With cyber-crime on the rise, and changes to legislation requiring mandatory reporting for data breaches, cyber insurance is essential for Australian businesses.

As we recently informed our customers, in February 2018 the Australian Government enacted the Notifiable Data Breaches (NDB) Scheme. This new law requires all businesses who discover they have been breached, or have lost data, to report the incident to the OAIC Privacy Commissioner. This includes data held on any device, including mobiles, USB keys, company networks, hard drives or paper records.   Moreover, businesses that have been breached must also notify all individuals whose information may have been compromised. Non-compliance can result in heavy fines and penalties being imposed on both business and individual directors.

Why the NDB scheme is important

The goal of the scheme is to give Australians greater clarity and transparency about the privacy of their personal data. Compromised data can include highly sensitive personal details and information. For example, medical records, credit reporting information, credit eligibility information, financial information, and tax file number information.

The security industry has long pushed for mandatory reporting and Australia is one of the last countries in the world to enact it. Many businesses don’t report breaches because they’re afraid of the reputational fallout. However, not only are data breaches now widespread, but experts say they will only continue to increase and become more sophisticated.

Is your business affected?

This new legislation applies to your business if: Your turnover is more than $3 million per year and you are governed by the Privacy Act 1998. Or, if you are a smaller business handling sensitive or personal information.

Are you at risk of a data breach?

While many small businesses think it can’t happen to them – it can. In fact, it probably will sooner or later. Many SMEs believe that they’re too small to be at risk, but this actually makes them easy targets. Larger businesses may be more lucrative targets, but they’re usually better protected. Hackers know that small businesses tend to be more exposed and take advantage of this fact. Complacency is no longer an option for SMEs.

How you can protect your business

It’s important to have a plan and strategies in place before any breaches or incidents occur. Plans should include both ways to reduce the risk of a data breach occurring, and also strategies for managing breaches should they occur in order to minimise the business impact. Steps to take are: Review your current data security strategy; develop a data breach management strategy; make sure you have adequate cyber liability insurance; and educate your staff.

Taking out a cyber liability insurance policy can protect you again financial loss. While IT strategies may help prevent data breaches, there is no fail-safe way to ensure the security of your data.

A cyber insurance policy safeguards against the financial ramifications of a data breach in a number of ways, including:

  • Fines and penalties
  • Third Party Liability (i.e. Compensation for clients and customers who suffer financially or emotionally as a result of the breach.)
  • Legal and forensic investigation expenses
  • Reputational repair (i.e. The cost of professional consultants to assist in repairing damage to your company’s brand and reputation.)
Other benefits of cyber insurance

A new industry has emerged to deal with this growing problem that specialises in data and cyber risk management. Some underwriters are now offering pre-incident services as part of their cyber liability package, together with the more commonly promoted post-incident response services.

Cyber liability insurance is not only for businesses impacted by the new laws, either. A good cyber policy should provide broad business protection, including business interruption cover, cover for ransomware and cyber extortion costs and cyber terrorism, as well as traditional privacy and security breaches.

Cyber liability insurance should offer strong pre- and post- incident response services. Your average SME has no one to help if their computer screen suddenly freezes and a ransom message appears, which is just one example of where such insurance can be critical.

For more information

To keep updated with implementation of the Notifiable Data Breaches scheme, visit the OAIC website.

How IAS can help

To get your Cyber Insurance quote, contact your IAS Account Executive or call our office on (02) 8268 2900. Alternatively, email info@insuranceadvisoryservice.com.au

If you wish to discuss your cyber strategy and insurance needs further, call us anytime on (02) 8268 2900 for an obligation-free chat.