Notifiable data breaches scheme looms

16 February 2018

The ramifications of cyber hacks are about to increase dramatically.

 

From Thursday 22 February, Australia’s notifiable data breaches (NDB) scheme comes into force.

 

Gerry Power, National Head of Sales at Emergence Insurance, told a webinar presented to more than 850 brokers around the nation this month that the NDB scheme means companies can no longer keep silent on data breaches and hope for the best. From 22 February 2018, breaches must be reported to both the Office of the Australian Information Commissioner and people affected.

 

A wide range of entities are at risk and the statistics are horrifying. For example:
• 63% of confirmed data breaches involved leveraging weak, stolen or default passwords and usernames
• 22% of small businesses breached by ransomware attacks in 2017 were so badly affected they could not continue operating
• 41% of people surveyed globally could not identify a phishing email; 30% of phishing emails were opened and 12% clicked on infected links or attachments.

 

Sparke Helmore Lawyers Senior Associate Ed Osborne told the webinar the number of Australian businesses using commercial cloud computing services had risen from 19% to almost one third in just one year.

 

Lax security is frequently to blame for breaches. Businesses should review their arrangements with cloud and other third-party service providers and, where possible, encrypt sensitive information before disclosing it to third parties.

 

The NDB scheme requires notification of unauthorised access to, disclosure of, or loss of information likely to result in serious harm, however Mr Osborne said the legislation deliberately did not define “serious harm”.

 

Jeff Gonlin, Emergence Head of Underwriting and Product Development, said Emergence claims experience showed that:
• Multiple backups are a must
• Storing data in the cloud doesn’t make it safe from attacks
• Whether or not the NDB scheme is triggered in a ransomware attack, business impact and reputational damage can be substantial
• Encryption can effectively protect data.

 

You’re only as safe as your weakest link.

 

A cyber insurance policy is part of every successful business’s risk management framework. Cyber insurance is not the first line of defence; it is designed to protect a business when its IT security, policies and procedures fail to stop an attack.

 

Emergence is a pioneer of cyber cover in Australia and provides protection for SMEs through to ASX-listed entities.

 

Its cyber product includes instant access to an incident response team of experts who understand the importance of immediately mitigating potential threats to insureds’ businesses.

 

Emergence’s product gives businesses financial support and incident response expertise to recover from adverse events, including ransomware attacks, point-of-sale intrusions, denial-of-service attacks and cyber espionage.

 

Talk to your insurance broker about how Emergence Insurance can support your business in the event of a cyber attack.

 

Insurance brokers can obtain Emergence cyber quotations for clients by accessing the broker portal at www.emergenceinsurance.com.au.