Search for insurance help

The continued growth of cyber risk

The continued growth of cyber risk
We all know that cyber-crime has been on the increase in Australia, but the introduction of the NDB (Notifiable Data Breaches) scheme in 2018 saw a rapid rise in the number of reported cases. Part of this increase is likely due to the fact that the NDB requires organisations to report all data breaches within 72 hours. It's this notification requirement however, that has highlighted the continued growth in Australian cyber-crime. As an example, over the twelve months from 1st April 2018 to 31st March 2019, the Office of the Australian Information Commissioner Report reveals that there were 964 data breach notifications, an increase in 712% over the previous twelve months (when breaches were reported voluntarily). In addition, 60% of these 964 data breaches were malicious, whilst 35% were due to human error. The OAIC has stated that these results reflect the need for increased security systems and improved staff training. Of course, there may have been many data breaches that were not reported before the NDB, but these figures should give some food for thought.

Recent data breaches in Australia
The Guardian reported that in February 2019, the Parliament of Australia experienced a security incident in their IT section and whilst no data was compromised, an attempt was clearly made to access high level data. In 2018, the Australian National University was consistently hacked over a period of months, but no data was stolen; in 2015, it happened to the Australian Bureau of Meteorology where malicious software was installed and sensitive documents stolen. It's important to remember that the figures quoted above are the number of data breaches, not the number of people affected by these breaches. For example, in the OAIC's most recent quarterly report (1st January to 31st March 2019), it found that in one incident alone, more than 10 million Australians had their private information compromised.

How can SMEs protect their data?
Hackers can be either nationally driven or economically driven, the former motivated by national interests and the latter by financial gain. To adequately protect your business from cyber-crime, one of your first steps is to decide which type of hacker is more likely to attack your business. A company involved in regional energy production for example, might be more likely to be attacked by hackers motivated by national interests, whilst a law company might be favoured by hackers motivated by financial gain. Whilst you can try to harden your defences, you won't be able to plug every possible breach, but if you have an idea which type of hacker may target your business, you can set certain processes in place that can minimise these attacks and the resulting fallout. You should also recognise that there is no guaranteed protection against hacking, and given this truism, you need to invest in resilience. Recovering from a cyber attack can be expensive, time consuming and may have no positive outcomes, which is why SMEs are investing in cyber insurance. Talking to an insurance specialist who can guide you through your choices will ensure that you have the best protection possible for your business. 

Management Liability insurance is designed to provide protection to both the business and its directors or officers for claims of wrongful acts in the management of the business.

A business insurance pack can provide cover for your business premises and contents, against loss, damage, theft or financial loss from an insured interruption to the business.

Purchase up to six products under one Business Insurance Package. 

We all know that cyber-crime has been on the increase in Australia, but the introduction of the NDB (Notifiable Data Breaches) scheme in 2018 saw a rapid rise in the number of reported cases. Part of this increase is likely due to the fact that the NDB requires organisations to report all data breaches within 72 hours. It's this notification requirement however, that has highlighted the continued growth in Australian cyber-crime. As an example, over the twelve months from 1st April 2018 to 31st March 2019, the Office of the Australian Information Commissioner Report reveals that there were 964 data breach notifications, an increase in 712% over the previous twelve months (when breaches were reported voluntarily). In addition, 60% of these 964 data breaches were malicious, whilst 35% were due to human error. The OAIC has stated that these results reflect the need for increased security systems and improved staff training. Of course, there may have been many data breaches that were not reported before the NDB, but these figures should give some food for thought.

Recent data breaches in Australia
The Guardian reported that in February 2019, the Parliament of Australia experienced a security incident in their IT section and whilst no data was compromised, an attempt was clearly made to access high level data. In 2018, the Australian National University was consistently hacked over a period of months, but no data was stolen; in 2015, it happened to the Australian Bureau of Meteorology where malicious software was installed and sensitive documents stolen. It's important to remember that the figures quoted above are the number of data breaches, not the number of people affected by these breaches. For example, in the OAIC's most recent quarterly report (1st January to 31st March 2019), it found that in one incident alone, more than 10 million Australians had their private information compromised.

How can SMEs protect their data?
Hackers can be either nationally driven or economically driven, the former motivated by national interests and the latter by financial gain. To adequately protect your business from cyber-crime, one of your first steps is to decide which type of hacker is more likely to attack your business. A company involved in regional energy production for example, might be more likely to be attacked by hackers motivated by national interests, whilst a law company might be favoured by hackers motivated by financial gain. Whilst you can try to harden your defences, you won't be able to plug every possible breach, but if you have an idea which type of hacker may target your business, you can set certain processes in place that can minimise these attacks and the resulting fallout. You should also recognise that there is no guaranteed protection against hacking, and given this truism, you need to invest in resilience. Recovering from a cyber attack can be expensive, time consuming and may have no positive outcomes, which is why SMEs are investing in cyber insurance. Talking to an insurance specialist who can guide you through your choices will ensure that you have the best protection possible for your business. 
General Advice Warning: This advice is general and does not take into account your objectives, financial situation or needs. You should consider whether the advice is appropriate for you and your personal circumstances. Before you make any decision about whether to acquire a certain product, you should obtain and read the relevant product disclosure statement.

All information above has been provided by the author.


Tim Allan, Insurance Advisernet Australia, ABN 62108139957, AFSL 240549

Related articles

Comments (0)

Related insurance brokers

Review rating
183 reviews

Featured Featured

Nilima Pokala

SureInsure Insurance Advisors

  • Typically replies within
    a day
  • Review rating
    26 reviews

    Featured Featured

    Tony Venning

    Crucial Insurance and Risk Advisors

  • Typically replies within
    a few hours
  • Review rating
    16 reviews

    Featured Featured

    Shane Brady

    Stone Lane Broking & Risk Advisory

  • Typically replies within
    a few minutes