Household insurance policies generally do not cover working from home and consequent occupational risks, including cyber-attacks, but insurers are taking a flexible approach on such issues, according to the Insurance Council of Australia.

At the same time, businesses are being urged to check their insurance policies to see if they cover cyber-attacks outside the office, which is normally the premises insured, not an employee’s home.

It comes as Telstra chief executive Andy Penn warned Australians were more vulnerable to malware, ransomware and phishing as the coronavirus forces them to work from home and use their personal Wi-Fi networks.

ANZ chief risk officer Kevin Corbally also believes the biggest threat to the financial sector during the shutdown is cyber-security, warning criminals were likely to take advantage of greater human error during the pandemic as remote working put employees under greater stress.

The Insurance Council said while most household policies did not cover working from home, employers must ensure a safe work environment regardless of an employees’ location, whether that is in the office or at home.

“Household policies usually do not cover working from home,” ICA spokesman Campbell Fuller said. “However, with hundreds of thousands of Australians now working from home, insurers are taking a flexible approach. They expect that anyone working from home will maintain a safe working environment in line with normal workplace health and safety obligations.

“(Business insurance) customers are required to have strong measures that manage system vulnerabilities to help reduce the opportunity for cyber-attacks. Staff working from home will be expected to comply with their company’s IT protocols and processes to minimise the opportunity for cyber-attacks.”

Mr Penn this week launched an initiative to help protect the telco’s business and consumer customers from malicious attacks.

The initiative, codenamed “cleaner pipes”, follows Telstra trialling technology for the past year, including blocking the command and control communications of botnets and malware and stopping the downloading of remote access trojans, backdoors and banking trojans.

The telco’s venture capital arm, Telstra Ventures, has also invested in Boston-headquartered FinTech Corvus, which uses artificial intelligence to assess cyber-security threats in real time.

Corvus, which isn’t operational in Australia yet, said many insurance policies offering cyber protection excluded premises outside the office or encrypted devices.

“iPhones are the only mainstream consumer technology that comes with encryption automatically. Macbooks can have encryption enabled easily, but it is done by default, and Windows laptops and Android phones have no built-in encryption at all — it must be affirmatively added by the company’s IT department,” Corvus said on its website.

“That all adds up to many, many personal devices that are potential vectors for attack and would potentially cause all costs to go uncovered because they are excluded.”

Telstra Ventures partner Gurpreet Ghuliani said when people work from home, companies cede control to most IT infrastructure.

“No matter how many VPNs they have, they are losing control of what’s going on to people’s mobile devices and laptops, unless it’s a work one,” Mr Ghuliani said, adding Telstra Ventures had a 5-10 per cent stake in Corvus.

More related stories

Business

Arrogant Big Super opts out of decency

Thousands of Rest Super members wrongly slugged for insurance have been told they need to get in contact if they don’t want to keep paying the fees turned on by ‘accident’ months ago.

Read more

Financial Services

ASIC to scrutinise super funds over mergers

As the industry battles member service failures, the corporate regulator is turning its attention to the rapid consolidation in the market.

Read more