5 minute read
Cyber safety
INSURING AGAINST CYBERCRIME
AS THE CONSTRUCTION INDUSTRY’S RELIANCE ON TECHNOLOGY
AND AUTOMATED SYSTEMS GROWS, TROY FILIPCEVIC FROM EMERGENCE INSURANCE DETAILS THE IMPORTANCE OF CYBER INSURANCE TO ENSURE BUSINESSES CAN CONTINUE RUNNING AS NORMAL IN THE EVENT OF A CYBERATTACK.
The Australian Cyber Security Centre received 13,000 reports of cybercrime from individuals and businesses over three months in 2019.
The Federal Government also estimates cybersecurity incidents cost Australian businesses $29 billion a year.
According to Troy Filipcevic, Managing Director of Emergence Insurance, if you think your business is immune to a cyberattack, think again.
“Emergence Insurance is the only underwriting insurance company in Australia 100 per cent focused on cyber risks for business. Cyber insurance helps protect businesses against all forms of cyberattacks,” he says.
Emergence Insurance and Underwriting Agencies of Australia (UAA) collaborate to service the road construction industry. Both companies are part-owned by parent company Steadfast Group.
“We’re both leaders in our respective industries, with UAA specialising in mobile equipment including cranes and construction machinery and Emergence as an expert in cyberattack. We think the partnership between the two will benefit UAA’s customers,” Mr. Filipcevic says.
Mr. Filipcevic spends two days a week in the UAA office working with the team and with George Grasso, UAA Chief Services Officer.
“We work closely with UAA and a number of their customers are already on board or are examining these sorts of policies. UAA has joined forces with Emergence to provide cover for cyberattacks and, very soon, all policy renewals will cover for this risk,” Mr. Filipcevic says.
“People tend not to think about cyber issues – they think it won’t happen to them. But cyberattacks have been increasing exponentially,
year on year, for a number of years.”
Cyberattacks can come in many forms and cause serious damage to businesses.
Mr. Filipcevic says attacks can include ransomware, where people will hack into a business’s IT systems and lock down files so they can’t be accessed. He says the perpetrator then often demands payment for the release of these files.
“A cyberattack can also come in the form of malicious software or malware, which is basically when someone in the office clicks on an email or a link that’s come from a hacker, which releases a virus into their computer systems,” he says.
UAA and Emergence Insurance cover costs for the IT system if a business suffers a cyberattack to help get the business back up and running. The insurance will also replace any revenue lost during the downtime.
If electronic reports or communications are down, this could affect production on site, and any downtime is costly for construction businesses. If site workers are unable to access design files, for example, this could stop works.
“The vast majority of cyberattacks are a result of human error. Attacks occur from people clicking on links that they shouldn’t, leaving computers on and not backing them up,” Mr. Filipcevic says.
Furthermore, he says the construction industry is just as vulnerable to cyberattacks as any other.
“A lot of cranes and other construction equipment are reliant on computer technology in some way.
“This means not only is the business and the computer system which runs the business at risk, the equipment which relies on the technology to perform its role is equally at risk,” he says.
He says construction businesses are especially exposed to hackers as some are heavily reliant on technology for equipment.
“A hacker can access the technology on a piece of equipment and immobilise it. They could jam the computer in a crane and play around with the calculations relating to lifts which could cause damage to property. They could even suspend all the functions and make the crane redundant,” Mr. Filipcevic says.
In his experience, a typical construction business can take a number of measures to prevent cyberattacks.
“This can be as simple as staff having strong passwords.
“Implementing two-factor authentication means that employees have to authenticate
Troy Filipcevic works closely with UAA to provide insurance cover in the event of a cyberattack.
themselves to actually gain access to systems, and that’s starting to become a core component of security within the business,” Mr Filipcevic says.
“Implementing patching software when patches are released is also important. If Microsoft releases a patch to update a business’ software, the business should be updating the patch very quickly thereafter.”
It is also crucial to back up all data and information for the business.
“If the business does suffer a cyber event and they have back-ups of their information, they can respond and get up and running quickly,” Mr. Filipcevic says.
He says another important factor to consider is staff technology training.
“Making staff more vigilant and aware of the dangers is important because most attacks are as a result of human error,” he says.
Emergence Insurance insures all businesses, from owner-operators with one machine all the way up to multinational businesses with fleets of machines in the market.
“Not only do they get access to an insurance policy and the reassurance that if they do suffer an attack, the insurance company will pay, we also have access to global ‘soft security vendors’ as part of our
offering,” Mr. Filipcevic says.
If a business doesn’t have an IT consultant or a soft security consultant, Emergence Insurance will help to provide these services as part of their claim.
“It’s not only about the insurance coverage and the money the policy provides, it’s the additional services and the experts we offer as well,” he says.
Emergence Insurance premiums for smaller businesses start from around $500 to $1000 per annum.
“The misconception in the market – and this is a big issue – is that a lot of businesses think it won’t happen to them because they are either too small or they’re not in a hightech industry. In reality, it’s quite the reverse,” Mr. Filipcevic says.
“In fact, they are the ones in the firing line, essentially because they often don’t have an army of technology people internally working on IT security.”
He says if businesses can’t get equipment out into the field or they can’t get machines working, then they are not getting paid and this can impact business livelihood.
“I would suggest any construction company needs to consider taking out insurance to protect their livelihood from a cyberattack,” Mr. Filipcevic says.
