,” he said. “It can also provide coverage for liability claims arising from network outages, the spreading of a virus or malicious code, computer theft or extortion.” 

These comments were made by Pollard and Clarke following the release of a paper produced by the University of Canberra’s Centre for Internet Safety (CIS) in collaboration with AIG. The paper suggests that 65% of small-to-medium businesses’ sensitive or confidential information is not encrypted or safeguarded by cyber insurance.

Co-director of the CIS Nigel Phair said that organisations were facing technological threats from entities such as cyber criminals, disgruntled internal staff and contractors. “Businesses know to lock up their doors and protect their physical assets,” he said. “But the widespread lack of digital protection is leaving them vulnerable to theft and exploitation from cyber criminals.” 

Alastair MacGibbon, also co-director of the CIS, said that businesses had to be prepared for a shifting online risk landscape. “They face a range of evolving challenges, including privacy, security and intellectual property liability,” he said.