Search for insurance help

Cyber & Insurance Myths

With the impending Notifiable Data Breach (NDB) Scheme about to affect businesses in Australia I thought it timely to provide a little bit of insight into some common Cyber and insurance myths.

Cyber Myth – only the bigger businesses need to protect their data

If your business turnover is over $3mill or more, you should already be on top of the NDB Scheme.

Who said that Cyber-Losses only happen to business that turnover $3mill or more?

Typically a smaller businesses is more vulnerable (and less prepared for a loss of data) and the opportunity for an attacker to succeed is higher.

There are other smaller businesses that are affected by the NDB scheme such as health services, finance or businesses holding identifiable personal information (names, addresses and phone numbers). These businesses have 30 days to determine if a loss of data is a breach, and report it to the OAIC.

The NDB scheme does not affect all businesses. It is time to consider how your business would be affected if you lost access to your data.


Cyber Myth - the cloud provider holds all my data so I am safe

No matter where your data is held, it is your responsibility to look after it. If your system is hacked is not the fault of the cloud provider.

There is a slim chance your cloud provider could be hacked and you (would expect) that they have insurance and procedures in place to recover your data and compensate you for your loss. In this situation you will be left to your own devices to notify your clients of the attack and lodging a notification to the OAIC.

My thoughts are if Uber and the Australian Bureau of Statistics are able to be hacked (remember the embarrassing Census website hacking) then there’s a good chance your system is not fool-proof.

Funnily enough, one of the most common types of Cyber Loss is from human error, yes human error! who would have ever thought!?

Accidently clicking that link in an email, having the same password for all applications, accidental loss of your laptop or mobile phone, or simply forwarding an email with a trail that contains the personal information of someone else.

If you are unsure, engage a professional to conduct a data audit on your business and help you build a data response plan.

It is probably a good idea to keep a paper copy of your Data Response Plan somewhere safe, hackers work on weekends too!

Management Liability insurance is designed to provide protection to both the business and its directors or officers for claims of wrongful acts in the management of the business.

A business insurance pack can provide cover for your business premises and contents, against loss, damage, theft or financial loss from an insured interruption to the business.

Purchase up to six products under one Business Insurance Package. 

It is probably a good idea to keep a paper copy of your Data Response Plan somewhere safe, hackers work on weekends too!

Your plan could involve Cyber Insurance coverage.


Is Cyber Insurance for me?

Before you rush out and purchase a Cyber Insurance policy you should ask yourself;

  • What is my tolerance to a data loss?
  • How long can my business survive if my systems are down?
  • What impact would this have on my clients? (and my reputation)
  • Do I have a plan of action if a loss occurs?
  • What other professionals are out there who can help me?


Cyber is Cheap

The insurer will determine what premium they charge based on your data type, data security and your exposure.

Your broker will help you choose a level of cover that is suited to your needs and budget.

Like most things, you get what you pay for.

The cost of Cyber Insurance can start from a few hundred dollars. These cheaper policies are normally ‘bolt-ons’ to another policy such as a Liability policy or a Professional Indemnity policy.

They are a very good introduction into Cyber Insurance although they provide a limited amount of cover.


What do I need to ask my Broker about Cyber Insurance?

Ask your Broker for a variety of options;

The cheaper covers in the market are generally limited to Cyber-Hacks, or limited to attacks on your Website.

Therefore the policy excludes the most common risk - accidental physical loss of data.

The policy should pay for losses to your clients and reimbursement of some costs you incur.

Middle of the range cover will incorporate a wider range of data loss (including accidental physical loss of data).

You will be able to choose the level of cover and other risks such as phone phreaking or phishing attacks.

It is important to check if the policy includes cover for;
  • Investigation costs
  • Fines & Penalties
  • Claim Defence Costs
  • Loss of your own ability to earn an income
  • What Jurisdiction the policy operates in

Top quality cover will provide all of the above with additional benefits;
  • Access to a Cyber response team that you can contact 24/7
  • A response team who will do the investigation and ransom negotiation for you
  • Assistance with notifying your clients. Take into account the cost of a ‘team’ who can respond to phone calls and customer concerns that may be ongoing for some months.
  • Assistance in determining if the loss of data is a breach & notifying the OAIC
  • Flexibility with higher limits and less restrictions
  • Ability to include cover for Cyber Terrorism

How do I keep my premiums down?

  1. If your policy is covering loss of income to your business, choose an indemnity period that is suitable to your situation. Why pay for 12 months of income if your team can get your business back up and running at 100% within 3 months

  2. Choose longer waiting periods for your loss of income. You will need to work out how long your business could survive with no income. This may be 3 or more months if you have a passive income earning ability

  3. Ensure procedures are in place for when a Cyber Loss occurs. Having a Data Response Plan may not prevent a loss although the OAIC could consider your situation favourably with penalties and fines, if you have a good Data Response Plan

  4. Communicate any loss quickly and honestly to your clients. Being proactive in an event will help retain customer confidence and retain your income earning ability.

There are a variety of experts who are available to assist businesses both in the Preventative stage and Response stage.

For more information, you can contact your trusted Insurance Broker, your trusted Cyber Consultant or the OAIC.

General Advice Warning: This advice is general and does not take into account your objectives, financial situation or needs. You should consider whether the advice is appropriate for you and your personal circumstances. Before you make any decision about whether to acquire a certain product, you should obtain and read the relevant product disclosure statement.

All information above has been provided by the author.


Jody Williams - Oracle Group Insurance Brokers, ABN 75 131 025 600, AFSL 363610

This article originally appeared on Jody Williams LinkedIn and has been published here with permission.

Related articles

Comments (0)

Related insurance brokers

Review rating
27 reviews

Featured Featured

Abbie Wilson

National Insurance Brokers

  • Typically replies within
    a few hours
  • Review rating
    183 reviews

    Featured Featured

    Nilima Pokala

    SureInsure Insurance Advisors

  • Typically replies within
    a day