Get the right insurance for YOU. Call now for a FREE CONSULTATION. 1300 849 703

Cyber Risk

IT insurance

Everyone has an Exposure

  • Not “online” = no risk
  • Electronic files / records
  • Every business uses a computer or network
  • Only big businesses at risk
  • SME’s are easy targets, they lack security measures of larger businesses
  • Simple mistakes
  • Ever left your company phone, memory stick or laptop out at a bar or in a cab?

 

What is covered by Cyber Risk Insurance?

Includes cover for:

  • Claims for compensation
  • Investigations
  • Fines & Penalties (New Privacy Act)
  • Defence Costs
  • Legal Representation Expenses

Common claim:

  • Lose your iPad containing confidential client information.
  • The client sues you for breach of privacy, and
  • Privacy Commissioner launches an investigation, and issues a fine

 

What’s covered – First Party Cover:

The Insured’s own costs, including:

  • Credit Monitoring Costs
  • Cyber Extortion Costs
  • Data Restoration Costs
  • Forensic Consultant Costs
  • Notification Costs
  • Public Relations Costs
  • Legal Representation Expenses

Common claim:

  • Your systems are hacked, client credit card data is stolen. We will pay:
    • Reimbursement of ransom payment to a hacker 
    • Costs to notify all affected clients, and monitor their credit cards
    • Costs to repair your systems

 

What’s covered – Business Interruption

Reimbursement for lost profits, and Necessary expenses to maintain business operations.

Common claim:

  • Online retailers systems are hacked and the business is unable to trade, we will cover:
    • Lost profits from the interruption
    • Additional expenses such as additional call centre staff to handle telephone enquiries from clients trying to buy online

Scary Facts:

  • $2m average cost of a Data Breach Symantec Press Release, 29 Mar. 2012
  • 30% Australian businesses experience Cyber Crime PWC survey, Mar. 2012
  • 50% increase in reported Cyber Security incidents 2012 Cyber Crime & Security Survey Report 2012
  • 59% of businesses were unaware of the Privacy Act Changes leading up to its inception on 12 March 2014 McAfee Survey

Privacy Legislation

  • The new Privacy Act commenced 12 March 2014.

What’s changed?

  • A new set of privacy principles that covers the handling of personal information by businesses has been introduced.
  • Enhanced Powers for the Privacy Commissioner
  • More power to conduct compliance audits to private organisations
  • Can apply to the Federal Court or Federal Magistrates Court to compel an entity to comply with an undertaking or to pay compensation for breach of undertakings;
  • New civil penalties of up to $340,000 for individuals and $1.7 million for companies.

Since then…

  • Privacy breach: Medical records kept in garden shed – Tuesday, 15 July 2014
  • The Australian Privacy Commissioner, Timothy Pilgrim, has found a medical centre in Melbourne in breach of the Privacy Act 1988 by failing to take reasonable steps to secure sensitive medical records.
  • Privacy breach: 254,000 Australian online dating profiles hacked – Wednesday, 25 June 2014
  • The Australian Privacy Commissioner, Timothy Pilgrim, has found that Cupid Media Pty Ltd (Cupid) breached the Privacy Act 1988 by failing to take reasonable steps to secure the personal information held on its dating websites.

Some Actual Claims Scenarios

1. Charity

Profile: $18M turnover / 80 staff

Background:
Insured targeted with a denial of service (DoS) attack in last few days of a fundraising campaign. Donators unable to make donations for a day while the website down.

What’s a DoS attack?
Hacker floods a targeted system with incoming web traffic until it is virtually crippled.

Outcome:

$1, 500,000 paid

  • Lost donations
  • Rectifying damage to website

2. Online Retailer

Profile: $5M turnover / 15 staff

Background:
Insured’s website was defaced and included a link to a competing retailer’s website when hackers gained access to personal information of their customers and overtook their website.

Outcome:

$800,000 paid

  • Loss of income
  • Costs to repair website
  • Defence costs for regulatory actions by the Privacy Commissioner
  • Cost of notifying the affected individuals & credit monitoring services

3. Law Firm

Profile: $2M turnover / 8 staff

Background:
Server and client records locked by Ransomware software. Only able to get the files released after paying a ransom of $50,000 to hackers.

Outcome:

$150,000 paid

  • Loss of income
  • Ransom demand & consultants costs to handle & negotiate ransom
  • Costs to restore network as hackers refused to release files despite ransom payment