How cyber insurance could help you recover costs associated with a data breach.
When the Australian Parliament passed the Privacy Amendment (Notifiable Data Breaches) Act 2017 on 13 February last year, it kick-started a process that means as of 22 February 2018, all entities covered by the Australian Privacy Principles must report any eligible data breaches
Put simply, it means if an eligible data breach is confirmed for one of your customers you must:
- Provide each of the individuals whose data was breached, or who are at risk, with a statement outlining all details of the breach.
- Include recommended next steps the individual should take.
- Provide a copy of the statement to the Office of the Australian Information Commissioner.
- Take all reasonable steps to ensure an assessment is completed within 30 days.
Failure to meet the above expectations, or in fact report a breach all together, could not only result in hefty fines, but also end up costing you thousands in response costs and damages to business reputation.
Protect your business
Cybercrime is big business and everyone is a potential target. In fact, around three in five Australian companies experience a cyber security breach every month.
But don’t panic, we’re not suggesting you shut down your computers and run for the hills – in this day and age technology is vital to conducting business. What we are saying is having a good cyber insurance policy in place will help protect your small business against online risks, such as computer hacking, ransomware or data theft. It’s also important to remember that your existing business insurance policy may not provide sufficient cover – you need a more tailored approach.
If a breach does occur, a cybercrime policy can help cover financial losses to your business and your customers, including costs associated with:
- Loss of revenue due to interrupted business
- Hiring negotiators and paying ransom
- Recovering or replacing your records or data
- Liability and loss of third party data
- Defence of legal claims
- Investigation by a government regulator
- Copyright infringement
- Misuse of intellectual property online
- Crisis management and monitoring
- Prevention of further attacks
Navigating the market
Your Steadfast broker will work with you to get the most comprehensive cover possible, but it’s important to note that there are exclusions and there may also be a deductible or excess limits on cover, so be sure to read the fine print. Policy premiums for cyber insurance will also depend on the industry you’re in, the services you offer and the types of risks and exposures you face, all the more reason to ensure a Steadfast broker is by your side when navigating the market.
4 steps to get ahead of the hackers
Protect your biggest asset
If there was one thing your company couldn’t survive without, what would it be? Intellectual property, product formulas, customer details? Whatever the data might be, make tightening security around it your number one priority. Educate your staff about the most common forms of cybercrime too, including phishing scams via email, malicious files and software and hacking bank account information.
Rehearse your recovery plan
If your business was affected by a cybercrime tomorrow, what business disaster recovery plan would you have in place? What would you tell your customers, and how would you communicate the event to the media? Get your contingency plans in place to ensure you can deliver business as usual, as soon as possible.
Know your enemy
Before you beat them, you’ve got to know them. Using cyber threat intelligence can help your business gather insights about potential threats – focusing on the who, why, when and where.
Introduce cyber security to your workplace culture
A data breach affects everyone in a business – so it’s crucial you discuss your cyber security plan with everyone in the workplace. Implement strict data access procedures related to strategy and operations; and tighten identity and access management. It would also be smart to restrict access to the most classified information and considering introducing training, so team members know what to be aware of and what to do if they suspect there’s a potential threat.