Treasury will consider whether cyber terrorism that causes physical property damage should be added to the national terrorism insurance scheme for a second time in three years.
With the volume of cyber attacks continuing to increase, the department is set to revisit the eligibility of cyber attacks under the scheme as part of its latest review of the underlying legislation.
Cyber incidents are currently one of several events excluded as a “cause of property damage” under the Terrorism Insurance Act, introduced in response to the September 11 terrorist attacks.
Treasury last looked into broadening the definition of eligible terror-related incidents to those in the cyber domain as part of its 2018 review of the Act.
That review found that while “market gaps may exist”, there was “no evident market failure for cyber terrorism insurance in relation to physical property damage”.
The underlying risk was also regarded as “low” at the time, with the Australian Cyber Security Centre considering “terrorist groups’ use of offensive cyber capabilities to be limited”.
But since then, the Australian Reinsurance Pool Corporation (ARPC) has released a research report identifying a “market gap for cyber terrorism insurance where the attack results in physical damage”.
The report, released in May 2020, said such an incident had the “potential to cause substantial losses”, while noting that the “probability” of physical property damage remained relatively low.
Treasury said that like the 2018 review, the 2021 review will look at “whether a sufficient rationale has emerged to include cyber terrorism causing physical property damage within the scheme”.
“In line with the original intention of the scheme, which aimed to ameliorate a market failure, the review will consider the inclusion of cyber terrorism acts that result in physical property damage,” it said.
Treasury will take submissions until July 30.