Contact us

1300 GOCYBER (1300 462 923)

Call or email us today!

Contact details:

Message:

Your message has been sent successfully. Close this notice.

Cyber Insurance Quote Form

Limit of Liability

Company Details

Do you process, transmit or store more than 10,000 financial transactions per year?

Yes No, less than 10,000

Do you use and keep up to date firewalls and anti-virus protection for all systems?

Yes No

Do you use third parties to complete audits of your system and security on a regular basis?

Yes NO

Are all portable devices password protected? (mobile phones, laptops, tablets, etc)

Yes No

Do you have encryption requirements for all data including portable media?

Yes No

Do you have back-up and recovery procedures for business critical systems, data and info assets?

Yes No

Do you outsource any part of your network, including storage?

Yes, we use third party providers. No, all managed in house

Do you store sensitive information on web servers?

Yes No

Do you know of any loss payments, fines or penalties being made on your behalf?

Yes No

Are you aware of any matter which might give rise to a claim or loss under such insurance?

Yes No

Have you suffered any loss or claim but not limited to a regulatory, governmental or administrative action brought against you, or any investigation or information request concerning any handling of personal info?

Yes No

The applicant or any subsidiaries have any knowledge of any loss payments, fines or penalties being made on behalf of any applicant or any person proposed for coverage any cyber policy or similar insurance?

Yes No
Your quote request has been sent successfully, one of our brokers will contact you today! Close this notice.

Business Insurance Quote

Contact details:

Sections

Property & Contents

Yes, please quote No, thank you

Public & Products Liability

Yes, please quote No, thank you

Cyber Liability

Yes, please quote No, thank you

Theft & Money

Yes, please quote No, thank you

Computers & electronic equipment

Yes, please quote No, thank you

Business Interruption

Yes, please quote No, thank you

Machinery Breakdown

Yes, please quote No, thank you
Your quote request has been sent successfully, one of our brokers will contact you today! Close this notice.
8 years ago · by · 0 comments

The Importance of a Cyber-Savvy Adviser

Cyber Security Insurance Broker

Why use a specialist broker to buy cyber insurance?

Many insurance professionals target an industry or area of specialisation which correlates with their personal interests or hobbies as they have a greater knowledge of the challenges facing businesses within that area.

Hundreds of dedicated insurance brokerages have popped up over the years for everything from marine related risks, mining, financial services, healthcare and medical industry, personal home insurance and the list goes on for each area of insurance.

The reason these brokerages separate themselves with dedicated products and agreements is to leverage their greater knowledge outside the immediate insurance industry.  Utilizing  insurance brokers who have a passion for your industry, were previously business owners themselves or employees within the industry they are insuring is a great way to guarantee the broker has a better understanding of the niche risks faced by your business

Cyber Insurance Australia Logo

Protect your business with cyber insurance.

Craig McDonald, Founder of Australian cyber security firm MailGaurd, recently stated  in an interview with Insurance Business Mag “Cyber insurance policies will need to constantly evolve and the broker will need to be cyber savvy in order to address the many variables within the online realm.”

” he expects cyber insurance to become a must-buy for many businesses, a proactive in-depth strategy will be key for businesses as they plan for every eventuality. Cyber insurance is great as an added layer of protection, but it’s no replacement for a strong cybersecurity strategy,”

“Brokers have an important role to play in helping organisations plan for the requirements for businesses to return to their normal operating status after a cyber attack or a data breach. Cyber insurance policies will need to constantly evolve and the broker will need to be cyber savvy in order to address the many variables within the online realm.”

How a broker works

Buying insurance online is commonplace in today’s connected world, however it can leave gaps in your insurance cover which if not accurately reviewed could be disastrous for business. Customers may choose to use the insurance company directly for their insurance needs because they believe they are cutting out the middle man to get a cheaper product. However many industries have confusing contractual obligations and regulations which in turn allows many customers to get stuck with a more expensive option which isn’t the best for their business

Your insurance broker has years of in-depth knowledge of the insurance market and can locate and negotiate the best available options assisting you to make informed decisions. Essentially doing the shopping around for you. Brokers will work with you to identify your business needs, then recommend insurance policies that ensure you are properly protected.

Dealing with an insurance broker as opposed to the insurance company directly has many benefits, for example;

  • An insurance broker works for you, not the insurance company so you can feel confident they have your businesses best interest at heart
  • A broker can explain the pros and cons of different policies to help you compare
  • Brokers will save you time in researching and negotiating the best insurance fit for your business needs
  • A broker will act as your advocate in the event of a claim and mediate the outcome, allowing you to continue trading
  • Brokers are able to offer premium funding options, allowing for better business cash flow
  • Insurance brokers can negotiate insider deals and policies which aren’t available to regular consumers.

Why use Cyber Insurance Australia?

Cyber Insurance Australia are the dedicated specialists when it comes to cyber liability and business insurance solutions for commercial and corporate organisations. Our goal is to create a more educated and protected online business community enabling Australian businesses to take all reasonable precautions to protect themselves.

Our advisers have more than 5 years corporate and commercial business insurance experience and over 15 years Information Technology industry experience

We work with a range of leading Australian and international insurers including;

Chubb, AIG, Allianz, QBE, CGU, DUAL Australia, Brooklyn Underwriting, Emergence, Vero, & more

Cyber Insurance Australia Logo

Protect your business with cyber insurance.

Read more

8 years ago · by · 0 comments

What is Ransomware?

malicious email

More than 48% of small to medium victims paying up

 

Ransomware, like any sort of malware, can get into your organisation in many different ways: most often buried inside email attachments, via poisoned websites, through exploit kits, on infected USB devices and occasionally even as part of a self-spreading network worm.

Receiving spam emails is part and parcel of doing business for a large number of Australian and international businesses. Regularly our staff speak with staff who laugh “of course” when asked if they receive suspicious emails from unsolicited addresses. The overwhelming awareness is increasing but the seriousness is still lacking as some employees scoff at the sophistication of these emails. We’ve written previously about recent malicious emails making the rounds and their complexity which has caught many Australians off guard.

encryption-ransomware-example

What is Ransomware?

Ransomware can encrypt the files on a computer (including network file shares and attached external storage devices), prevent you from accessing windows or stop certain apps from running,  victims are then directed to a webpage with instructions on how to pay a ransom in bitcoin to unlock the files. The ransom has typically ranged from $500 – $3000 in bitcoin. Microsoft have seen some recent ransomware make you complete surveys which give micro payments to the criminal for each finished survey.

ransomware-payment-key-encryption

There are different types of ransomware. However, all of them will prevent you from using your PC normally, and they will all ask you to do something before you can use your PC. Usually, the attackers specifically research and target a victim (similar to whale-phishing or spear-phishing – and these in fact may be techniques used to gain access to the network). They can target any PC users, whether it’s a home computer, endpoints in an enterprise network, or servers used by a government agency or healthcare provider.

Cyber Insurance Australia Logo

Protect your business with cyber insurance.

 

Ransomware By The Numbers

A recent survey in the U.S indicated that more than 50% of small to medium enterprise (SME) have experienced ransomware and of those, a staggering 48% have paid the ransom.

Reports in 2016 that more than $1 billion was taken in from ransomware alone with an even higher figure expected for 2017. “The $1 billion number isn’t at all unreasonable and might even be low,” confirmed Mark Nunnikhoven, vice president of cloud research at Trend Micro. The amount of money up for grabs is incredible and it is easy to see why potential cyber criminals are enticed and existing criminal groups have switched their methods.

The above figure was gathered by monitoring known criminal bitcoin wallets. More than $50 million was tracked for each of three wallets associated with the Locky ransomware, and a fourth one that processed close to $70 million. Cryptowall brought in close to $100 million before it was shut down this year. CryptXXX gathered in $73 million during the second half of 2016, and Cerber took in $54 million.

Smaller ransomware families brought in another $150 million, and the FBI has reported $209 million in ransomware payments during the first three months of 2016. In addition to this $800 million or so in known payments, there are many other Bitcoin wallets that are unknown to researchers and uncounted, pushing the estimated total to $1 billion for all of 2016.

A Mimecast survey in 2016 found that 34 percent of Australian executives consider ransomware to be a ‘high threat’ – well ahead of the 25 percent in the US and 18 percent in South Africa.

Time frames for ransom payments can range from as short as 48 hours to as long as 1 week.

Over 4,000 ransomware attacks occurred daily since January 1,2016 which is a 300% increase on the 1,000 daily attacks recorded in 2015 according to the US Department of Justice.

Preemptive Protection

Employee Education

Employee error is the number one reason for the majority of data breaches and cyber intrusion events. Having a good information security culture for all staff is beginning to take hold as directors are being shown that this isn’t simply an IT issue.

Data Protection Services

Arranging a solid data protection solution is a terrific fail-safe. As important as employee education is, the same goes for the information security procedure in place on a daily basis. There is a myriad of data protection solutions on the market today from numerous vendors for all aspects of the digital side of business. Have your business audited today!

A couple of recommended Australian options are DDM Security Systems, MailGuard and Asterisk Information Security.

Up to date software & patches

Applying patches and other software fixes as soon as they become available is one of the best ways to keep criminals away from your sensitive information. Software manufacturers regularly update versions to include newly found software vulnerabilities that attackers could otherwise exploit. While staying up to date will not stop all attacks, it can make the process more difficult and potentially discourage attackers from accessing to your system.

Most recent versions of popular software can be configured to download and automatically update, giving you a great start toward keeping your business secure online.

Cyber Insurance Australia Logo

Protect your business with cyber insurance.

The majority of businesses we have spoken with unfortunately only took precautions as a reactive measure following a breach. Staying ahead of the curve and taking steps to put comprehensive cyber security measures in place before it’s too late is still the strongest option.

More resources and information about what a typical attack looks like and it’s life cycle can be found here.

 

Read more

8 years ago · by · 0 comments

What Mandatory Data Breach Notification Means for Australia

cyber security, lock

Breach Notification Bill Expected to Pass in 2017

Australia is currently on the receiving end of an estimated 10 million cyber attacks per year according to professional services firm, Deloitte. With such a large dragnet across Australian businesses it is inevitable that there will be some eye opening data breaches in the coming year and widespread change to company security procedures. We previously wrote about some of the largest data breaches and exposures of 2016 which indicated approximately 2.2 billion personal records were revealed to have been compromised from 2015 – 2016.

The proposed bill which has been passed by the lower house but is still yet to be introduced in the senate will make it a requirement to notify the Australian Information Commissioner and affected individuals if their privacy has been breached. With the exception of eHealth data breaches falling under the My Health Records Act 2012, mandatory data breach notification does not exist yet in Australia. The former Labor government’s Privacy Amendment (Privacy Alerts) Bill 2013 received bipartisan support to introduce such a scheme, but did not pass the parliament before the 2013 election.

Most government agencies, businesses with an annual turnover in excess of $3 million, as well as a number of smaller organisations, such as those handling sensitive health data are all currently subject to Privacy Act obligations.

Official summary of the bill below:

“Privacy Amendment (Notifiable Data Breaches) Bill 2016 implements recommendations of the Parliamentary Joint Committee on Intelligence and Security’s Advisory report on the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014 and the Australian Law Reform Commission’s report For Your Information: Australian Privacy Law and Practice by amending the Privacy Act 1988 to require agencies, organisations and certain other entities to provide notice to the Australian Information Commissioner and affected individuals of an eligible data breach.”

Cyber Insurance Australia Logo

Help protect your business with cyber insurance.

Mandatory Breach Notification Laws Abroad

Today, approximately 90 countries have data protection laws or relevant court rulings –  ranging from Angola and Argentina to Venezuela and Zimbabwe but many of those countries still don’t require breached organizations to notify either authorities or the individuals whose personal information was exposed in the event of a breach.

At the time of writing, 47 states, three U.S territories and Washington D.C. have adopted breach notification laws of varying requirements for organisations. In the past any attempts to replace them with a standard federal law have struggled due in part because some changes would have weakened some states current security approach.

The European Union’s General Data Protection Regulation, which will go into effect May 2018, includes multiple privacy provisions, including mandatory breach notification. The EU regulation is expected to serve as a model for other countries as global awareness spreads.

India has also weighed in to the global discussion with privacy practitioners stating they may not be ready for mandatory breach notifications as it lacks the strict regulatory enforcement and the country is still making amendments to it’s Right to Privacy Bill 2014. The EU’s GDPR will be especially relevant to the Indian IT industry as it caters to U.S.-based enterprises and processes personal data of EU, Australian and New Zealand citizens.

“It will also significantly increase compliance costs for service providers – which are already higher when serving EU-based clients, as compared with markets like USA,” “However, GDPR also may remove any misgivings about the Indian industry and data security standards in India, says  Mumbai-based Sunder Krishnan, chief risk officer, Reliance Life Insurance Company Ltd.

Legal Problems

Burden of proof- justice

Some warn that when the bill is passed there will be very similar problems facing businesses as is seen currently in the United States. Data breaches frequently lead to identity theft and financial losses, the victims of which may qualify for a lawsuit. On the other hand, organisations which don’t report their breaches face a range of penalties including fines of $340,000 for individuals and up to $1.7 million for companies.

Social media has also increased the pressure being put onto businesses as we are seeing unprecedented public customer service complaints causing reputation and public relations nightmares. Expect to see disgruntled customers rallying together using social media after future data breaches.

Class action lawsuits are being enabled by the online connectivity of claimants and are costing organisations millions. Below are a few high profile data breach settlements from Classaction.com

  • Home Depot (affected 50 million cardholders): $19.5 million settlement
  • Sony (PlayStation network breach): $15 million
  • Target: $10 million
  • Sony (employee information breach): $8 million
  • Stanford University Hospital and Clinics: $4.1 million
  • AvMed Inc.: $3.1 million
  • Vendini: $3 million
  • Ashley Madison: $1.6 million
  • LinkedIn: $1.25 million

Companies much prefer settling cases out of court to going to trial. But that is especially true for data breach lawsuits, because there is almost no court precedent for these kinds of cases.

Companies like Home Depot and Sony have no idea what would happen if they went to trial to fight a data breach suit, which is a scary prospect.

Insuring Against the Risk

Many Australian insurance providers have already put policies in place to respond and cover expenses from a data breach. We recently wrote in detail about where cyber insurance steps in, which can be found here. Expenses which are typically covered are;

Forensic Investigation

A forensic IT investigation is necessary to determine what occurred, how to repair the damage and how to prevent the same type of breach. Investigation may involve services from a third party security firm or law enforcement.

Business Interruption

The business may be unable to continue trading and suffer interruption costs due to network security failure or attack, programming errors or human errors. Loss of profits and costs incurred to continue business as usual are typically covered under a cyber insurance policy.

Legal & Public Relations

Cyber Insurance policies will cover legal defence costs due to a privacy breach, fines and penalties, reputational damage and public relations expenses to assist an organisations public image after a breach.

Extortion & Blackmail Costs

Policies will cover ransomware & extortion costs from criminal organisations and disgruntled employees for the release or protection of private information.

Moving Forward

Mandatory breach notification is the best step forward but it also relies heavily on organisations actually discovering they have been exposed. In recent reports, numerous websites such as Linkedin, Myspace and of course, Yahoo have suffered very high profile breaches which occurred up to 4 years ago and were only discovered years later.

Many large industry groups including Google, Yahoo, Facebook and Microsoft are stating that the existing voluntary breach notification scheme is effective and doesn’t require change.  Despite their support and mixed reception from the private sector, security experts and business leaders from various industries are getting behind the bill and arguing it’s benefits.

The OAIC annual reports from 2014 – 20152015 – 2016  are unable to provide enough depth from voluntary reporting which indicates the need for mandatory laws to be passed. It is likely that the larger industry groups are protecting their interests and understand the ramifications of mandatory breach notification from their legal departments abroad.

Cyber Insurance Australia Logo

Help protect your business with cyber insurance.

 

It looks inevitable that the bill will be passed and the public understanding of what is happening to their personal information will continue to increase.

Arranging an insurance policy, educating employees and instituting solid security processes will be key to mitigating this risk.

 

 

Read more

Take care of your business

Insurance for
your business future

Call us today for specialist business insurance packages.

Company information

Naga Risk Solutions Pty Ltd ATF Naga Investment Trust T/As Cyber Insurance Australia (CAR 1250594 | ABN 59 378 032 992

Corporate Authorised representative of Community Broker Network Pty Ltd | AFSL 233750 | ACN 096 916 184

Financial Services Guide (FSG), Privacy Policy, Complaints & Dispute Handling (FSG), Insurance Brokers Code of Practice (FSG)

Contact details

E-mail address:
contact@cyberinsuranceaustralia.com.au

1300 GOCYBER

1300 462 923

Available 8:30am - 5:00pm

PO Box 1677, Milton LPO
Milton
Brisbane, QLD 4064

Join our monthly newsletter for:

Enter your email and stay up to date,

Subscribe to our monthly newsletter!