Search for insurance help

What to do if your business experiences a cyber breach

With Optus and Medibank both experiencing a recent cyber breach, it’s essential that you know how to tackle a similar problem. After all, if these large companies can be breached, it’s not beyond the realm of possibility that it can happen to your business as well. That’s despite having an up-to-date cyber security system in place.

Given that protecting your business from all threats is one of your priorities, one of your first steps should involve improving your cyber security. Another step is to create an Incident Response Plan so everyone knows what to do if a data breach occurs. Finally, you should ensure you consult an insurance adviser so you can be adequately protected if the worst does occur. 

So, what steps should you include in your cyber plan?

STEP 1: Confirm that a cyber breach has occurred

Depending on your cyber security, you may be alerted to a cyber breach via your own IT systems, by your bank, customers, law enforcement officials or the actual cybercriminal. Before you do anything, you need to verify that a breach has occurred. So having a capable IT team onsite is important, but if not, then it’s wise to engage with an external cyber security team who can detect the breach.

STEP 2: Contain the breach

A data breach at your business must be contained as soon as possible. It’s the best way of protecting your business from further intrusions by the same scammer. You need to isolate your systems, take your servers and computers offline and contain the threat because the sooner this happens the better the outcome. The only thing worse than a cyber breach is multiple breaches because you didn’t secure your system after the first breach.

STEP 3: Assess the severity of the breach & preserve evidence

The next step in protecting your business is to assess the severity of the breach and preserve as much evidence as possible for forensic analysis. Identify what data has been breached and whether any customer information has been accessed. Don’t panic and wipe your systems or reinstall the software. Your team of cyber security experts will need your compromised systems to track down the perpetrator and discover how the data breach occurred.

STEP 4: Notify relevant third parties

Notify any customers and other relevant individuals (banks, financial institutions, senior management, suppliers, stakeholders, and so on) and lock all your accounts down to prevent further breaches. Under the NDB (Notifiable Data Breach) you might also need to notify the OAIC if it’s a notifiable breach. 

Management Liability insurance is designed to provide protection to both the business and its directors or officers for claims of wrongful acts in the management of the business.

A business insurance pack can provide cover for your business premises and contents, against loss, damage, theft or financial loss from an insured interruption to the business.

Purchase up to six products under one Business Insurance Package. 

Notify any customers and other relevant individuals (banks, financial institutions, senior management, suppliers, stakeholders, and so on) and lock all your accounts down to prevent further breaches. Under the NDB (Notifiable Data Breach) you might also need to notify the OAIC if it’s a notifiable breach. 

STEP 5: Review your cyber security 

You need to know how this cyber breach occurred, fix the problem and review your entire cyber security system so that it doesn’t happen again. Whether you handle all of this internally or engage an outside firm depends on your situation. However, a professional review of your cyber security is essential for protecting your business after a confirmed data breach.

If your business already has Cyber Insurance then you need to inform your insurance provider as soon as possible once a data breach has been confirmed. If you don’t have Cyber Insurance, then it might be wise to explore your options with an insurance expert.

Contact one of our insurance specialists today. 

General Advice Warning: This advice is general and does not take into account your objectives, financial situation or needs. You should consider whether the advice is appropriate for you and your personal circumstances. Before you make any decision about whether to acquire a certain product, you should obtain and read the relevant product disclosure statement.

All information above has been provided by the author.


Insurance Advisernet, ABN 15 003 886 687, AFSL 240549

This article originally appeared on Insurance Advisernet News and has been published here with permission.

Comments (0)

Related insurance brokers

Review rating
26 reviews

Featured Featured

Tony Venning

Crucial Insurance and Risk Advisors

  • Typically replies within
    a few hours
  • Review rating
    168 reviews

    Featured Featured

    Daniel Ufer

    Priority Insurance Brokers

  • Typically replies within
    a few minutes