Cyber-attacks and Data Breaches in Australia are on the rise, with current statistics showing that businesses are one third more likely to experience a data breach than they were in 2014.

On February 23, 2018 the Privacy Amendment (Notifiable Data Breaches) Act 2017 came into effect. This legislation requires Australian businesses that have been affected by a serious data breach to report to the Office of the Australian Information Commissioner (OAIC) and to notify all customers whose information may have been compromised. If the organisation does not comply, heavy penalties can be applied. The OAIC reveals that almost 1000 data breaches were notified from April 2018 to March 2019, with 60% being linked to malicious or criminal attacks and just over one third due to human error.

Within the last 6 months businesses both large and small have been affected by a Cyber Attacks.

Cyber-attacks can be diverse and can range from a simple server hack from an unknown third party to ransomware attacks and phishing emails. Ransomware is a form of malware which can disable your systems. This form of virus can lock down files and sensitive data of yours and your clients and held for ransom in exchange of a huge sums of money. Phishing emails are targeted to the receiver and can either involve a request from the sender to transfer funds or the email itself includes a dangerous link or file, the sender is usually acting as a trusted third party, it could be either a customer, client or a businesses you regularly deal with.

The attacks have not been limited to one industry or type of business as these events have reached small local businesses to global corporations. In recent events, we have even seen our own Government being affected by a data breach.

IBM Security in partnership with Ponemon Institute released their 2019 Cost of a Data Breach Report, their findings are that average total cost of a data breach in Australia for a company is $2.13 million which is just under the global average of $3.92 million. The average size of data breach is 19,800 records being exposed, with the cost of each record being $110 and takes an average of 281 days for the breach to be identified and to be contained.

As can be seen, businesses large and small are facing massive expenses and increased likelihood of events. Now more than ever, we all need to be ensuring we are implementing best practice and risk management procedures to prevent events occurring and or limit the damage when an attack occurs.

Risk Management

• Have an Incident Response Team and Plan– by having a dedicated person and or team to arrange an incident response plan when an event occurs will allow a response to an event to be implemented quickly and effectively. This can help mitigate damages and costs.
• Encrypt Data – with all employees accessing network via many different types of mobile devices (from mobiles to laptops) a breach can occur from simply losing a phone. If the device is lost or stolen, the data cannot be used which will mitigate the potential exposure.
• Have a Network Security Policy – A current and enforced network security policy should outline the organisational rules for appropriate use of an organisation’s computer resources. The policy should include strong password protocols, website access and usage restrictions and appropriate email usage.

Insurance: Cyber Security & Privacy Protection

Cyber Insurance Policies are available in the market for all types of businesses. The purpose of these policies is to assist you when a Cyber-attack or event occurs. Cyber policies provide cover not only for the financial consequences of an attack but also provide coverages such as 24/7 incident response hotline to assist you in the first instance of an attack and also a Public Relations service support your business in maintaining its image, reputation and customers trust after an event.

The other coverages that can be provided are:

Third party coverage for:

• Security and privacy liability including cover for regulatory proceedings defence costs
• Civil fines and penalties cover
• Internet media liability

First party coverage for Privacy breach costs including:

• Forensic investigation expenses of a company’s computer system to determine the cause and extent of the privacy breach
• Cyber Extortion Threat and Reward Payments
• Cost of notifying client or data compromise
• Public relations expenses
• Digital asset replacement expenses cover
• Business income loss

Gow-Gates specialises in this type of risk placement, so if you believe that this issue is relevant to your business, please feel free to contact Gow-Gates Insurance Brokers on (02) 8267 9999 to discuss your circumstances or to obtain a quotation.

Gow-Gates Insurance Brokers advises that persons should not act on the material contained in this article as the items are of a general nature only and may be misinterpreted. We therefore recommend that advice be sought before acting in these areas.

• Statistics provided by IBM Security Cost of a Data Breach Report 2019