Australia is among the world’s most hacked countries, according to data from the Centre for Strategic and International Studies.
Australia holds equal sixth place on the list, with 16 major cyber attacks between May 2006 and June 2020.
In June 2020, Prime Minister Scott Morrison said an unnamed state actor had been targeting Australian businesses and government agencies as part of a large-scale cyber attack. He said the attacks had been happening over many months and were increasing.
In the same month, personal details of 82,000 Australians were leaked after they fell victim to a fraudulent cryptocurrency investment scheme that used fake media sites and celebrity endorsements.
Cyber crime’s increase, coupled with Australia’s mandatory data breach notification laws, means businesses of all sizes should assess their cyber risk, focus on risk management, and develop data breach response plans.
Your business should conduct a risk assessment of its cyber risk exposure. JMD Ross can assist with this. Once you’re aware of your risks, we can ensure your insurance coverage meets your specific needs.
Here are some key questions to ask about cyber insurance.
1. Does the policy cover cyber extortion?
Cyber extortion coverage may protect a business against ransomware attacks. Check if the policy covers the costs of cyber attacks, hiring negotiation experts, extortion demand costs, and costs for preventing future threats.
2. Does the policy cover electronic data replacement?
Data breaches can incur extensive costs in recovering or replacing business data and other records.
Other first-party losses include:
• Business interruption
• Notification costs and credit monitoring services
• Forensic investigations
• Crisis communication and public relations
• Legal costs for privacy notifications and compliance responses.
3. Does the policy cover third-party losses, such as defence costs?
With strict data privacy laws in place, cyber insurance can help businesses manage the increased regulatory risk in protecting personal information the business collects.
Where there is a breach, your business may incur costs of investigations by a government regulator or in defending third-party claims.
Other third-party losses include:
• Defamation
• Claims for infringement of intellectual property
• Claims for violation or infringement of privacy
• Fines and penalties
• Damage to third-party systems and confidentiality breaches.
4. Does the policy cover the cost of crisis management?
It’s important to manage the immediate impact of a cyber incident on your business. Your business continuity plan may include crisis management procedures, such as external support for reputational recovery or managing damage caused by hackers in a cyber attack. Does your insurer provide access to a cyber incident response team?
5. Does the policy cover costs of customer accountability?
Your business may have regulatory, legal or contractual obligations to contact customers after a cyber attack or security breach under the Australian Government’s Notifiable Data Breaches Scheme. Consider the costs of notifying customers, monitoring their personal data to prevent further attacks, and complying with regulatory requirements when you choose your insurance policy.
Cyber insurance is one element of managing your cyber risk. Selecting a cyber insurance policy may seem complicated. However, by asking a few important questions and speaking to JMD Ross, you can ensure you choose the right policy for your business.