With probably the biggest extortion attack ever recorded in May 2017, ‘Wannacry ransomware attack’ has highlighted the need for business owners to be vigilant when it comes to cyber protection.
This self-replicating virus was able to enter company networks when unassuming employees clicked on these email attachments. Ransom notes were then sent to those affected demanding sums up to US$300 within 2 hours (before prices would double) in exchange for their data being released. Sending close to 5 million emails an hour, sent email attachments containing a hidden malware known as ‘WannaCry’ to users. Within days,over 200,000 attacks have occurred in 150 countries, including Australia.
This example is a common type of ransomware attack, however, there are many other forms of cyber and privacy risks that may affect or compromise company data.
Types of data breaches include:
- Lost or Stolen Laptops or portable equipment including mobile phones and storage devices containing personal information
- Redundant equipment or devices being disposed of without the content first being erased
- Database being hacked or illegally accessed by individuals outside or inside of your business
- Paper records being stolen from insecure recycling or garbage bins
- Mistakenly providing personal information to the wrong person
- A person being deceived in to releasing personal information of another person
Notifiable Data Breaches
In February 2017, the Commonwealth government passed the Privacy Amendment (Notifiable Data Breaches) Act 2017 which will amend the Privacy Act making it mandatory for companies and organisations to report ‘eligible data breaches’ to the office of the Australian information commissioner and any affected, at risk individuals. This legislation may apply in the event of a breach if your business falls within these new requirements.
Cyber & Privacy Protection Insurance – What it Cover
There are a couple of different options available. The most comprehensive cover is available by individual policies that are designed to commonly cover:
First Party Claims
Cover includes your own costs associated with credit monitoring, cyber extortion, data restoration, forensic consultant, breach notifications, public relations and legal representation expenses.
Covers claims arising from reimbursement for lost profits and necessary expenses incurred to maintain business operations.
Third party claims
Covers costs relating to claims for compensation, investigations, fines and penalties (new privacy act), defence costs and legal representation expenses.
Benefits of First Response to Claims
In the event of a breach, most businesses will need help to unravel the impact and may also need help if their business is closed while this happens.
Most policies have a 24/7 hotline to report matters to obtain immediate advice and support. They have IT forensic and legal advisers experienced in these matters ready to deploy to assist in the resolution of these matters quickly.
How Much Does Cyber Liability Insurance Cost?
Premiums for individual covers start from around $700 – $1000 plus applicable charges depending on the level of cover and policy benefits. There are options with some insurers to have extensions included under other policies, such as under Management Liability and Professional Indemnity Insurance, premiums are generally around $200.00 plus charges however they provide very limited benefits and exclude business interruption. To have comprehensive cover an individual policy is your best option.
Disclaimer – “This material contains general information only and may not suit your particular circumstances. To decide if a policy is right for you please carefully read the relevant Product Disclosure Statement (PDS) and/or Policy wording. While we have exercised due care and skill in preparing this information, Optimum Insurance Services (Optimum) does not accept any legal responsibility or liability for negligence or otherwise to you or anyone else who seeks to rely on this information. This includes, without limitation, loss arising from a possible failure of the information to comply with statutory or regulatory requirements or the failure of the information to identify other terms and conditions beyond those considered in this document. You should obtain advice to ensure that your policy provides adequate cover for your circumstances.
“Optimum Insurance Services Pty Ltd is a Corporate Authorised Representative of Insurance Advisernet Australia Pty Ltd (Car No. 291220), Australian Financial Services Licence No 240549, ABN 15 003 886 687.”