Australian Reinsurance Pool Corporation (ARPC) has released new research highlighting the economic risks faced due to a cyber protection gap which it hopes will influence next year’s review of the Terrorism Insurance Act.

Commercial property insurance in Australia does not cover physical property damage caused by cyber terrorism or cyber war. The ARPC Scheme, Australia’s national terrorism insurance scheme, also excludes coverage for physical damage caused by cyber terrorism.

“ARPC anticipates that our research will contribute to informing the Australian Government about the risks faced by the economy due to this protection gap,” CEO Christopher Wallace said. “It will be an input into the Treasury’s 2021 triennial review of the Terrorism Insurance Act.”

The research project, “Insurance risk assessment of cyber terrorism in Australia”, looks at the practicalities of extending insurance coverage to include cyber terrorism in Australia.

An analysis of cyber terrorism attack scenarios by the Cambridge Centre for Risk Studies shows the average expected losses are consistent with a traditional explosive blast attack in a city’s CBD.

The maximum losses from two modelled attacks were “substantial and exceed the capacity of the ARPC scheme.”

German, Spanish and South African pools provide direct insurance coverage without cyber exclusions, while reinsurance or co-insurance schemes in Austria, Belgium, France, Netherlands, the UK and US provide cover for cyber-terrorism.

In Australia, India and Russia cyber-terrorism is explicitly excluded from the terrorism schemes.