Cyber Liability Insurance

Cyber Liability

The cyber threat is evolving rapidly with Australian businesses being targeted on a daily basis.

All businesses should not only be able to afford cyber insurance, but should have access to a broad policy and strong incident response team which can assist their business at the time of a breach.

Guide to developing a data breach response plan

Australian Government Website
Notifiable Data Breaches scheme

Data Breach Response Summary

Entities covered by the NDB scheme

Is your Data Covered?
If your business is victim of a cyber attack, how will this affect your business? The numbers are alarming with more than 20% of Australian businesses experiencing cyber crime, and 40% of all attacks directed at SME’s

  • Some of the common events that can result in a cyber claim include:
  • A Company being hacked (malware, viruses etc)
  • Phishing and Cyber Fraud
  • Breach of privacy
  • Lost or stolen iPad or laptop

 
With new Privacy Legislation introduced in February 2018 regarding mandatory breach notifications, the time is now to protect your business by transferring risk to an insurance policy. Some examples of cover under a Cyber Liability policy are:

  • Privacy Notification
  • Crisis Management Expenses
  • Data Recovery Expenses
  • Business Interruption Expenses
  • Data Extortion Expenses
  • Security & Privacy Liability
  • Multimedia Liability


Mandatory Data Breach Notification
We have summarised some key information in relation to the Mandatory Data Breach Notification Laws.

Purpose, examples and what is a data breach?

  • The Privacy Policy Procedures were developed to formalise the Privacy Policy framework to meet the Australian Privacy Principles implemented in 2014 and work in conjunction with the Data Breach Response Procedures.
  • The Privacy Act applies to an Individual’s Personal Information, Personal Information is: information or an opinion about an identified individual, or an individual who is reasonably identifiable.
  • Examples of Personal Information are Personal Information: Name, address, age, date of birth, credit card details.
  • For the purpose of this Guide a data breach is when personal information held by an entity is lost or subjected to unauthorised access, modification, disclosure, or other misuse or interference. Examples of a data breach are when a device containing personal information of clients is lost or stolen, an entity’s database containing personal information is hacked or an entity mistakenly provides personal information to the wrong person.
  • A ‘data breach’ may also constitute a breach of the Privacy Act, however this will depend on whether the circumstances giving rise to the data breach also constitute a breach of one or more of the APPs, a registered APP code or the Privacy (Credit Reporting) Code 2014 (CR code).

 

The Commissioner has a range of enforcement powers, including the power to:

  • Make a determination requiring the payment of compensation for damages or other remedies, such as the provision of access or the issuance of an apology (enforceable by the Federal Court or Federal Magistrates Court)
  • Accept an enforceable undertakings
  • Seek civil penalties of up to or apply for civil penalty orders of up to $340,000 for individuals and up to $1.7 million for companies, and
  • Seek an injunction regarding conduct that would contravene the Privacy Act.
Share by: