03 March 2017

Last month, both Houses of Federal Parliament passed amendments to the Privacy Act introducing mandatory reporting of data breaches. The Bill is expected to become law in the next 12 months and all companies should be aware of their potential liability associated with data breach notifications and insurance solutions that can assist in risk mitigation.

Barely a week passes without some form of cyber event being reported in the media. These range from simple errors such as using an image on your website that is subject to copyright to sophisticated hacker attacks and data breaches.

In 2015, the Australian Government reported that almost 700,000 businesses experienced a cyber crime and 60% of all targeted attacks were directed at small and medium sized businesses. Half of the costs were caused by web-based attacks and insiders. The report noted the average cost per attack, as follows:
Average cost per attack:

    • Virus, worm or Trojan $421
    • Malware $458

Botnet $867

  • Stolen devices $13,044
  • Phishing and social engineering $23,209
  • Web-based attacks $79,380
  • Malicious code $105,223
  • Malicious insider $177,834


Denial of service $180,458

53% of these costs related to detection and recovery of IT systems that are necessary for the day-to-day operations of a business.

Most firms have systems in place such as anti-virus software, firewalls and back up procedures. However when undertaking an overall risk management strategy for your business, cyber insurance should, at least, be considered as not all risks can be avoided. After all, you may have locks, alarms and sprinklers in your office, yet still insure against burglary and fire.

Many insurers have now issued cyber protection policies. Most of these provide broad cover and are relatively inexpensive. Importantly they provide cover for both first party and third party losses. Insurers have teamed up with specialist IT companies to respond immediately in the event of an attack or breach and the costs of these response teams are covered under the policy.

Some coverage areas include:

    • Business interruption caused by a cyber event that affects revenue
    • Liability arising from a hack or virus
    • Denial of service attacks
    • Costs of replacing or restoring damaged or destroyed IT systems or data
    • Copyright infringement
    • Cyber extortion

Physical theft or loss resulting in a cyber event

  • Fines or penalties and associated legal costs incurred as a result of a privacy breach


If you would like further information or a quotation, please contact your Planned Cover broker.

Laurence Gottlieb

State Manager – Victoria