The risk of your business being victim to cyber-attack is no longer just a fringe possibility.
The number of Cyber-attacks on Australian businesses has risen dramatically in the past decade, with roughly 47,000 cyber-related attacks on peoples and businesses in 2017. The risk associated with not adequately ensuring your business is only getting more significant, and perhaps it’s time to start thinking about how best to mitigate your cyber liability.
Cyber liability is becoming a high priority aspect of your business and one that deserves your attention and care. Cybercrime is oft thought of as an attractive avenue for criminals, due to proximity to the victim(s), the ease with a criminal can cover their tracks and perhaps most attractive; a low-risk, high-reward trade-off.
Australians have only recently become all too aware of the risks of cyber-attacks, with more and more being reported to government agencies each year.
Dan Tehan– The minister for assisting the Prime Minister in matters of Cybersecurity stated recently that “(He) would like to highlight how cybersecurity is not just the business of national security, but something that must become second nature to all Australians. Cybersecurity is not just the domain of our intelligence agencies or our defence forces, to protect against silent secrets and cyber-attacks.”
The comments came after a huge data breach in early April of this year, which saw the data and information belonging to more than 400 Australian companies, stolen by hackers.
Mr Tehan went on further to state that Australian Government agencies have “over the past year, seen increased targeting of trusted third parties, particularly service providers. These companies are highly attractive targets as they can provide access into a range of primary targets.”
It is clear that cybercrime is an issue, with accelerating technology and innovation providing new and previously unseen ways for criminals to attack your data and information.
In February of this year, the Federal government announced changes to Australia’s data breach and retention laws- whereas before, reporting that your person or business experienced a data or information breach was voluntary, the ushering in of the new Federal laws now state that the reporting of any and all data breaches are mandatory.
Most importantly though, the changing of federal cyber-security laws has meant a change in your cyber-liability coverage too.
Your existing plan may include some cover for business insurance or other forms of liability but will likely not cover cyber liability specifically, and some plans may have specific exclusions with regards to any cyber-attacks you or your company may experience.
Gerry Power, Head of Sales at a brokerage firm, Emergence Insurance, stated recently that more education was needed about cyber risk dangers, and that serious concern was that despite training efforts, around 15% of staff still clicked on phishing emails.
Some simple steps to safeguarding your date include:
-restrict administration privileges
-require three-factor ID for access
-always update software.
Mr Power went on further to state that “Brokers’ clients are dreaming if they think it won’t happen. Criminals don’t have to steal data to make money, they can just stop you using it.”
Ransomware is involved in roughly 45% of claims. “It’s easy to deploy with an off-the-shelf toolkit bought on the dark web.”
Everybody knows why sometimes you may just have a need to protect against potential threats, regardless of whether or not they post a genuine or visceral threat to you or your business. As long as you have the correct way of dealing with things then it doesn’t really matter!
The new law is an amendment to the Privacy Act and will apply to all entities bound by that Act, namely Federal Government agencies, private sector organisations with an annual turnover above $3 million (and their related companies) and some others. It’s also recommended as good practice for smaller private sector organisations which handle a lot of personal data.
Case-Studies: Cyber-Liability Claims
(Courtesy: John Shelley- Cunningham Lindsey Cyber Claims Manager-Emergence Insurance Claims Webinar)
A regional Queensland boat dealer suffered a ransomware attack which was “a new breed” of encryption not previously seen. With IT assistance, files were restored from back-ups, no ransom was paid, and there was no business interruption because the dealer was operational again within 24 hours.
An accountancy firm was hacked after a patch was not installed and 10,000 records were affected. The insured did not know the personal information was stored on its website. Notification to the Office of the Australian Information Commissioner (OAIC) and affected clients were required under the NDB scheme.
A large advisory firm’s phones were hacked (phreaking) via decoding a simple password and expensive international calls made. The Emergence policy covered the additional phone costs and IT experts to install better firewalls.
Josh said lessons learned from the claims examples included:
What Should You Do Next?
It is imperative that the risk of cyber-attack on your business is mitigated and insured by a cyber liability insurance plan. Get in contact with Sydney Insurance Brokers today to discuss a plan that’s right for you!