The Importance of a Cyber-Savvy Adviser

Why use a specialist broker to buy cyber insurance?

Many insurance professionals target an industry or area of specialisation which correlates with their personal interests or hobbies as they have a greater knowledge of the challenges facing businesses within that area.

Hundreds of dedicated insurance brokerages have popped up over the years for everything from marine related risks, mining, financial services, healthcare and medical industry, personal home insurance and the list goes on for each area of insurance.

The reason these brokerages separate themselves with dedicated products and agreements is to leverage their greater knowledge outside the immediate insurance industry. Utilizing insurance brokers who have a passion for your industry, were previously business owners themselves or employees within the industry they are insuring is a great way to guarantee the broker has a better understanding of the niche risks faced by your business

Protect your business with cyber insurance.

Craig McDonald, Founder of Australian cyber security firm MailGaurd, recently stated in an interview with Insurance Business Mag “Cyber insurance policies will need to constantly evolve and the broker will need to be cyber savvy in order to address the many variables within the online realm.”

” he expects cyber insurance to become a must-buy for many businesses, a proactive in-depth strategy will be key for businesses as they plan for every eventuality. Cyber insurance is great as an added layer of protection, but it’s no replacement for a strong cybersecurity strategy,”

“Brokers have an important role to play in helping organisations plan for the requirements for businesses to return to their normal operating status after a cyber attack or a data breach. Cyber insurance policies will need to constantly evolve and the broker will need to be cyber savvy in order to address the many variables within the online realm.”

How a broker works

Buying insurance online is commonplace in today’s connected world, however it can leave gaps in your insurance cover which if not accurately reviewed could be disastrous for business. Customers may choose to use the insurance company directly for their insurance needs because they believe they are cutting out the middle man to get a cheaper product. However many industries have confusing contractual obligations and regulations which in turn allows many customers to get stuck with a more expensive option which isn’t the best for their business

Your insurance broker has years of in-depth knowledge of the insurance market and can locate and negotiate the best available options assisting you to make informed decisions. Essentially doing the shopping around for you. Brokers will work with you to identify your business needs, then recommend insurance policies that ensure you are properly protected.

Dealing with an insurance broker as opposed to the insurance company directly has many benefits, for example;

An insurance broker works for you, not the insurance company so you can feel confident they have your businesses best interest at heart
A broker can explain the pros and cons of different policies to help you compare
Brokers will save you time in researching and negotiating the best insurance fit for your business needs
A broker will act as your advocate in the event of a claim and mediate the outcome, allowing you to continue trading
Brokers are able to offer premium funding options, allowing for better business cash flow
Insurance brokers can negotiate insider deals and policies which aren’t available to regular consumers.

Why use Cyber Insurance Australia?

Cyber Insurance Australia are the dedicated specialists when it comes to cyber liability and business insurance solutions for commercial and corporate organisations. Our goal is to create a more educated and protected online business community enabling Australian businesses to take all reasonable precautions to protect themselves.

Our advisers have more than 5 years corporate and commercial business insurance experience and over 15 years Information Technology industry experience

We work with a range of leading Australian and international insurers including;

Chubb, AIG, Allianz, QBE, CGU, DUAL Australia, Brooklyn Underwriting, Emergence, Vero, & more

Protect your business with cyber insurance.

8 years ago · by Principal · 0 comments

Who Needs Cyber Insurance?

In short – Everyone!

For the past few years the media has been reporting large scale attacks such as Yahoo, AirBnB, LinkedIn, Myspace and a long list of others. In reality between 40% to 60% of all cyber attacks on Australian businesses are targeted at small to medium sized companies. Reports suggest this is due to a few important factors but a lack of security procedures and lower levels of employee risk awareness seem to be the major ones.

PwC found 65 per cent of Australian organisations experienced cybercrime in the last 24 months with more than one in 10 reporting losses of more than $1 million (compared to the global average of 32 per cent).

When you consider that 84% of Australian small and medium businesses are online and 1 in 2 are receiving payments online, Australia is a very attractive target for the would-be cyber criminal.

From Australian Cyber Security Strategy

Check out this short video from the National Insurance Brokers Association (NIBA) which succinctly summarizes who needs cyber insurance and why.

The 5 industries with the highest recorded amount of cyber-attacks 2015 – 2016:

1. Healthcare

2. Manufacturing

3. Financial Services

4. Government

5. Transportation

According to the 2016 IBM X-Force Cyber Security Intelligence Index — which reports more than 100 million healthcare records were breached last year. The IBM report is based on data they have collected from thousands of network devices they monitor in over 100 countries.

Between July 2015 and June 2016, CERT Australia – the main point of contact for cyber security issues affecting Australian businesses – responded to 14,804 cyber security incidents, 418 of which involved systems of national interest and critical infrastructure.

PwC Australia national cyber leader Steve Ingram, who previously headed fraud and security management for the Commonwealth Bank, says cyber attacks happen all the time. “It’s prolific,” he says

Here is another great cyber insurance summary from the KnowRiskNetwork.

Conclusion

In the past, business leaders adamantly avoided talking about cyber security processes or breaches for fear of reputational damage and legal fallout. We are slowly seeing more businesses who are not reluctant to talk about their cyber security hurdles and recognize the overall business risk not simply an IT risk.

Help protect your business with cyber insurance.

8 years ago · by Principal · 0 comments

What Mandatory Data Breach Notification Means for Australia

Breach Notification Bill Expected to Pass in 2017

Australia is currently on the receiving end of an estimated 10 million cyber attacks per year according to professional services firm, Deloitte. With such a large dragnet across Australian businesses it is inevitable that there will be some eye opening data breaches in the coming year and widespread change to company security procedures. We previously wrote about some of the largest data breaches and exposures of 2016 which indicated approximately 2.2 billion personal records were revealed to have been compromised from 2015 – 2016.

The proposed bill which has been passed by the lower house but is still yet to be introduced in the senate will make it a requirement to notify the Australian Information Commissioner and affected individuals if their privacy has been breached. With the exception of eHealth data breaches falling under the My Health Records Act 2012, mandatory data breach notification does not exist yet in Australia. The former Labor government’s Privacy Amendment (Privacy Alerts) Bill 2013 received bipartisan support to introduce such a scheme, but did not pass the parliament before the 2013 election.

Most government agencies, businesses with an annual turnover in excess of $3 million, as well as a number of smaller organisations, such as those handling sensitive health data are all currently subject to Privacy Act obligations.

Official summary of the bill below:

“Privacy Amendment (Notifiable Data Breaches) Bill 2016 implements recommendations of the Parliamentary Joint Committee on Intelligence and Security’s Advisory report on the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014 and the Australian Law Reform Commission’s report For Your Information: Australian Privacy Law and Practice by amending the Privacy Act 1988 to require agencies, organisations and certain other entities to provide notice to the Australian Information Commissioner and affected individuals of an eligible data breach.”

Help protect your business with cyber insurance.

Mandatory Breach Notification Laws Abroad

Today, approximately 90 countries have data protection laws or relevant court rulings – ranging from Angola and Argentina to Venezuela and Zimbabwe but many of those countries still don’t require breached organizations to notify either authorities or the individuals whose personal information was exposed in the event of a breach.

At the time of writing, 47 states, three U.S territories and Washington D.C. have adopted breach notification laws of varying requirements for organisations. In the past any attempts to replace them with a standard federal law have struggled due in part because some changes would have weakened some states current security approach.

The European Union’s General Data Protection Regulation, which will go into effect May 2018, includes multiple privacy provisions, including mandatory breach notification. The EU regulation is expected to serve as a model for other countries as global awareness spreads.

India has also weighed in to the global discussion with privacy practitioners stating they may not be ready for mandatory breach notifications as it lacks the strict regulatory enforcement and the country is still making amendments to it’s Right to Privacy Bill 2014. The EU’s GDPR will be especially relevant to the Indian IT industry as it caters to U.S.-based enterprises and processes personal data of EU, Australian and New Zealand citizens.

“It will also significantly increase compliance costs for service providers – which are already higher when serving EU-based clients, as compared with markets like USA,” “However, GDPR also may remove any misgivings about the Indian industry and data security standards in India, says Mumbai-based Sunder Krishnan, chief risk officer, Reliance Life Insurance Company Ltd.

Legal Problems

Burden of proof- justice

Some warn that when the bill is passed there will be very similar problems facing businesses as is seen currently in the United States. Data breaches frequently lead to identity theft and financial losses, the victims of which may qualify for a lawsuit. On the other hand, organisations which don’t report their breaches face a range of penalties including fines of $340,000 for individuals and up to $1.7 million for companies.

Social media has also increased the pressure being put onto businesses as we are seeing unprecedented public customer service complaints causing reputation and public relations nightmares. Expect to see disgruntled customers rallying together using social media after future data breaches.

Class action lawsuits are being enabled by the online connectivity of claimants and are costing organisations millions. Below are a few high profile data breach settlements from Classaction.com

Home Depot (affected 50 million cardholders): $19.5 million settlement
Sony (PlayStation network breach): $15 million
Target: $10 million
Sony (employee information breach): $8 million
Stanford University Hospital and Clinics: $4.1 million
AvMed Inc.: $3.1 million
Vendini: $3 million
Ashley Madison: $1.6 million
LinkedIn: $1.25 million

Companies much prefer settling cases out of court to going to trial. But that is especially true for data breach lawsuits, because there is almost no court precedent for these kinds of cases.

Companies like Home Depot and Sony have no idea what would happen if they went to trial to fight a data breach suit, which is a scary prospect.

Insuring Against the Risk

Many Australian insurance providers have already put policies in place to respond and cover expenses from a data breach. We recently wrote in detail about where cyber insurance steps in, which can be found here. Expenses which are typically covered are;

Forensic Investigation

A forensic IT investigation is necessary to determine what occurred, how to repair the damage and how to prevent the same type of breach. Investigation may involve services from a third party security firm or law enforcement.

Business Interruption

The business may be unable to continue trading and suffer interruption costs due to network security failure or attack, programming errors or human errors. Loss of profits and costs incurred to continue business as usual are typically covered under a cyber insurance policy.

Legal & Public Relations

Cyber Insurance policies will cover legal defence costs due to a privacy breach, fines and penalties, reputational damage and public relations expenses to assist an organisations public image after a breach.

Extortion & Blackmail Costs

Policies will cover ransomware & extortion costs from criminal organisations and disgruntled employees for the release or protection of private information.

Moving Forward

Mandatory breach notification is the best step forward but it also relies heavily on organisations actually discovering they have been exposed. In recent reports, numerous websites such as Linkedin, Myspace and of course, Yahoo have suffered very high profile breaches which occurred up to 4 years ago and were only discovered years later.

Many large industry groups including Google, Yahoo, Facebook and Microsoft are stating that the existing voluntary breach notification scheme is effective and doesn’t require change. Despite their support and mixed reception from the private sector, security experts and business leaders from various industries are getting behind the bill and arguing it’s benefits.

The OAIC annual reports from 2014 – 2015 & 2015 – 2016 are unable to provide enough depth from voluntary reporting which indicates the need for mandatory laws to be passed. It is likely that the larger industry groups are protecting their interests and understand the ramifications of mandatory breach notification from their legal departments abroad.

Help protect your business with cyber insurance.

It looks inevitable that the bill will be passed and the public understanding of what is happening to their personal information will continue to increase.

Arranging an insurance policy, educating employees and instituting solid security processes will be key to mitigating this risk.

« Newer posts

The Importance of a Cyber-Savvy Adviser

Why use a specialist broker to buy cyber insurance?

How a broker works

Why use Cyber Insurance Australia?

Protect your business with cyber insurance.

Who Needs Cyber Insurance?

In short – Everyone!