ARPC releases cyber terrorism research findings at webinar

09 Sep 2020

Australian Reinsurance Pool Corporation has launched the findings of its cyber terrorism research project titled ‘Insurance risk assessment of cyber terrorism in Australia’ at ARPC’s Cyber Terrorism Research and Insurance Webinar. The Webinar, held on Thursday, 3 September, had 135 attendees.

The scope of the research included identifying and exploring current and prospective threats, plausible scenarios and the practicalities of extending insurance coverage to include cyber terrorism in Australia. ARPC commissioned the Organisation for Economic Co-operation and Development (OECD) and Cambridge Centre for Risk Studies at the University of Cambridge’s Judge Business School (Cambridge), to undertake the research.

“Commercial property insurance in Australia does not cover physical property damage caused by cyber terrorism or cyber war,” said Dr Christopher Wallace, ARPC CEO. “The ARPC Scheme, Australia’s national terrorism insurance scheme also excludes coverage for physical damage caused by cyber terrorism.”

“ARPC anticipates that our research will contribute to informing the Australian Government about the risks faced by the economy due to this protection gap. It will be an input into the Treasury’s 2021 Triennial Review of the Terrorism Insurance Act,” Dr Wallace said.

“ARPC would like to thank ARPC’s government and industry stakeholders for their contributions at several workshops on insurance and cyber topics which helped to inform the research,” Dr Wallace said.

A snapshot of the key findings

Coverage

Cyber terrorism is not covered by commercial property insurance in Australia, and the terrorism reinsurance scheme administered by ARPC excludes cover for cyber terrorism.

Scenarios

The scenario analysis conducted by Cambridge demonstrates that the average expected losses from two modelled scenarios are consistent with the expected losses from a traditional explosive blast attack in the CBD and are within the capacity of the ARPC scheme.

The maximum losses from the two modelled cyber terrorism attacks are substantial and exceed the capacity of the ARPC scheme.

Terrorism pool coverage of cyber terrorism

According to OECD, the German, Spanish and South African pools provide direct insurance coverage without cyber exclusions.

For the reinsurance or co-insurance schemes in Austria, Belgium, France, Netherlands, United Kingdom, and the United States, cover for cyber-terrorism is included to the extent it is covered in the underlying policy.

In the reinsurance schemes in France and the UK, cyber-terrorism cover is explicitly included.

In India and Russia cyber-terrorism is explicitly excluded, as is the case in Australia.

The full research findings in a compendium format can be requested on the ARPC website.

For media inquiries, please contact ARPC Chief Executive Dr Chris Wallace on (02) 8223-6777.