Close

On this page

VMIA appoints Angela Kelly to lead insurance operations

We welcomed Angela Kelly as our Chief Insurance Officer in September. Angela’s extensive experience in delivering traditional and innovative insurance and reinsurance solutions will ensure our Insurance teams continue to develop creative and proactive responses to emerging risks, deliver high quality claims management and harness our data and claims experience to inform better risk management and harm prevention for the State. 

 

Cyber risks - evolving threats for the public sector

Cyber risks continue to be a concern for public and private sectors worldwide. Identity theft and ransomware – an attack that threatens to publish confidential data or block access until the ransom is paid – are on the increase. As exposure to these risks have grown, so have the gaps in cover, as attackers become increasingly sophisticated.

A local outlook

In June this year, a widespread cyber attack tried to compromise sensitive economic and personal data. Federal, state and local government agencies, institutions, hospitals and state-run utilities firms were involved in the attack (Hitch, 2020). Though the data breach was small, Prime Minister Scott Morrison reminded agencies that the attack was a firm warning for all sectors to strengthen their cyber security. 

The 2019-2020 Australian Cyber Security Centre’s (ACSC) Annual Cyber Threat Report disclosed that it responded to 2,266 incidents and received an average of 164 reports per day. The highest amount of cyber security incidents (318 events) occurred in April 2020 across the nation, which were linked to increased pandemic-related cybercrime (ACSC, 2020). These included topics, subject lines or links posing as pandemic information and government updates requiring recipients to exchange sensitive information. 

These figures have shown that attackers have been quick to capitalise on current affairs, such as the pandemic, and have been successful in phishing as government agencies. As government activity over the past few months has increased with lockdown, we expect these threats to grow. We recommend staying across common threats and regularly reviewing your cyber security infrastructure. 

Common threats Over the 2019-2020 financial year, VMIA received 35 claims, of which 29 were hospitals or health services related and 24 of these claims were ransomware attacks. This sees the growing need for coverage to be comprehensive to cover these risks.

The ACSC reported that malicious or phishing emails (27%) and compromised systems (24.4%) made up the largest portion of cyber security incidents over the financial year (2020). The most common threats agencies needed to be aware of included phishing, spearphishing, business email compromise, exploitation of vulnerabilities (attacks on soft targets or system vulnerabilities) and ransomware (ACSC, 2020). 

Ransomware is the most common cybercrime, as it’s low-cost, easy to develop, replicate and spread. This is reflected in our experience of cyber incidents and claims received from our clients over the same period. Recent trends highlight the growing need for cyber policy coverage to be comprehensive to cover these risks across the public and private sectors. 

Recommendations

We recommend following the ASCS’s strategies to mitigate cyber security incidents, also known as The Essential Eight, to align your IT security as a baseline across your information systems.

You’ll soon be able to assess your cyber maturity against the Essential Eight with a new online, self-service tool. We’ve partnered with the Department of Premier and Cabinet’s Cyber Security Unit to launch the Victorian Government Cyber Maturity Benchmark, an annual measure of baseline cyber security controls for the Victorian public sector.

Find out when you’ll be able to access the tool and more information on the Victorian Government Cyber Maturity Benchmark.

The Office of the Victorian Information Commissioner also offers steps for agencies in responding to data breaches and a guide to manage the associated privacy impacts.  

We also recommend reviewing your IT security regularly and your risk transfer options. Please contact us at contact@vmia.vic.gov.au if you’d like to discuss this in detail. You can also find more information about your cyber policy inclusions on our website.

 

Cyber policies and the market

We’ve observed commercial policies adapt rapidly to meet the evolving needs as new threats emerge. With the spike of pandemic-themed attacks, we expect insurers to be increasing premiums to recuperate on losses. We’re currently consulting with the commercial market and our reinsurers on policy strategies and risk transfer solutions. We’ll update you with developments as they become available.

 

Insurance update 

Market snapshot

In our previous edition of Future-proof, we explored the insurance trends observed from natural disasters and the pandemic and its potential impact to you. 

The wider insurance and reinsurance markets are continuing to perform rate corrections to recoup significant insurance-related losses and poor investment returns due to the impact of coronavirus. We’re also seeing some impacts for bushfire coverage as a result of bushfire activity across the country, and also globally, such as the recent California wildfires. 

Royal commissions, ongoing class actions, and increased claims have also presented market challenges.  

In addition, flammable cladding and building defects continue to be a concern for insurers due to the subsequent impact on combined liability coverage (or professional indemnity, commercially).

We’re expecting insurers to respond to these pressures and we’re working closely with global markets to manage your coverage and reduce the impact for you. 

Coronavirus advice

We've updated our insurance advice on how our policies respond to coronavirus exposures, based on the current restrictions. You can find more information on our policy factsheet and guidance update for government departments and agencies.

VMIA group personal accident (GPA) policies don’t automatically cover agency volunteers who’ve contracted coronavirus during their volunteer work. Currently, GPA policies cover injury only, but we can assist in arranging an endorsement on your policy to ensure your volunteers are covered in the event they contract coronavirus.

If you’d like more information or require an endorsement to your GPA policy, please get in touch at contact@vmia.vic.gov.au

Standardised products – insurance is now easier to understand 

We’ve improved our three key products to make them easier to read and follow. It’s the same great cover, with simple wording. It’s important to know that these changes do not impact your existing cover. We’ve updated the following policies: 

  • Property
  • Combined Liability
  • Directors and Officers Liability 

For more information, visit our website for details on our standardised policies.

Directors and officers policy inclusion updates

We’ve updated this policy to include defence and investigative costs on industrial manslaughter claims; specifically related expenses up until the point where the event has been found or adjudicated as criminal or not criminal. You can find more information on our 2020-2021 policy updates on our website.

The Victorian workplace manslaughter offences and its impact to you

We’ve partnered with the Victorian Government Solicitor’s Office (VGSO) for a webinar where we’ll discuss the recent changes to the Occupational Health and Safety Act 2014 (Vic) and what agencies need to keep in mind when assessing their workplace risks.

The final part of VGSO’s employment related webinar series, the session will be held on 20 November at 10am and you can register at VGSO’s website. The first two sessions of the series are focussed on employment topics and VMIA clients are welcome to register:

We also recommend reviewing your existing governance and risk frameworks to assess the legislative update and impact to your organisation. You might also find our tools, guides and kits helpful in your review. 

Travel policy and premium updates

We realise many clients across the sector have needed to cancel non-essential business travel plans. That’s why we’ve halved your travel premiums. You might have already seen this as a relief in your renewal premiums issued in June this year. 

VMIA learning and resources updates  

Our client workshops are now online.

We're excited to launch our client webinar series, featuring popular risk topics for Victorian public sector professionals. You’ll be able to join discussions, live polling, Q&A sessions and quizzes. 

Our suite currently includes:

  • Risk Foundations
  • Cyber Risk Foundations
  • Risk Culture Enabler
  • Victorian Government Risk Management Framework (VGRMF): What’s new and changed

We’re adding Insurance Foundations to our webinar series in the next few weeks. If there’s any particular topics you’d like us to cover next—contact us to have your say. Please also keep an eye on our offerings and follow us on LinkedIn and Twitter for updates.

The new Victorian Government Risk Management Framework

In case you missed our recent communications, the new Victorian Government Risk Management Framework (VGRMF) was launched last week. The Framework, which is up on the Department of Treasury and Finance website, comes into effect on 1 July 2021, and all agencies must attest to it from that date.

We’ve summarised the key changes to the new Framework and you can join a webinar to find out what’s new and changed.

The current Framework is effective until 30 June 2021 and our resources and guidance materials are still in place. 

Help shape the tools you need to navigate the new VGRMF.

We’re updating our risk management tools and resources to reflect the new Framework and we want your feedback. Visit our design lab, where you’ll be able to provide input at key stages of service development to help shape and refine these tools.

Collaboration is currently open for the following topics:

  • Making decisions in situations of uncertainty
  • What is risk?
  • Identifying, analysing and evaluating risks
  • Attesting to VGRMF requirements
  • Building your risk management framework 

 

RMA Online

RMA Online self-assessments are now open for the 2020-2021 financial year. You can start to review and complete items in your action plan and make continuous improvements to your organisation's risk maturity results.

The benchmarking results for the 2019-2020 financial year are now available, allowing you to monitor and track your organisation’s results. Tap into insights and compare your maturity scores with your peers in the Victorian public sector. You can also use this data to identify opportunities to improve your risk maturity, frame your risk strategy and recommendations for improvement to your organisation’s decision makers.  

Watch the instructional video below to access benchmarking data. 

 

 

Feedback

Have a topic that you'd like us to cover in future editions or perhaps have feedback to provide? Contact us at communications@vmia.vic.gov.au.

 

References
  1. ACSC Annual Cyber Threat Report July 2019 to June 2020. (2020). [online] Australian Cyber Security Centre. Available at: https://www.cyber.gov.au/sites/default/files/2020-09/ACSC-Annual-Cyber-Threat-Report-2019-20.pdf [Accessed 9 Sep. 2020].
  2. Hitch, G. (2020). China believed to be behind major cyber attack on Australian governments and businesses. [online] ABC News. Available at: https://www.abc.net.au/news/2020-06-19/foreign-cyber-hack-targets-australian-government-and-business/12372470 [Accessed 20 Aug. 2020].
 

 

View media release Launch Design lab Register to attend the Cyber Risk Foundations workshop Submit your RMA Online response now Launch design lab Express your interest in webinars Launch RMA Online View coronavirus information and guides on your VMIA insurance Launch RMA Online View latest coronavirus information and guides relating to your VMIA insurance Express your interest for webinars