Will you survive an "attack"?
Did you know that the recent Privacy Act Amendments mean that Federal agencies, companies and non-profits with an annual turnover of $3 million or more must notify the Office of the Australian Information Commissioner about cyber breaches, and alert affected individuals? In this digital age, all businesses are vulnerable to a "cyber attack", this could be via your website, server, emails or third party providers ("the cloud", service providers and suppliers). Even if your system is "secure" do you use contractors that can log into your system? Are their computers "secure"? What are your procedures on opening emails with attachments? What measures do you have in place for transferring money to third parties and internally? Do you have a robust risk management system in place for all of your IT systems - telephones, laptops, photocopiers, working from home, servers ("the cloud") etc? Do you test your systems to ensure back ups are available and haven't been corrupted? What would you do if you couldn't access your computer system - could you still operate? Would your customers be able to find your business? Could you make sales without an online payment system? What damage would be caused to your reputation?
The risk of fire to Australian businesses is 1 in 200 while hacking is 1 in 5 - would you operate without insurance for your property/stock?
Cyber insurance can cover you for the following: Technology Professional Services This covers your liability in the event you are sued as a result of your technology services. This could include breach of contract, efficacy (fitness for purpose), plagiarism, defamation, libel or slander. Multimedia Liability This covers your liability in the event you are sued as a result of information provided in your multimedia e.g. your website or publications and advertising material. Examples would be breach of copyright, libel or slander, plagiarism or defamation and infringement of the right to one's privacy. Security and Privacy Liability This covers your liability in the event you suffer a data breach and you are sued by the affected party including customers or employees. This also includes theft or altering of data, viruses or malware, denial of service and other loss of data from your systems. Customer Support and Reputational Expenses If a data breach occurs, this will cover costs incurred to maintain your reputation and provide support to your clients, such as a public relations firm to help repair damage to your brands; legal costs for notifying your affected customers or offering credit monitoring services; setting up call centres for concerned customers; and bringing in IT forensic teams to ascertain the cause of the data breach and potentially remove the hacker from your system. Data Recovery and Business Interruption This covers the costs incurred to restore, re-collect or replace affected data stored at your premises or at your external backup data centre or storage facilities, and loss of revenue due to network downtime because of a security breach Privacy, Regulatory, Defence and Penalties Investigation by regulators can be expensive to defend. This covers your legal costs to comply with any regulatory action taken against you following a data breach and can also pay for civil penalties (where allowed) and compensatory awards levied by regulators. Cyber Extortion Hackers can threaten to release confidential information or damage your computer networks in an attempt to extort money. This covers ransom paid to avoid the threat from becoming real.
- Stolen laptop leading to invasion of privacy - $3,400,000
- Procedure Breach (opened "virus" email) - $170,000
- Breach of Contract - $2,600,000
- Intermediary selling personal information $175,000
- Extortion Attack (from hacking) - $205,000
- Ashley Madison (hacking) - ongoing (current lawsuit $1.2B)
- Panama Papers (alleged hacking) - ongoing
- Bangladesh Central Bank and New York Federal Reserve - $80m
- Yahoo hack - ongoing
- Red Cross Australia - 500,000 donors had their personal details exposed
A survey released mid 2013 by McAfee found 45% of surveyed Small to Medium Businesses had been the target of an electronic attack in the prior year and 46% had suffered a data or security breach perpetrated by disgruntled and current employees. For more information and a tailored quote on cyber insurance please contact Clare Smith, cyber insurance specialist. General Advice Warning The information on this website is general advice only and does not take into account your personal circumstances, financial situation or needs. Please connect with an insurance broker to discuss your specific needs.
Advisr does not provide advice and does not hold a financial service license (AFSL). All information above has been provided by Clare Smith.