“It’s been crazy,” said Andrew Fluitsma, chief executive of Honan Insurance Group.
Honan had been asked to present to either the audit and risk committee, or the full board, of at least 10 companies since late September, Mr Fluitsma said.
Directors were checking if their level of cover was adequate, as well as their personal liability.
Mr Honan said correctly written directors’ and officers’ liability insurance policies should cover board members in many cases, but there was the possibility that directors could be found to be negligent if they had not purchased an appropriate amount of cyber cover.
Ms Butler and Mr Fluitsma said they did not expect cyber insurance premiums to rise as a result of the attack. The cost of taking out cyber cover has doubled on average every year for the past three years, as claims surged. But price rises are expected to flatten, the brokers said.
Mr Fluitsma said highly vulnerable companies, such as those in telecommunications, medical services and financial services, had long been aware of cyber risk and the need for adequate insurance, but now companies in sectors such as real estate, hospitality and construction were looking more closely at cyber risk and cyber insurance.
SMEs more likely to be under-insured
The most under-insured segment of corporate Australia in cyber terms is the mid-market, or companies with an annual turnover of between $50 million and $1 billion.
Research by the Actuaries Institute found that only 20 per cent of small to medium enterprises had cyber insurance, while between 35 per cent and 70 per cent of larger organisations had cover in place.
“This is something Marsh agrees with when reviewing the take-up rates with our own clients,” Ms Butler said.
“This really comes down to a number of reasons, including a lack of understanding of the value of the offering the insurance product provides, the recent premium increases, or not having being able to display a level of cyber hygiene required by insurers in order for [the insurers] to underwrite the risk.”
Mr Fluitsma argued that technology start-ups, particularly those that rely on subscription models, were particularly vulnerable to cyberattacks and were often not insured.
Subscription-based businesses held large amounts of customer data, Mr Fluitsma said, noting that he had seen some instances of online influencers taking out cyber insurance.