IEEE SA Wordmark

Critical Infrastructure Webinar Series

IEEE Standards Association (IEEE SA) and IoTSec Australia are hosting a series of webinars intended to educate and raise awareness on cyber risk for critical infrastructure organizations with a focus on IIoT or IoT in their environments.  These webinars will discuss the delivery of essential services to society at large in key sectors: Power, Consumer Supply Chain, Health and Smart Cities.

Finance and Insurance Sector

MONDAY, 7 NOVEMBER 2022 16:30 - 18:00 AEDT

Cyber-attacks have been rated the fifth top-rated risk  and become the new norm across public and private sectors.The financial and insurance sector remains a popular target for cybercriminals as they have a credible store of personally identifiable information (PII) and financial data and when exposed, make for highly damaging situations.


The finance and insurance sectors now fall under critical infrastructure legislation globally. This includes banks and other ADIs, financial markets, financial benchmark providers, payments systems, derivatives trading repositories, clearing and settlement facilities, credit facility businesses, insurance and superannuation businesses. With sensitive assets such as storage and payment terminals providing a large attack surface, ransomware operators and initial access brokers are having a field day in the sector.


This risky industry continues to grow in 2022 as cyberattacks alone are expected to double by 2025.


A significant disruption to financial market infrastructure assets has already had a detrimental impact on public trust, financial stability and market integrity and efficiency.


Due to the increase in endless cyber attacks and rising costs of cyber incidents ,it's becoming increasingly common for organizations to adopt cyber insurance as an important aspect of their risk management and the cost of cyber insurance has doubled on average each year for  the past three years. A small or medium-sized business wanting to buy $10 million of cover would, on average, face a $60,000 premium, up from $33,000 a year ago, A large company wanting to purchase $20 million of cover would pay about $350,000, up from $194,000 a year ago. However, is there an opportunity for cyber insurers to work alongside organizations to elevate cybersecurity defences, to meet regulatory obligations and help reduce premiums for organizations?

The elephant in the room:

  • Due to the subsequent insurance payouts, insurers will be forced to limit their risk or go out of business or doubling their premiums; 
  • Should cyber insurance be seen as a substitute for cyber preparedness, 
  • Should cyber insurers mandate 'tabletop scenarios' involving senior management before agreeing to provide coverage 
  • Above all ,given the severity of such threats, what can insurance companies do to protect themselves?  

Who Should Participate:

  • Board of Directors (Audit & Risk, advisors, non-executive Directors, advisors)
  • Executive management (CIO, CTO, CISO)
  • Senior management (Head of Cybersecurity, Head of OT) in organizations and associations in both public and private sector 


Ravi Nayyar

PhD Scholar, University of Sydney

Shane Bell

Partner McGrathNicol

Colin Pausey

COO, Emergence Insurance

Yuval Sapir

Cyber Expert and Product Manager - Sling Cyber Insurance

Sri Chandra

Sr. Director, Foundational Technologies Practice Lead

Available On-Demand

Register for the Series and Receive 


Supply Chain and Third Party Logistics


Third-party or supply chain cyber risk is becoming thematic for organizations of all sizes. In 2021 the SolarWinds and Kaseya breaches affect organizations of all sizes--from Microsoft to small businesses.  A Ponemon report in 2021 showed that over half of organizations that suffered a data breach did so because of a third party. Critical Infrastructure operators may have robust security systems in place, but what if a third party does not? How are organizations that operate critical infrastructure assets managing risks that are exposed by third parties?



Security of the Power and Energy Sector

In the past, cyber-attackers largely ignored operational technology (OT) systems, such as industrial control systems and SCADA systems, because it was difficult to get to the proprietary information, or OT systems not connected to external networks and data could not be easily infiltrated. However, attacks on IoT/OT cyberattacks are expected to double as many industrial systems are connected to company networks with access to the Internet and use everything from connected sensors and big data analytics to deliver operational improvements. This convergence and integration of OT and IT have resulted in a growing number of cyber-risks, including effective and impactful cyber incidents across both IT and OT. An OT cybersecurity incident can lead to loss of production, damage to equipment, and environmental release. Defending OT from cyber attacks requires a different set of tools and strategies than used to protect IT. While IT incidents can take months to recover, OT incidents can take several years.


IEEE logo

© Copyright 2023 IEEE – All rights reserved. Use of this website signifies your agreement to the IEEE Terms and Conditions.
A not-for-profit organization, IEEE is the world’s largest technical professional organization dedicated to advancing technology for the benefit of humanity.