The Challenge of Cyber Crime

Business Email Compromise, Social Engineering Loss and Push Payment Loss continue to cause significant losses for Australian businesses. Historically, once funds were transferred to fraudsters and dispersed through mule accounts, recovery prospects were often limited. As a result, these losses were generally treated as final: the insured suffered the loss and the cyber insurer paid the claim.

AFCA's Expanding Focus

AFCA is increasingly scrutinising the conduct of banks in fraud-related matters. This includes transaction monitoring, the management of mule accounts and, in some cases, whether a bank had a "duty to inquire" before processing an unusual or suspicious transaction. AFCA's expanded jurisdiction over receiving banks further broadens the potential for accountability across the payment chain.

Why This Matters

For cyber insurers, fraud losses have traditionally been high-severity claims with limited recovery opportunities. However, where a bank may have failed to identify suspicious activity or intervene appropriately, potential recovery avenues may now exist. This is good news for insureds. Cyber insurance can provide immediate financial support and specialist assistance following a fraud loss, while the insurer pursues recovery opportunities in the background.

The Takeaway for Brokers

AFCA's expanding role does not reduce the value of cyber insurance; it may enhance it. As scrutiny of banks increases, opportunities for recovery may improve, allowing insurers to provide immediate support to clients while pursuing the banks after the event. The result may be a future where AFCA is not a substitute for cyber insurance, but a valuable partner in helping businesses recover from cyber-enabled fraud.