Last month, both Houses of Federal Parliament passed amendments to the Privacy Act introducing mandatory reporting of data breaches. The Bill is expected to become law in the next 12 months and all companies should be aware of their potential liability associated with data breach notifications and insurance solutions that can assist in risk mitigation.
Barely a week passes without some form of cyber event being reported in the media. These range from simple errors such as using an image on your website that is subject to copyright to sophisticated hacker attacks and data breaches.
In 2015, the Australian Government reported that almost 700,000 businesses experienced a cyber crime and 60% of all targeted attacks were directed at small and medium sized businesses. Half of the costs were caused by web-based attacks and insiders. The report noted the average cost per attack, as follows:
Average cost per attack:
Denial of service $180,458
53% of these costs related to detection and recovery of IT systems that are necessary for the day-to-day operations of a business.
Most firms have systems in place such as anti-virus software, firewalls and back up procedures. However when undertaking an overall risk management strategy for your business, cyber insurance should, at least, be considered as not all risks can be avoided. After all, you may have locks, alarms and sprinklers in your office, yet still insure against burglary and fire.
Many insurers have now issued cyber protection policies. Most of these provide broad cover and are relatively inexpensive. Importantly they provide cover for both first party and third party losses. Insurers have teamed up with specialist IT companies to respond immediately in the event of an attack or breach and the costs of these response teams are covered under the policy.
Some coverage areas include:
Physical theft or loss resulting in a cyber event
If you would like further information or a quotation, please contact your Planned Cover broker.
State Manager – Victoria