27 February 2018

From Thursday 22 February, Australia’s notifiable data breaches (NDB) scheme commenced.

The scheme requires notification of unauthorized access to, disclosure of, or loss of information likely to result in harm.

The NDB scheme means you now cannot keep silent on data breaches and hope for the best. From 22 February 2018, breaches must be reported to both the Office of the Australian Information Commissioner and the people affected.

A wide range of entities are at risk and the statistics are horrifying. For example:

  • 63% of confirmed data breaches involved leveraging weak, stolen or default passwords and usernames
  • 22% of small businesses breached by ransomware attacks in 2017 were so badly affected they could not continue operating
  • 41% of people surveyed globally could not identify a phishing email; 30% of phishing emails were opened and 12% clicked on infected links or attachments

The number of Australian businesses using commercial cloud computing services has risen from 19% to almost one third in just one year and just because your data is in the cloud, doesn’t mean it is protected.

Lax security is frequently to blame for breaches. We suggest you review your arrangements with cloud and other third-party service providers and, where possible, encrypt sensitive information before disclosing it to third parties.

Claims experience at cyber specialist Emergence Insurance shows that:

  • Multiple backups are a must
  • Whether or not the NDB scheme is triggered in a ransomware attack, business impact and reputational damage can be substantial
  • Encryption can effectively protect data

You are only as safe as your weakest link.

A cyber insurance policy is part of every successful business’s risk management framework. Cyber insurance is not the first line of defence; it is designed to protect a business when its IT security, policies and procedures fail to stop an attack.

Emergence is a pioneer of cyber cover in Australia and provides protection for SMEs through to ASX-listed entities.

Emergence’s product gives businesses financial support and incident response expertise to recover from adverse events, including ransomware attacks, point-of-sale intrusions, denial-of-service attacks and cyber espionage.

We recommend you speak to your Account Manager regarding a suitable cyber insurance policy.

Article source: Emergence Insurance Pty Ltd