Security News

Terrorism Insurance Act (Still) Won't Cover Cyber Attacks

A review into Australia's Terrorism Insurance Act by the country's National Audit Office (ANAO) has stated that cyber attacks won't be covered.

The Act was established in 2003 as a result of the September 11 terrorist attacks, because private sector insurance failed to adequately cover terrorism insurance. The Act covers businesses for losses due to terrorism and the fund - managed by the Australian Reinsurance Pool Corporation (ARPC) and premiums paid for by insurers - has amassed AU$13.4 billion.

However, it has never taken into account coverage for acts of cyber terrorism. The internet was a very different beast in 2003 and the Act only covered (and covers) losses involving commercial property, 'business interruption' and public liability.

Even though the online world is a far different place now, the latest review didn't factor in the increasing regularity of cyber attacks, despite costing the Australian economy at least $1 billion a year.

"There is yet to be a clear and evident market failure in relation to physical property damage from cyber terrorism requiring government intervention through the Act at this time," stated the ANAO. They did, however, note that the issue was an "emerging one requiring attention".

With the next review three years away, the ARPC is undertaking a year-long study into the 'nature and cost of physical damage to commercial property' (including 'business interruption') caused by cyber terrorism.

"The study will identify and explore current and prospective threats, likely scenarios as well as the practicalities of extending insurance coverage to include cyber terrorism in Australia," the ANAO said.

Cyber attacks are a very real part of today's world - it's predicted that a business somewhere in the world will suffer a ransomware attack every 14 seconds during 2019 - and hopefully common sense will prevail. The final report is expected by the end of this year.

Receive a weekly security report

Join 432 others receiving a free weekly report with a round-up of vulnerabilities and security news customized to your software stack. See an example email

Earlier: