Brought to you by:

Cyber staff shortage leaving nation exposed

A huge shortfall of specialist cyber security staff is leaving Australian businesses exposed to cyber attacks, a new report from the Actuaries Institute warns.

The green paper – Cyber Risk and the Role of Insurance – analyses the vulnerability of organisations and the role of insurance in setting best practice standards for cyber resilience.

“Australians are more dependent than ever on technology and cyber crime has the potential to disrupt our lives and really harm us, as we’ve seen in the news recently,” lead author Win-Li Toh told

“Despite government and increasing business spend, the losses are mounting. We have $33 billion reported in cyber crime losses in the past financial year, up 13% on the year prior.

“No organisation is immune and government, business and insurers can no longer combat this issue in silos.”

Insurers are increasingly cautious about underwriting cyber risks as the number and scale of attacks soars.

Ms Toh notes government entities are “a long way off” baseline standards of cyber security and many businesses are also behind in resilience against rapidly shifting risks.

“Importantly, good cyber hygiene and security – not insurance – are the first line of defence,” she says.

The report flags a “severe shortage” of qualified cyber security personnel.

“The global workforce needs to grow by 65% (from 4.2 million to 7 million cyber security professionals) to effectively defend organisations’ critical assets, with 8 in 10 breaches attributed to a skills gap,” it says.

In Australia, a five-fold increase in the number of students in cyber security courses is required.

Other gaps that need to be addressed include a limited understanding of cyber insurance among boards, limited education on cyber risks among SMEs, achieving sufficient capacity and profitability in the cyber insurance market, and managing accumulation risks.

Ms Toh says cyber risk is growing at unprecedented levels, with ransomware attacks more than tripling in two years.

“The accessibility of Ransomware as a Service (malware products), combined with the development of crypto currencies enabling untraceable payments has super-charged the growth of cyber attacks.

“This has brought more organisations of different types and sizes under the widening net of cyber criminals to the point where it is now clear that no firm is immune.

“This is why a vibrant and resilient risk management framework and infrastructure for cyber risk is crucial, of which insurance is one part,” she said.

The Insurance Council of Australia (ICA) welcomed the report, flagging that it follows its own study released earlier this year.

“This week’s extraordinary cyberattack on Optus and its customers demonstrates how important it is for large and small organisations to have robust cyber protections in place,” ICA CEO Andrew Hall said.

“Working in partnership with government, insurers have a key role to play to help businesses protect themselves and recover from cyberattacks.

“The Actuaries Institute provides yet another opportunity to discuss how industry and government can work in partnership to tackle this significant challenge.”

Click here to read the full Actuaries Institute report.