Actuaries Magazine July 2015
Total Page:16
File Type:pdf, Size:1020Kb
JULY 2015 JULY THE MAGAZINE OF THE ACTUARIES INSTITUTE 7 Tips to Ace Actuarial Studies By Kirsten Flynn From Big Bang to Data Transformations By Amanda Aitken and Yifan Fu Three Actuarial Success Stories By Rob Paton Airborne: a view of data analytics in Australasia By Hugh Miller Half Time Reflections on an Actuary’s Contribution By Kitty Leung In this issue Australian cyber claims: live and kicking . 3 For me it’s time to act now . 5 Letter to the Editor . 6 Default focus comes at some cost to most super funds . 7 A quizzical night . 9 Colloquia Spotlight on Insurance and Risk in Australia . 11 Three Actuarial Success Stories . 13 In the Margin: July 2015 - Beyond QWERTY . 15 A Defining Moment . 17 Academia is not the “real” world . 19 Half Time Reflections on an Actuary's Contribution . 20 On the Pleasures and Benefits of Collaborating with Other Professions . 23 Compulsory Health Insurance - Should government still be the health insurer of first resort? . 25 Career Insights with Dr Michael Goodwin . 27 7 Tips to Ace Actuarial Studies . 28 Sisters Are Doin’ It For Themselves… . 31 MRA signed with Canadian Institute . 33 Airborne – a view of data analytics in Australasia . 34 Finalists announced for Insurance Industry Awards . 36 Firm visit opens students up to possibilities . 38 Report challenges debate on climate change versus economic growth . 40 Welcome to New Members - June 2015 . 41 From Big Bang to Data Transformations . 42 IMPORTANT INFORMATION FOR CONTRIBUTORS Actuaries welcomes both solicited and unsolicited submissions. The Editorial Committee reserves the right to accept, reject or request changes to all submissions as well as edit articles for length, basic syntax, grammar, spelling and punctuation via [email protected] Published by the Actuaries Institute © The Institute of Actuaries of Australia ISSN 2203-2215 Disclaimer Opinions expressed in this publication do not necessarily represent those of either the Actuaries Institute (the ‘Institute’), its officers, employees or agents. The Institute accepts no responsibility for, nor liability for any action taken in respect of, such opinions. Visit http://www.actuariesmag.com.au/ for full details of our disclaimer notice. Actuaries Magazine Australian cyber claims: live and kicking By Eric Lowenstein ([email protected]) Cyber is an evolving risk issue that has become a leading We have also seen examples where hackers had placed software concern for many organisations. In an increasingly punitive legal within the company systems monitoring email correspondence and regulatory environment, it has potential to cause major to look for legitimate requests on the part of a supplier, such as financial and reputational damage. Importantly, directors need a change of bank account. At this point the hackers would step to set the culture, putting cyber risk on board level agendas in as the “man-in-the-middle” and take over control of the regularly and with adequate time. Boards need to be highly conversation, ultimately ensuring that the money transfer would aware of legislation and legal responsibilities. go to their own account and not to the legitimate supplier’s account. In order to launch such an attack it is sufficient to Cyber risks have continued their rapid climb moving into the top penetrate the systems at only one of the two companies five business risks globally for the first time this year. In a recent involved. survey of Australian CEO’s conducted by PwCi, cyber risk was rated the second highest business threat to organisational “Australia ranks as one of the most hacked countriesii in the growth. world.” “Cyber crime has now outweighed drug trafficking as the most Another common scenario is the ‘crypto locker’ where hackers lucrative form of crime.” placed malware onto an organisation’s network and encrypt all files. They then demand a ransom be paid in order to un-encrypt Some overseas cyber criminal networks have sophisticated the operating system. Clients have reported paying the ransom business models with established business strategies, executive and then find that their systems are wiped or that the hacker management teams and even employee health-plans & encrypts the files again six months later demanding a further performance reviews. This problem is not going away, payment. particularly as Australia moves up the ranks to become a number one target. Other companies, which operate infrastructure such as utility providers, have had physical engineering tampered with through Australia ranks as one of the most hacked countriesii in the hacked computer networks, causing havoc and major world. environmental incidents. Australian Banks have also been the target of attacks. In The recent Australia Post phishing scamsiii highlight Australia’s iv vulnerability with the scam achieving an 80% success rate and a February this year, a virus known as Carbanak was used to speeding infringement scam resulting in a 95% success rate. access bank employee computers and ultimately get inside the banking network. Once inside, they can mimic the actions of These high success rates motivate hackers to further focus cash transfer staff after watching how they operate. The hackers efforts on Australian business and scale up their attacks then transfer money from the bank into off-shore accounts or targeting specific employees in organisations to steal corporate order the bank’s ATMs to dispense cash to a waiting criminal. secrets, credit card details, bank records, customer lists, intellectual property and more. A changing risk landscape Current scenarios In Australia, cyber incidents have increased 48% in the last 12 months and the annual cost to Australian business of data Some common threats we are seeing in Australia are CFOs in breaches alone is $1.6 billion. The Ponemon Institute’s 2014 global firms receiving emails from what appears to be legitimate Cost of Data Breach: Australia reportv found that the average head office email addresses requesting a transfer of funds to cost of a data breach experienced by Australian companies was pay for overseas taxes to an offshore bank account. $2.8 million. Page 3 of 44 Actuaries Magazine From a data protection and recovery perspective, Australia is installed on some of its in-store payment systems. Evading also lagging behind. The EMC Global Data Protection Indexvi anti-virus software and present on the system for many found 64% of Australian businesses experienced data loss or months, this resulted in the loss of nearly 20,000 customer downtime in the last 12 months with 78% not fully confident in credit card details. The company faced a large bill after it had their ability to recover after a disruption. to launch a forensic investigation and pay for Payment Card Industry related fines and card brand assessments. The cyber Business trends, such as big data, mobile and hybrid cloud also insurance policy responded to these forensic costs and PCI create new challenges for data protection in Australia with 58% fines. of businesses lacking a disaster recovery plan for any of these • An unencrypted laptop belonging to an employee of a charity was left on public transportation. It contained the personal environments and just 7% having a plan for all threevii. details of nearly 5,000 donors. Conscious of the need to protect its brand and reputation, the charity decided to voluntarily notify those affected. The cyber policy covered the notification costs. • A small accountancy firm found their entire network riddled with malware after a temporary worker accidentally clicked on an infected link. In order to fix the problem, they had to hire a specialist team of IT forensic consultants that had to rebuild their system and restore data at cost of $45,000. The cyber policy covered the external costs associated with restoring, repairing and rebuilding systems. Where to from here? There is a significant need for organisations and boards to become more aware of the threat that cyber risk poses to their bottom line, brand & reputation. As awareness increases and highly publicised breaches continue to be seen in the media, companies are looking to transfer some of the financial risk off the balance sheet to an insurance mechanism. As insurers contemplate the opportunities around this growing market, they must also consider the risks. This is often a difficult class to price given limited historical actuarial data. This is particularly heightened when considering the impact of aggregate exposure amongst insureds often using the same cloud providers and the systemic risk that may flow from a ‘black swan’ event. Source: Aon Risk Solutions i http://www.pwc.com.au/ceosurvey/ ii http://www.idgconnect.com/abstract/10004/why-australia- Australian Cyber Insurance hacking-magnet Claims iii http://auspost.com.au/about-us/scam-alerts.html iv http://www.abc.net.au/news/2015-02-17/banks-victim-of- For those interested in not just hearing about cyber scenarios in multi-national-hacking-attack-security-firm-says/6130370 Australia but actual cyber insurance payouts, here are a few v http://www.ponemon.org/blog/ponemon-institute- examples: releases-2014-cost-of-data-breach-global-analysis vi http://www.emc.com/microsites/emc-global-data-protection- • A company accountant of a Sydney manufacturing firm index/index.htm?cmp=SOC-14Q4-GDPI-OT received an email from her boss asking her to transfer vii $120,000 to a supplier abroad. Because this was a common http://www.emc.com/microsites/emc-global-data-protection- type of request, she processed the payment before realising index/index.htm?cmp=SOC-14Q4-GDPI-OT that the tone of the email wasn’t right and the domain name was a single letter off. Upon further investigation, it was Eric Lowenstein found that cyber thieves had infiltrated their systems and Cyber Risks Practice Leader grew knowledgeable enough about company dealings to send Aon Risk Solutions a convincing phishing email that lost the company thousands.