Episode 1: Cyber Liabilities, Soft & Hard Insurance Q&A, and Cyclone Damage
In this Podcast we discuss how we can all address cyber liability by being more Cyber aware with Steve Simpson from ES2, we have a Q&A on the hard and soft insurance market with Ryan Cameron, plus chat to Cameron Gaspar about the effects of cyclone damage.
In this podcast, we have provided general advice only and not personal advice. In giving this advice, we have not considered your personal circumstances.
Welcome to the first podcast of EBM insights. This podcast will do a deep dive into current issues surrounding insurance and risk management. My name is Sandy catley. Thank you for joining us. For those of you who don't know us EBM is a locally owned and operated insurance broker. This year we celebrate 45 years in operation which is something we're very proud of. Our head office is located in Perth, Western Australia. We have eight offices throughout the country, including regional who and we employ over 200 people. So who will be joining us in the podcast today, we've got some interesting topics to discuss and we'll be joined by Ryan Cameron, Director of broking at IBM will check to Cameron Gaspar ebms on the ground broken representative in karratha. And our first guest in the party will be Steve Simpson from he has to his to is the largest who owned and operated cybersecurity company. More specifically, Steve will be talking to us about how we can all be more cyber aware, and he will provide an overview of the government's recent report on Australia's cyber security strategy.
And welcome back. 2020 has seen a greater reliance on the internet due to COVID-19 in Australia and the world. However, with this increase in use, we're hearing more and more about cyber threats impacting families and businesses in response to these threats. In early August, the Australian government released its cybersecurity strategy. Joining me now is cyber specialist Steve Simpson, from ease to to talk us through this report. Now if you have a look on his to his website, you might see Steve referred to as the godfather of cyber. So we're very glad to have him in the pod today. Welcome, Steve.
Thank you, Sandy. lovely to be here.
Thank you. Great to have you here. Now, Steve, before we delve into all things cyber, can you give our listeners a brief overview of your background?
my bio, absolutely, I was 22 years British military. I had some awesome jobs in some awesome locations. I was the IT manager and the information manager setting up the headquarters in Kabul in 2002. In Afghanistan, they're not always comfortable places, but always good. And I was for three years after I got out. I was one of the information security advisors to the British Cabinet Office in Westminster.
Well, that is a very, very, very interesting background. So I think we've got the right person with us today. Thank you. Alright. So first up, can you explain why the government has produced this report?
The there is a continually growing cyber threat. And a couple of months ago, the Prime Minister made an announcement that we we as Australians, were under continued pressure or attack from a state nation. Yes, I remember that. They they didn't name it. But I think we all know we're talking about Yeah. As a response to that as much as anything they've now provided, what amounts to quite a lot of advice to and they've split it between government, business and community, to help us all to be able to face that cyber threat and to understand a little of what we can do
to help. Okay, great. So I noticed you said business community. So can you give a couple of examples of what might have happened in each area. So for what some businesses might have experienced, or what average person
at home, most people will have seen an increase in spam or phishing emails. phishing emails are a type of social engineering where an attacker tries to get your username and password or some other good information by sending you an email that looks legitimate. Yeah, these have been increasing a lot to the extent where the businesses that I've been working with and we look through the mail filters, on average, they are filtering out 90% of the emails they receive. Only 10% of those emails are actual business communications. It has got That bad now? Yes,
that 90% it's, I would not have expected a figure that high.
And I wished it wasn't that hard.
Actually, we can learn a lot from you. And he has to, and he'll maybe reduce that. Okay, so with all that in mind, Steve, what are some of the things that we can all be doing to be more cyber aware?
A lot of it is understanding what you're doing online. Now, one of the things that the government has said in their strategy, and it would have been nice if they put a little bit more meat behind it. But what they've done is they've reminded us all that we have responsibility for our own information, of course, and businesses and and and home users, we have a responsibility to look after ourselves. So as using following good password practices, knowing how to identify a phishing email, things like that will go a long way and helping by instilling this into your children as well. Our children should not be using the same passwords for every website they go to, they should not be using the same password for too long. We need to educate them to try and train them to, to change their passwords on a regular basis and to use good passwords.
So Steve, I've also heard that there's a site, I can go to check if my email address has been used in any cyber breaches.
Absolutely. There's a very, very good website called Have I been poned.com. poned is a hackers term and it means password owned. And it's spelt pw n Ed poned. Have I been poned calm, you can quite safely type in your email address. I wouldn't go type in passwords in but yeah, can your email address and it will tell you if that email address has ever been involved in any of the big security breaches. If it has, that's nothing to worry about too much. It's just it's good for us to have knowledge, it's good for us to be empowered by knowing that. So what we have to do then is to make sure that we never use the same password that we used, that was breached. Email address is fine, but never use that password again.
Right. So just on that if if it came up, if I put my email address in and it did pop up to say there has been a breach Is there someone I should contact or just I should stop using the password associated with that.
analyse what what it's come up with, because it will tell you which breaches you were involved in. One of the common ones is the LinkedIn breach from two, two and a half years ago. Just make sure that the password that you use to use at that time gets changed, never used. Again, there's not a lot else you can do. There's no one you can really contact. Having passwords that are strong and that are changed regularly is your best defence.
Right, I think I'm going to start changing my passwords a bit more regularly. Now after learning all about that, because
there are some good password managers that will help you password management tools that are free that you can download. The one I use myself and there are plenty of others is called LastPass. Now that's on my laptop and on my phone. And when I go to a new website, and I create an account, it takes in the password, but it can also it'll also offer you suggested password. Some of these could be 15 characters long, unpronounceable alone and memorable. But that doesn't matter. Because the next time you go to that website, you go to the password manager and it'll tell you I can just copy and paste
it. Yeah, that sounds too good to be true. Almost. So I think our best hope that out
one word of warning, the password that you set to get into the password manager. Don't forget it. If you forget that, it's all gone.
I've done it.
All right. All right. We've learned from the best thing make sure we know our password for LastPass. Is there any other advice you'd like to add?
Absolutely. One of the absolute foundations of cyber security is risk assessment. I often get asked if I can provide a generic template for a policy or generic advice and that really doesn't work to the eyes. Every single part of cybersecurity. We choose the mitigations the security controls that we're going to be put in place based on a risk assessment of that situation. Everything is individual everything is tailored to the client.
Steve, one last question before we wrap up if you had $10 To spend on cyber, how would you spend it?
not the easiest one to answer. But what I would say I would spend the first $4 on security awareness, you get an awful lot of bang for your buck with Security Awareness. If you empower the people within your organisation. To understand cybersecurity, they will protect themselves at home and they will protect you in the office, I would spend $3 on monitoring my system so that I know what's going on. Another I know I've already mentioned one another awful statistic in cybersecurity is the average global time difference between an attack occurring and an attack being detected is 197 days. Wow. And that that's awful if you have monitoring in place. And if you've got good monitoring in place, you should be able to find out the same day I would spend $2 on technical things like firewalls, of course, email monitoring, the technical aspects of cyber security. And I would spend my last dollar on insurance having some good cyber insure cybersecurity insurance that I've reviewed and I know will protect me when the time comes.
Thank you, Steve. That is really insightful. And I think our listeners have learned, learned an awful lot I know I have. And so for those of you that are listening, Steve will be delivering a cyber awareness training webinar for IBM in early October. The copy of this webinar will be available soon after via our social media accounts. So please make sure you look out for it. If you would like more information on as to please take a look at their website at ies two.com.au. Or please feel free to reach out to Steve via LinkedIn. Thank you, Steve.
Thank you very much, Sandy.
Welcome back. In our next segment, we're chatting about the differences between the hard market and the soft market when it comes to insurance. To explain exactly what this means. We're joined by Ryan Cameron, a director of broking here at EBM, welcome, Ryan.
Thank you, Sandy, nice to be with you.
There's a lot of discussion in the insurance industry at the moment around a hot market. What does this mean from an ABM client perspective?
all industries and experience cycles of expansion and contraction in some way. And the insurance market is no exception. At the moment, we are in a hard market as opposed to a soft market, which in basic terms means higher insurance premiums, less competition amongst the insurance providers reduce capacities from those insurers that are offering the calibre and more stringent underwriting criteria.
say why are we currently facing a hard market,
a string of natural disasters globally and economic downturn? These are the main causes as they are traditionally what's yet to be understood, is the effects of the covid 19 pandemic and how that may influence or prolong the current hard market cycle.
How is the economic downturn tied into insurance pricing and capacity to write insurance policies?
Well, during the opposite cycle, the soft market cycle when premium rates are low, insurance carriers rely on investment market to make money. With global economic downturn. These investments are under significant pressure and insurance carriers aren't making the investment income they need to counteract that erosion or loss of investment premium rates begin to escalate.
Ryan, you mentioned the potential effects of COVID-19 and the impact is may have in prolonging a hard insurance market. in what context? Could this affect a prolonged cycle?
Good question. A global economy that's currently reacting to Coronavirus and supply chain disruption isn't going to help, as is the ongoing uncertainty. As liquidity decreases, investors with capital to deploy are going to look for relatively safe havens to boost returns, not to this disrupted marketplace. This lends itself to the current insurance marketplace continuing to be hard for a while.
So Ryan, how long do these cycles generally last for
the cycles generally lasts for two to eight years. But that rule was supposed has been tested in recent times. And with the ambiguity of what COVID-19 does globally to invest Markets really is the crystal ball stuff. So whilst we're two to three years into a hard market cycle, the end point is unknown.
What advice do you give to individuals and businesses around insurance products and pricing?
Well, not all insurance will be swept up in a hot market. Those with a strong risk with strong risk management, low claim activity. Robust balance sheets can navigate the hard versus soft market cycle better than others. All consumers need to take a holistic and pragmatic view of how to identify ways of trading and transferring risk. Whether that may be high deductibles or self insurance. There are many ways to mitigate or reduce premium rate increases in a hard market. Now just encourage your listeners to talk to their insurance broker to explore these options.
For next topic, we'll be chatting about the impact Cyclone season can have on business operations. To provide some insight into this i'm joined in the pod by Cameron Gaspar ABMs account manager for the Pilbara and broader Northwest region of Western Australia. Welcome, Cameron.
Thanks very much, Sandy. It's an absolute pleasure to be involved in ABMs inaugural podcast and thank you very much for the invitation.
Thank you for accepting we're very pleased for you to be joining us when you live in working karratha so you must have seen firsthand the impact Cyclone season can have on local businesses and homes.
Most definitely Sandy ham, I moved up to karratha from Perth and Melbourne in September 2019. And by February 2020, we had sockliner Damien knocking on the door. And local feedback suggested it was one of the worst systems that had hit the rage in the 30 year period. So we have most definitely saying what cyclones are capable of doing by way of destruction. damage as we've seen from Cyclone Damian specifically, can include sandblasting of vehicles from high velocity winds and debris being picked up to the flooding of contents within residential and commercial properties. roofs being ripped off houses, Windows being smashed, machinery being destroyed, and effectively everything in between. Some of the harder hit businesses and homes were effectively deemed as total losses. And that's a result of high velocity wind, fast and horizontal rainfall and flying debris.
So it sounds like the first few months you spent in Colorado was a real baptism of fire. It sure was Sandy. It sounds like it. Paul, most recently you worked with our client Nicole bass Speedway in karratha to help them navigate their insurance claim after they received some significant damage from that Cyclone earlier this year. Can you tell us a bit more about that? nickel bill
or sorry. Nicobar Speedway was an interesting climb, the committee reached out the day after the cyclone over email letting us know that the speedway sustained significant damage from the event. It wasn't until a day or so after we received that email that we were able to attend site with the committee and it wasn't until then, that we realised how significant the damages were. They will clearly in the face of the cyclone and the damages were far and wide reaching. water tanks were blown from one side of the track to the other. The truck was flooded with brackish water, which had been picked up off the ocean from the cyclone. The roof had been ripped off a canteen area or in a bar area, the demandable toilet block had been blown to the other side of the track. It was almost incomprehensible as to have damage the spate actually was we immediately engaged loss adjusters in conjunction with the insurer who were practice I was challenged. And then it was a process as to establishing what true replacement values were. In the months that followed. The difficulty with this climb was that over the course of its 4550 year history, the Nicobar spy had effectively been built on a donated basis. Members sponsors and the general public had donated infrastructure over the years, which did create a complexity in that no one was quite aware of what the true replacement values of such infrastructure was. Thankfully, With the support of chub and the assessor, we were able to come to agreement as to what these replacement values were, which ultimately led to us being able to collectively support the speedway with the fair and equitable claim payment which will ultimately help them rebuild.
So Cameron, what does it mean to get something like the speedway back up and running for the locals in karratha?
Well, the community element the climb was was on the forefront of both our being ABM and chubs. Mind, we're cautious that this was a community hub. And it was where families and races and businesses would go on weekends to race their vehicles or spectate the races or what have you. And we were very cautious the fact that we needed to get the speedway back on track so as to ensure that the families could continue to enjoy the pleasures of frequenting the speedway.
I guess in situations like this, having a thorough understanding of the business helps all parties achieve the right outcome and get the business operating again as soon as possible.
That's very true sanity and like every claim that we've been managing, particularly post Cyclone Damian, it has been off the back of us and trenching ourselves into these types of businesses and effectively becoming an arm of the business if you like. With nickel base, pay wise climb that all good well for us and that we're able to relay through to the insurer, what it occurred and where the complexities lied on the basis that we already had that understanding of the business. Without that understanding of nickel bias pay where we simply wouldn't have been able to relay the message Charmin probably wouldn't Cameron,
do you have any tips for businesses heading into the next Cyclone season?
Thanks for the question, Sandy. And yes. My advice leading into the next ice Cyclone season would be that insurance is complex. Yeah, you need to pay attention to the fine details and they could be sums, insured. Cyclone accesses, basic accesses, and what you actually are and aren't covered for particularly in the northwest, but anywhere in Australia. For that matter, you need to be reassessing your cover at least every year. For more complex business operations, you need to be doing that more frequently. And this advice isn't limited to commercial businesses, even as a homeowner or a tenant, you should be reassessing your insurance agent every year to ensure that your sums insured are adequate, that when it does come time to climb, there's no nasty surprises.
So thanks, Cameron. The information we've provided today is being really great. And it's given a great insight into Cyclone season and in particular, how we can all be more prepared, and to also take a look at our insurances each year. You've really highlighted what it means to be part of a community and I'm sure the locals are looking forward to attending more great events at the speedway including yourself.
Thanks, Sandy and thank you for the opportunity to participate in this first podcast of ABMs. I am indeed looking forward to getting to the speedway for their first event on the 31st of December this year.
Right. I think most people would like to say goodbye to 2020. So I think it'll be a fantastic night.
Correct. Thanks, Sandy.
And finally, thank you to my colleagues Ryan Cameron, and Cameron Caspar for joining me in the pod today. Plus a very special thank you to Steve Simpson from he has to I think cyber awareness is a topic everyone needs to be aware of. And Steve talked us through some really interesting subjects and ideas that we can all learn from. Thanks to our listeners. It's been really great for you to come along and join us on our first podcast. We're hoping to do many more, so please keep tuning in. If you'd like more information on any of the topics we've discussed today, please contact IBM on one 307 double five, double one, two or visit firstname.lastname@example.org. Don't forget to comment on our podcast and let us know if there are any insurance related topics you would like us to discuss in our next podcast. See you next time. Thank you