CANBERRA, AAP – The insurance industry is calling for new standards and investment incentives to better protect Australian businesses from cyber gangs.

Ransomware attacks and data theft are a growing threat to Australia amid unprecedented growth in digitisation and connectivity.

But just one in five small businesses have cyber cover, and insurance providers are few, leaving Australians vulnerable, insurers warned on Monday.

“The combination of a small premium pool and the increasing sophistication and maliciousness of some cyber-attacks have put significant pressure on insurers and businesses alike,” Insurance Council of Australia CEO Andrew Hall said.

The ICA has released a policy paper calling for minimum security requirements and mandatory third-party certifications for software and hardware.

Investment incentives for education around cyber risk, as well as for businesses willing to disclose and work with enforcement agencies are also recommended.

Cyber legislation currently before parliament is focused on better protecting critical infrastructure.

Targets of ransomware attacks – the fastest growing cyber threat to Australia’s digital economy – have ranged from logistics giant Toll Group to hospitals in recent years.

Ransomware is a form of malicious software, or malware, that can lock out computer users.

Hackers then demand money in exchange for restoring access to data and systems.

Russia-aligned criminal group Conti, the world’s most successful ransomware-as-a-service (RaaS) operator, is active in Australia, Defence Minister Peter Dutton has warned.

New indictments by the US Department of Justice over the weekend targeted four individuals allegedly working on behalf of the Russian government in cyber campaigns against the global energy sector.

They targeted thousands of computers at hundreds of companies and organisations in approximately 135 countries, including Australia, Foreign Minister Marise Payne said.

Groups operating out of China, Iran and North Korea are among other longstanding threats.

Laws passed in December allow the federal government to issue sanctions directly against hackers that ban them from visiting or investing their gains in Australia.

Under a Labor bill currently before the Senate but unlikely to pass, it would become mandatory to report payments paid in response to a ransomware attack.