We're sorry but your browser is not supported by Marsh.com.au

For the best experience, please upgrade to a supported browser:



Putting Cyber Risk on the Boardroom Agenda


While most Australian organisations have become familiar with the warnings to heighten their cyber security, last week’s revelation by the Australian Signals Directorate that cyber attacks on our businesses and government rose 20 per cent in 2014, confirms the rapid speed at which the threat is growing.

This statistic from the Department of Defence’s intelligence agency is a swift and timely follow up for many Marsh clients who attended a recent breakfast seminar on cyber risks in Sydney hosted by Marsh & McLennan Companies (MMC). The event on Thursday 16 April saw some 100 representatives from Australian business community hear from the ASIC Commissioner, Cathie Armour, as she spoke about the regulator’s recent efforts to encourage greater awareness of the risk within the Australian companies, particularly at the board and director level. The Commissioner stressed the importance of greater engagement and collaborations with both industry and government in developing appropriate measures.

The briefing also introduced Verizon’s 2015 Breach Investigations Report, one of the first public presentations following the release of the report two days earlier.

The event coincided with a visit to Australia from MMC’s President and CEO, Dan Glaser, who provided a global perspective and shared with the group his personal sentiment  that ownership of cyber risk  starts at the top, with the CEO Role basically doubling as a shadow role as Chief Information Officer.     

In a robust panel discussion, subject matter experts from each of the MMC companies provided their perspectives on how organisations could better approach the risk.

Susan Elias and Costa Zakis offer some of the pertinent points that emerged from the panel discussion:

Understanding the threat to your organisation

The journey to becoming cyber resilient begins with understanding the extent and scope of a firm’s cyber risk exposures, which would typically include:

  • Cyber risk identification
  • Cyber risk assessment
  • Cyber risk quantification

The team at Marsh Risk Consulting can assist in this endeavour, with specialists available to:

  • Develop or update risk registers of cyber and privacy risks
  • Undertake both cyber resilience reviews and privacy resilience reviews
  • Develop, implement and test a cyber incident response plan

Transferring the cyber risk

Importantly, Marsh is also able to help facilitate risk mitigation insurance solutions through the following activities:

  • Undertaking an  insurance gap analysis, mapping cyber security and privacy exposures against current insurance arrangements
  • Formulating cyber risk profile and determine key coverage requirements
  • Negotiating tailored cyber insurance quotes aligned with key coverage requirements
  • Recommending an appropriate, bespoke cyber insurance solution

As every firm’s cyber risk profile will be unique, overlaid against the varying policy forms available in the market, it is important that the appropriate cyber insurance solution be tailored as noted above.

Responding to a cyber attack

For many organisations, the culmination of the cyber journey may be with a cyber attack, no matter their risk mitigation defences.

At this point in time, analysts from the Forensic Accounting and Claims Services team have specialised skills to assist with the crisis management  response, as well as the forensic analysis to determine where the breach occurred and ways to remedy it.

Marsh Pty Ltd (ABN 86 004 651 512, AFSL 238983) (“Marsh”) arrange this insurance and is not the insurer. The Discretionary Trust Arrangement is issued by the Trustee, JLT Group Services Pty Ltd (ABN 26 004 485 214, AFSL 417964) (“JGS”). JGS is part of the Marsh group of companies. Any advice in relation to the Discretionary Trust Arrangement is provided by JLT Risk Solutions Pty Ltd (ABN 69 009 098 864, AFSL 226827) which is a related entity of Marsh. The cover provided by the Discretionary Trust Arrangement is subject to the Trustee’s discretion and/or the relevant policy terms, conditions and exclusions. This website contains general information, does not take into account your individual objectives, financial situation or needs and may not suit your personal circumstances. For full details of the terms, conditions and limitations of the covers and before making any decision about whether to acquire a product, refer to the specific policy wordings and/or Product Disclosure Statements available from JLT Risk Solutions on request. Full information can be found in the JLT Risk Solutions Financial Services Guide.