The Insurance Council of Australia (ICA) has urged policymakers to broaden cybersecurity obligations for businesses, citing the increasing sophistication of cyber threats and the growing use of artificial intelligence in attacks.
The call comes as recent incidents have highlighted the vulnerability of both global and Australian organisations, with implications for the insurance sector’s approach to risk.
In August, Jaguar Land Rover (JLR), a major automotive manufacturer based in the UK, experienced a cyber incident that disrupted its global IT infrastructure.
Production at the company’s Halewood facility was halted, and retail operations were affected as the company worked to restore systems. Employees were instructed not to attend shifts during the recovery process.
In Australia, TPG’s iiNet division reported a significant data breach after attackers used stolen credentials to access its order management platform.
The breach exposed the email addresses of approximately 280,000 active customers, 20,000 landline numbers, and additional customer data such as usernames and modem setup passwords.
TPG confirmed that no financial or identity documents were accessed, and has begun notifying affected customers while providing a dedicated support line.
In its submission to the Department of Home Affairs for the next phase of the Australian Cyber Security Strategy, the ICA identified several emerging risks, including the impact of artificial intelligence, quantum computing, and the management of personal data by consumers.
The council noted that small and medium-sized businesses (SMBs) are particularly at risk from automated and AI-driven cyber campaigns, which differ from the targeted attacks more commonly faced by larger enterprises.
A new report from Beazley has found that cyber risk is an increasing concern among business leaders worldwide, even as confidence in organisational preparedness grows.
The 2025 Risk & Resilience report, which surveyed executives globally, found that 29% now rank cyber risk as their top concern, up from 26% in the previous year. This is the first increase in this metric since 2021.
The ICA’s recommendations include:
The ICA also emphasised the need for a national approach that recognises the varying resources available to different sectors and businesses, particularly smaller firms that may lack the capacity to invest heavily in cybersecurity solutions.
The insurance sector, in partnership with government and larger organisations, is positioned to assist SMBs in strengthening their cyber defences.
The ICA recommends using insurance policy renewals and similar interactions as opportunities to reinforce government cybersecurity messages and promote best practices among smaller businesses.
The ICA continues to support the government’s digital initiatives and is working to enhance Australia’s overall cyber resilience.
ICA CEO Andrew Hall said the current priority is to raise cyber awareness and practices among individuals and small businesses.
“SMBs are not as well-resourced as their large counterparts, with managers having to operate across all aspects of business, allowing limited time for cyber security,” he said. “Improving cyber literacy will help SMB decision-makers balance insurance costs with preventive measures, which can positively influence their insurance premiums.”
