Australia is one of the world’s most hacked countries, according to recently released data from the Centre for Strategic and International Studies. Australia holds equal sixth place on the grim list, with 16 major cyber attacks in the period between May 2006 and June 2020.
In June 2020, Prime Minister Scott Morrison announced that an unnamed state actor had been targeting businesses and government agencies in Australia as part of a large-scale cyber attack. He warned that the attacks had been happening over many months and are increasing.
In the same month, the details of 82,000 Australians were leaked after falling victim to a fraudulent cryptocurrency investment scheme that used fake media sites and celebrity endorsements.
With such significant and varied cyber attacks in consecutive months, it’s fair to say cybercrime is increasing at a rapid pace. Additionally, the mandatory data breach notification laws place increased emphasis on investing in cyber security and risk.
This demands that businesses of all sizes should assess their cyber risk, focus on their risk management plans and develop a data breach response plan.
Cyber attacks are on the rise among Australian organisations, with cyber crime costing the Australian economy more than $1 billion per year.
In Australia, cyber insurance offerings vary. There are differences in premium pricing, gaps in coverage and no standard industry policy wording. As such, it’s important to consider the details of any cyber insurance policy to ensure it meets your needs.
Your business should conduct a risk assessment of its cyber risk exposure. As your broker/adviser, we can assist with this. Once you’re aware of your risks, we can ensure your insurance coverage meets your specific needs.
Some key questions to ask include the policy’s coverage of losses. Cyber incidents could have severe financial and reputational repercussions, whether from losses related directly to your business, loss of customer data or the cost of regulatory investigations and fines.
1. Does the policy cover cyber extortion?
The inclusion of cyber extortion in a policy may protect a business against ransomware situations. Look to see if the policy covers the costs of a cyberattack, hiring negotiation experts, covering extortion demand costs, and costs associated with preventing future threats.
2. Does the policy cover electronic data replacement?
Where there are breaches of data, businesses can incur extensive costs in recovering lost data or replacing business data and other records.
Other first-party losses include:
- Business interruption
- Notification costs and credit monitoring services
- Forensic investigations
- Crisis communication and public relations
- Legal costs assisting with privacy notifications and compliance response
3. Does the policy cover third-party losses such as defence costs?
In Australia, there is an increased focus on regulations pertaining to protecting personal information. As Australia and other countries implement strict data privacy laws, cyber insurance can assist businesses to manage the increased regulatory risk in protecting personal information that the business collects.
Where there is a breach, your business may incur costs associated with investigations by a government regulator or in defending any third-party claims.
Other third party losses include:
- Defamation
- Infringement of intellectual property claims
- Violation or infringement of privacy claims
- Fines and penalties
- Damage to third party systems and confidentiality breaches
Additional expenses
4. Does the policy cover the cost of crisis management?
It’s important to manage the immediate impact of a cyber incident on your business. Your business continuity plan may include crisis management procedures, such as external support for reputational recovery or management of damage caused by hackers in a cyberattack. Does your insurer provide access to a cyber incident response team?
5. Does the insurance cover costs of customer accountability?
Your business may have regulatory, legal or contractual obligations to contact customers in the event of a cyberattack or security breach under the Australian Government’s Notifiable Data Breaches Scheme. The costs of notifying customers, monitoring their personal data to prevent further attacks and complying with regulatory requirements should be considered when you choose your insurance policy.
Cyber insurance is one element of managing your cyber risk. Taking out a cyber insurance policy may seem complicated. However, by asking a few important questions and speaking to us directly, you can ensure that you choose the right policy for your business.
Article supplied by OneAffiniti
Photo by Glenn Carstens-Peters on Unsplash