5 Essentials in Cyber Security


The Australian Cyber Security Centre’s annual Cyber Threat Report for FY21 makes for sobering reading, revealing 67,500 cybercrime reports were made in that year (a 13% YoY increase), and estimated to have cost Australians $33 billion. Following the report’s release, Honan hosted a cyber seminar with partners Clyde & Co., sharing the latest updates on the cyber risk landscape, practical strategies for managing the growing risks, as well as regulatory changes to data privacy, and upcoming legal reforms set to affect businesses. As emphasised in the seminar, no industry is immune from the impacts of cybercrime. Here are our key considerations for business leaders to keep in mind as they navigate the evolving situation:


1. Cyber insurance is critical

A robust cyber insurance policy works to complement existing IT security systems to protect your organisation against damages that can result from cyber attacks, data security breaches, and costs associated with response and recovery. While cyber insurance is an essential part of a business cyber security toolkit, it is not a standalone solution. Learn more about how cyber insurance can compliment your cyber security strategy here


2. Embed a tailored Cyber Incident Response Plan (CIRP)

An effective CIRP is a framework designed to protect your business’ reputation, minimise losses, limit business disruption, and help businesses avoid common mistakes in the event of a cyber incident. This plan should be reviewed on an annual basis and clearly define the roles and responsibilities of relevant key staff. Critically, in the event of a security breach, if a board can demonstrate that 1) they were aware of a cybersecurity risk, and 2) that they activated a framework to mitigate that risk, it is less likely to risk breaching its fiduciary duties under both the Privacy and Corporations Acts. To find out more about developing a CIRP to meet your business’ needs, speak with your broker.


3. Understand your governance requirements

Changes in governance expectations, director liabilities, and regulatory reform is seeing business leaders place significantly more emphasis on their organisations’ cybersecurity and risk management strategies. Directors can be held responsible for not acting to progress a company’s cybersecurity framework and may be punished if they are found to have failed to ensure a company has an adequate cybersecurity risk management plan in force, not responded in a reasonable time frame to a known data breach or failed to respond altogether. You can read more about this in our simple summary.


4. Multi-Factor Authentication (MFA) is a must

MFA is a method of electronic authentication that requires a user to provide at least two forms of identity verification before access is granted to a program, network, or system.  Ensure MFA is installed across all remote working systems for your business’ employees, contractors, and vendors. Learn more about MFA and password best practice in this guide.


5. Use a separate Virtual Private Network (VPN) for remote working

With hackers taking advantage of widespread remote working arrangements, it is more important than ever to ensure your staff use a separate VPN whenever they are working outside the office. This is vital for various reasons in preventing security breaches. It is equally important to notify your broker that these procedures have been implemented because this helps them to gain access to insurance capacity as a risk transfer solution for your business.




Click here to watch the Cyber Seminar Recording and enter the Passcode: HbK+7U7P

You can find out more about managing your business’ cyber security in our Cyber Capability Statement.


Ben Robinson

Placement Manager – Professional & Executive Risks


Social Engineering: Simple Steps to Protect Your Business


While businesses leveraged technology to interact with their consumers in revolutionary ways over the last 18 months, so too have hackers.

Hackers can access bank accounts or intercept banking transactions, but most often, they are looking to collate your business’ and your customers’ private information, which they sell to vendors on the black market. Restoring funds, IT infrastructure, and regaining consumer trust in the wake of a security breach can be extremely expensive, with attacks costing Australian businesses $29 billion a year.



Social Engineering describes a broad range of malicious activities achieved by manipulating individuals into providing security details and sensitive information. The hacker identifies their victim and gathers background information, which they use to gain trust and infiltrate their company entry points. Hackers then remove all traces of malware and repeat the process with their next target.  Often these attacks are not detected until it is too late. Here are some of the key Digital Social Engineering techniques:



These forms of social engineering require the attacker to execute their deception in person. A hacker simply leaves behind physical redirection in the form of a URL address or a jpeg drive, e.g., in a flyer informing employees of a deal, with instructions to communicate or conduct transactions via a false website. Because the risk of identification can outweigh the reward, hackers have adopted more sophisticated methods. 



Phishing scams are the most common form of Social Engineering. Phishing emails are designed to create a sense of urgency or curiosity amongst victims. For example, a hacker may send an email alerting their target to a policy violation that requires immediate action. Crafted to appear similar to correspondence the target would normally receive, the email would advise that credentials or passwords are required to action the request.  Without taking precautions to ensure the information or sender is authentic, an employee may allow a hacker access to the company’s data and information. Find out more about phishing emails and browser notifications and how you can reduce the risk of an attack here.



Between February and March 2020 as businesses began working from home, spear phishing attacks increased by 667%. Spear Phishing is similar to Phishing but is tailored to an individual. This technique uses the target’s information against them, utilising characteristics, job qualifications, and their own contacts to impersonate an individual within their network. For example, an attacker may pose as a company CEO requesting an employee makes urgent purchases, process transactions, or provide details directly, enabling them to access a complete database of private information.



A false sense of urgency coupled with the volume of correspondence flowing during business hours, can make it difficult to spot a social engineering campaign, but there are actions you can take to reduce your risk of being targeted:

  • Know who is at your place of work. Employees should show credentials in the office. If you see someone you do not know, raise this with colleagues, HR, and IT. The assumption that a stranger is a customer or client can be costly. 
  • Be aware of information exposed to the public.  Even discussing details verbally can attract a hacker’s attention, marking you as their next target. 
  • Educate yourself about social engineering and cyber-attacks. A good place to start is our Tips for Remote Working, Cyber Security, and Avoiding Email Scams.
  • Raise awareness among employees.  Foster a sense of ownership amongst your employees by helping them identify and report cyber threats.
  • Take note of emails received. Should you receive an email from an unknown source, cross-check with your data and members of the company to confirm if the sender is recognised. When receiving an email from a known source, take note of the email address itself. If the email is from a hacker, minor details will often be different, like font or email signature. Do not open suspicious emails, attachments, or associated URL links and raise the issue with IT. 
  • Keep your software, antivirus, and anti-malware software updated. 
  • Multifactor authentication is one of the best ways to protect your credentials.



By implementing these tips, your exposure to social engineering can be greatly reduced. It is also important to implement measures that react if your business is compromised. A cyber insurance policy can support the rebuilding of your business in the event of a cyber-attack. It provides cover for losses such as data destruction, extortion, theft, and hacking. When approaching insurers for cover against cyber attacks, underwriters will consider if your business has the following risk mitigation measures in place:

  • Encryption of sensitive data
  • A Cyber Incident Response Plan
  • Data backup and recovery procedures
  • Business Continuity and/or Disaster Recovery Plans
  • Software patching procedures
  • Antivirus and firewalls.

Therefore, providing evidence that your business has taken action to limit its cyber risk exposure can reduce the cost of insurance.



To discuss your business’ cyber risk exposures and security needs, please feel free to reach out at any time.

Jason Holmes

Client Executive – Global




Discover more about cyber insurance.

4 Risk Protection Essentials for Tech Start-Ups


In October 2020, Apple announced its line-up of products that will support 5G, heralding a new era of technological advancement. While your tech start-up might not have the muscle of Apple just yet, your product or service could be solving equally important problems not yet identified in the market. And why not? Wi-Fi was famously invented here in Australia!

There are inherent risks when starting any new business, but from a liability standpoint, various insurances can greatly assist in mitigating risk. For Australian tech start-ups in particular, the following 4 insurance essentials are critical ones to keep in mind:


1. Secure a Comprehensive Information Technology (IT) Liability Policy

Almost every business is required to have Public Liability insurance, but tech start-ups also need to consider cover from an IT standpoint. From crime and defamation, to unintentional infringement of intellectual property, ensuring your IT Liability policy is comprehensive will help in mitigating risk. An IT Liability policy helps protect businesses against claims relating to failure of their products, advice or services. In many cases, a Professional Indemnity policy will not respond to losses related to the supply of goods, while Combined Liability policy can exclude pure financial loss, where personal injury or property damage has not taken place. To reduce uncertainty and maintain comprehensive coverage, an IT Liability policy is tailored to cover Professional Indemnity and Combined Liability under one umbrella. When placing an IT Liability policy, be sure to take note of any extensions and exclusions – these may be relevant in the event of lodging a claim.


2. Prioritise Cyber Insurance

It is estimated that cybercrime costs Australian businesses $29 Billion each year. Together with the rise of remote working practices and the IT vulnerabilities this has revealed, we expect cyber security to remain business critical for years to come. There are many Tips for Remote Working, Cyber Security and Avoiding Email Scams, but even the most tech savvy individuals can fall victim to cybercrime. A data breach can prove costly not only for your clients, but for the reputation, operations and ongoing viability of your tech start-up. In the event of a data breach, a robust Cyber Insurance policy can bear the cost incurred to reduce your future risks, resume business and, when needed, pay retribution for your clients’ losses. Learn more about cyber insurance and how it works in this case study on Australia’s education sector.


3. Review Limits & Sub-Limits of Liability

With limits of liability varying from $500,000 for cyber coverage to $10M for IT, having the correct coverage limits in place is crucial to avoiding being under or over insured during the policy period. Recommended levels of coverage are often advised based on any contractual liabilities between you and your clients. The size and annual turnover of your business can also help in determining the most comprehensive, and competitive policy for your start-up.

*Be mindful of sub-limits that form part of these policies, as the extensions that form part of the policy may not cover the full indemnity. For example, while an IT Liability policy may cover up to $1M for any one claim and $2M in the aggregate during the policy period, there may be a $250,000 sub-limit for product recall. Any financial costs above the sub-limit could see your start-up as financially responsible.


4. Enlist the Advice & Support of a Dedicated Broker

There are many variables that inform a robust insurance policy, and it will take time to tailor these to your start-up’s particular needs. A quality insurance broker does more than place your insurance policies, they identify risks and manage your entire portfolio of risk solutions.

The tips outlined above cover the basics of risk-protection for tech start-ups, but a dedicated, quality broker will support you in building a highly customised, blue-chip protection portfolio for your business. In turn, this frees you up to focus on what you do best – building your business!


We’re with you all the way

To find out how Honan can help support and protect your start-up, please reach out at any time. We’d love to hear from you!


Jason Holmes

Client Executive – Global




Discover more about how cyber insurance works in this case study on Australia’s education sector.

Australian Education at Risk: How Cybercrime Insurance can Help


Around the world, Australia is recognised for its excellence in education and training. Contributing over $32 billion to our economy, this critical industry represents Australia’s third largest export. Unfortunately however, this sector is one of the most vulnerable to cyber threats, due to a high dependency on digital infrastructures and web-based learning. In 2017, the education sector alone accounted for 26% of cyber-attacks in Australia, and 57% of cybercrime across the Asia-Pacific region.


The Impacts: How it Hurts

At present, the Government estimates that cyber incidents involving Australian businesses cost up to $29 billion a year. The financial implications of cybercrime are overwhelming, but they extend beyond the balance sheet. Significant damage to an organisation’s reputation is also common, as demonstrated in the recent attacks on The Australian Catholic University, Australian National University and Toll Group.

The vast number of digital libraries storing sensitive personal data also makes the education sector highly attractive to cyber criminals. Personally Identifiable Information (PII), such as student records, make cyber breaches particularly damaging. Furthermore, high-risk technology systems, hardware and infrastructures such as laptops, tablets, interactive whiteboards, mobile phones and video conferencing are commonplace in the education industry. Designed and utilised by multiple parties across the sector, e-learning platforms also house data relating to students, teachers, curriculums and learning outcomes, all of which may be at risk.


How Hackers Work

Hackers are becoming increasingly sophisticated in their approach to hacking anti-virus/anti-ransomware software. Readily available through the dark web, hackers now use scanning tools to identify particularly vulnerable organisations, and to further isolate the weak points in their systems and networks.

Once a hacker gains access to a device, systems like malware and ransomware can be used to extract confidential information or shut down computer systems/networks, demanding a ransom in return for access.


Cyber Insurance: Protection Through Policy

Cyber Insurance can represent a low-cost way to help protect your business from the risks of cybercrime. Given most organisations are not able to resolve cyber attacks in-house, a robust Cyber Insurance Policy will include an Incident Response Team (IRT). Equipped to respond immediately, the client’s IRT can:

  • minimise further loss to the business (e.g. financial, reputational)
  • regain critical system access ASAP with a view to protecting systems and data
  • limit business downtime, minimising income loss as a result.


Cybercrime Case Study: How Honan Helped

Honan recently supported a client (Sydney-based driver training school) through a cybercrime event.

The cybercrime (insurable event)

A ransomware attack causing the booking and payment processing system to be down for five days, resulting in a $25,000 loss in revenue, plus IT vendor fees.

The resolution

Having a Cyber Security Insurance Policy in place with Honan meant the total costs incurred by the client were covered by their insurance premium. Beyond potential financial loss, the IRT provided valuable insights into the type of attack and the resulting damage. The IRT conducted analysis of the client’s systems to limit the risk of further attacks.



Honan – we’re with you all the way

For more information on how to protect your business from cyber threats and other emerging exposures, please contact us at any time:


Chris Prowse

Senior Client Executive ‑ Corporate Insurance & Risk Solutions


0491 696 380


Exclusive Global Partnership to Supercharge Honan’s Tech Insurance Offering

Biotech & Life Science

In a world where robust technology and cyber security are more essential than ever, we’re pleased to announce a powerful new partnership with TechAssure. A global leader in its field, TechAssure is an invitation-only international network of independent insurance brokers specialising in technology. Already live, Honan’s Dan McCallum shares how this critical partnership came about, and what benefits are in store for clients.


The ideation of Honan’s partnership with TechAssure commenced when?

Across the last 12 months, a number of technology insurance carriers and overseas brokers have recommended Honan to the TechAssure network.


What’s the core value proposition of this new partnership? 

The TechAssure network aims to have a presence in each technology hub around the world, giving clients access to the largest network of specialist technology brokers in the insurance industry.


What makes TechAssure so special?

To ensure each member of the global TechAssure network contributes valuable expertise to the greater group, they must meet a strict set of criteria (e.g. a minimum level of technology premiums, capability statements and service reports are also vetted). We’re in good company!


What benefits can Honan clients expect to enjoy from this new partnership? 

Our clients gain immediate access to market-leading industry insights and tools, including comparative data (e.g. insurance limits purchased by competitors), claims scenarios and claims trends. TechAsssure Brokers also gain access to pre-agreed policy endorsements, which provide their clients with enhanced levels of cover. Honan clients will also have tools on hand to support cyber loss calculations, pre-loss coaching, post-loss coaching and regulatory requirements for other countries (e.g. the General Data Protection Regulation in Europe).

Thanks to timely, industry-leading intel from TechAssure experts across the globe, Honan clients expanding overseas will be equipped with sharper insights than ever before.


What kinds of businesses are currently turning to Honan for their tech, cyber &/or digital risk protection needs?

Tech companies across the globe are now turning their attention to Australia as a stable environment to launch new ventures. We’re working with a number of companies in the technology space who are either raising capital through either an ASX listing or seed investment. Honan is being called on by such tech leaders to ensure their assets, people, investors and operations are protected through these exciting new chapters.


Where can we go to learn more about TechAssure?

Check out the TechAssure website.


Your #1 go-to resource for the latest on all things cyber & tech?

For excellent tech insights and resources across a broad range of industries, check out Kroll.


We’re With You All The Way

Please feel free to contact Dan at any time on dan.mccallum@honan.com.au , +61 499 799 131 or connect with him on LinkedIn.

COVID-19: Tips for Remote Working, Cyber Security and Avoiding Email Scams

By Dominic Brettell
Head of Client Service (NSW) – Corporate Insurance & Risk Solutions

When a crisis hits, it can bring out the best in humanity. This was evident during Australia’s recent bushfire crisis, where people from around the nation (and the world) came together to support communities.  Unfortunately, crises can also bring out the worst, where people see opportunities to exploit people’s anxiety, fear and panic.

The COVID-19 pandemic has countries and governments scrambling to respond. The healthcare system is being pushed and our economy is suffering. There are significant changes to how and where we work. It’s predicted many businesses will face solvency issues, which may lead to closures, especially to the most vulnerable small to medium business sector, the lifeblood of Australian communities.

A growing number of employers are implementing social distancing and/or remote working policies. Moving at short notice from a trusted office environment to working remotely can create security risks. Our experience tells us that employees are typically the weakest link in the network security chain. In these times of anxiety and uncertainty, they are even more vulnerable than usual to cyber threats. At Honan, we have already witnessed increased activity from cyber criminals looking to exploit the crisis. We have seen a rise in email scams, phishing emails, malware and social engineering fraud.In response, we’d like to share with you some guidance on enhancing your cyber security.


Eight ideas for improved cyber security for remote workers:

  1. Implement the latest version of your security software and anti-virus protection. Regularly check for patches as these often fix entry points for cyber criminals
  2. Ensure your WiFi connection is secure
  3. Back up regularly – if you are a target of an attack, a back up means you won’t lose everything
  4. Install encryption tools
  5. Change your password regularly
  6. If working in a shared space, ensure you lock your screen when stepping away
  7. What’s the plan? – If there is a cyber security incident what are the procedures to follow? Educate staff on these procedures
  8. Cyber Insurance – review your Cyber insurance policy or consider purchasing one.


We have gathered some additional resources to help you protect against cyber risks in the current climate:

  • The Australian Cyber Security Centre has provided a list of proactive strategies businesses can take in preparation for COVID-19.
  • Mailguard, a leading cloud email security provider, has produced an eBook detailing the          5 Types of Email Scams Exploiting COVID-19
  • Small Business Cyber Security Guide from The Australian Cyber Security Centre



For any further queries or concerns, please contact: 

Dominic Brettell

Head of Client Service (NSW) – Corporate Insurance & Risk Solutions.


COVID-19: Business Interruption, Contingency and Workplace Risk


On 30 January 2020, the World Health Organisation declared the Coronavirus outbreak a Public Health Emergency of International Concern. We sympathise with everyone who has been impacted by the virus and Honan Insurance Group have implemented additional resources and contingency planning to ensure that we remain able to provide advice, insurance and support to our clients as the situation develops.


As the impact of COVID-19 on local and international economies continues to evolve, we highlight to all clients the need for management to consider financial, strategic and business risks to operations. In this article, we examine the key areas we have received the most queries about: Property and Business Interruption, Business Contingency and Workplace Risk.


Industrial Special Risks* (Property and Business Interruption) Insurance & COVID-19 

(Potential Policy Response under ISR Mark IV Policy)

It is expected that many businesses will suffer disruption as a result of the spread of the Coronavirus (COVID-19).   With the situation changing rapidly and restrictions on the movement and gathering of people (both at local level and internationally), there is no doubt many companies will suffer from loss of revenue and/or additional expense.


Property Damage

Generally, property policies (including office risks) cover physical loss, destruction or damage to insured property resulting from a covered peril (all risks).  In the case of the Coronavirus, the ISR (Mark IV) policy exclusion 4(a) excludes physical loss destruction or damage occasioned by or happening through disease.  Office-related risks also have very similar exclusions. The ISR policy can include a myriad of endorsements with some coverage writebacks for costs to clean-up a site (where required by order of a public authority), however, this would need to be reviewed on a case by case basis.


Business Interruption

An ISR insurance policy extends to include under Section 2 coverage for business interruption.  This cover traditionally applies only to interruption caused by an insured material damage event such as fire, storm, impact or accidental damage.

In addition, cover is extended to include closure of the business by public authority for several risks including human infectious or contagious diseases.   This coverage was designed to cover events such as an outbreak of Legionnaires disease or measles which could affect one or two buildings and a small number of businesses.  Some ISR policies can extend to provide coverage for outbreaks in a 20-50km radius from the insured location.

Specifically, in relation to the COVID-19 outbreak, the ISR policy contains a specific exclusion for loss resulting from interruption of or interference directly or indirectly arising from or in connection with Highly Pathogenic Avian Influenza in Humans or any other diseases declared to be quarantinable diseases under the Quarantine Act 1908 and subsequent amendments.

Following the H5N1 virus (avian influenza) outbreak in 2006 and the H1N1 virus (swine influenza) outbreak in 2009, insurers adopted this exclusion as a market standard position in Australia.

The Australian Quarantine Act 1908 was replaced by the Biosecurity (Consequential Amendments and Transitional Provisions) Act in 2015.  COVID-19 was added to the Act as a listed (quarantinable) human disease on 21 January 2020, under Biosecurity (Listed Human Diseases) Amendment Determination 2020 (Cth) F2020L00037.


Listed Human Diseases under the Act are thus now:

  • Human influenza with pandemic potential
  • Plague
  • Severe acute respiratory syndrome (SARS)
  • Middle East respiratory syndrome
  • Smallpox
  • Viral haemorrhagic fevers
  • Yellow Fever
  • Human Coronavirus with pandemic potential

As a result of the above, the business interruption section of your insurance will not provide cover for COVID-19 disruptions. As with any other threat it is important to consider what risk management measures you can introduce to mitigate the risk to your staff, customers and business.


Risk Management Tips: How to avoid infection

Here is a short list of ways to minimise the spread of Coronavirus

  • Practice good personal hygiene.
  • Avoid contact with anyone with or suspected of having Coronavirus.
  • Boost your immune system by eating well, exercising, having enough sleep, and keeping your stress levels under control.
  • Cancel or delay any travel until the crisis is over.


Recommended Actions for your organisation:

  • Implement a home quarantine regime for anyone that has travelled to an infected country or is likely to have been in contact with someone infected with Coronavirus.
  • Review and update if necessary human resource (‘HR’) policies on fitness for work including possible quarantining of employees and formalising the requirement for employees to remain off work if affected.
  • Consider or extending flexible working arrangements to reduce the likelihood of the spread of the virus in the workplace or the community.
  • Update travel rules and arrangements limiting non-essential business travel.
  • If not already in place, provide sanitized hand washing stations for use by staff and visitors.
  • Review arrangements for workplace hygiene and cleaning protocols including “cough and sneeze” etiquette.
  • Protect the mental wellbeing of employees concerned about the Coronavirus.
  • Ensure clear and honest communication to employees on their welfare.


Keep Informed

Everyone should remain alert for updates and advice from the relevant authorities on additional steps to manage the spread of the disease. The health department in each state is providing excellent resources and advice and regular updates. Before travelling, check for and take the advice of any travel warnings on smartraveller.gov.au.


Business Continuity Management Planning

A pandemic is just one risk facing modern organisations.   Having a fully documented and exercised business continuity management plan is important for every business.  Honan has resources to assist you in developing a business continuity plan and please speak to your Client Manager for further information.

*Property/Office/Business Interruption


Business Contingency

The Coronavirus may impact revenue for businesses through:

  • Production slowdown & disruption to workforce (sick or quarantined employees)
  • Disruption to Supply chains and supplier services
  • Decrease (or increase) in demand for stock
  • Large scale closures of consumer markets and public spaces due to quarantine
  • Delays in customers paying outstanding invoices within normal trading terms
  • Economic slowdown on global and local scale


Whilst there is coverage available under Corporate and Business Travel insurance policies in certain circumstances, there is limited cover available under most standard General Insurance policies for loss of trade and interruption to business operations.

As a general rule, it is not viable for most insurance markets and products to cover “global pandemics” as an insurable event. This is because the financial impacts of a pandemic are not quantifiable, meaning risk cannot be priced accurately or sustainably by insurers. If you do suffer a loss, please contact our team to discuss the specific circumstances and how your policy may respond.

Whilst insurance cover availability may be limited, businesses can prepare.  We would strongly recommend formation of a working committee to evaluate the impact to business as conditions continue to evolve, with accountability to the board or executive team.


Considerations for a COVID-19 working group should include:

  • Review of policies, procedures and protocols in place to protect the safety and wellbeing of employees and prevent further risk of spread of COVID-19 within the workforce and community.
  • Assess venerability of IT Infrastructure (including stress-testing) for an organisation’s ‘Work from Home’ capabilities in the event of premises closure/staff quarantine
  • Consider the impact on supplier and customer contracts to meet delivery/service obligations from both parties (how Contractual Penalties & Force Majeure clauses may be applied)
  • Evaluation of possible supply chain disruptions and how these can be mitigated or bypassed through appropriate work arounds and contingency planning
  • Evaluation and stress testing of stock levels and planning for inventory shortage as supply from China recommences operations
  • Review ability to support alternative revenue streams that are not as severely impacted by COVID-19
  • Review communications with key customers and other stakeholders to maintain relationships and manage challenges in a sensible, commercial & collaborative manner
  • Review credit and debt facilities to ensure that cash is available in the short term to manage financial impacts and support increased business restart
  • Communicate with creditors if a reduction in revenue has the potential to impact on cash flow and financial obligations.



Workplace Risk: Workers’ Compensation and Coronavirus (COVID-19)

There has been much discussion around the exposure and potential liability under Workers’ Compensation should an employee or contractor contract Coronavirus.

As outlined by Safe Work Australia (2020), Workers’ Compensation arrangements differ across schemes, however there are common threshold requirements that would apply in the case of COVID-19:

  • that the worker is covered by the scheme, either as an employee or a deemed worker
  • that they have an injury, illness or disease of a kind covered by the scheme, and
  • that their injury, illness or disease arose out of, or in the course of, their employment.

Compared to work-related injuries, it is difficult to prove that a disease was contracted in, or caused by particular employment. In the case of a virus such as COVID-19, establishing the time and place of contraction may become increasingly hard. We have sought clarity from our legal partners and obtained publications from the governing state regulators. Their view is it will be challenging to prove workplace exposure to Coronavirus as questions will arise as to the exact time and place of contraction.

For coverage to exist, a determining authority would need to be satisfied that the employment significantly contributed to the employee contracting the virus. For viruses, it can be difficult to accurately determine the exact time and place of transmission. As a result, it may be difficult to determine that employment significantly contributed to the virus.

However, where an employee’s employment puts them at greater risk of contracting the virus the significant contribution test may be easier to meet. For example, if the employment involves:

  • travel to an area with a known viral outbreak
  • activities that include engagement or interaction with people who have contracted the virus
  • activities that contravene Department of Health recommendations.

Each workplace illness would need to be considered on its individual merits, having regard to the individual circumstances and evidence in relation to the claim. More information is available here: Comcare Australia.

Deeming an illness or disease as work related and unique to the workplace may require court intervention to distinguish medical opinion from legal facts. There is no liability determination available to declare an illness or disease compensable or non-compensable; each case is determined on its own merits and circumstances.

Although you may not be able to eliminate the potential risk of employees contracting Coronavirus while carrying out work, you must do what is reasonably practicable to minimise the risk of employees contracting Coronavirus.


Coverage while travelling overseas for work

Any liability or workplace contribution applies to both employees working overseas and those working within Australia. Each case will be determined on its own merits and circumstances.

Note: For international employees engaged locally, state or country specific legislative conditions will apply. Queries should be directed to Honan. Depending on the state of urgency, travel restrictions and periods of self-isolation may need to be considered and communicated to all employees and contractors.


Employer Support

It is important that employers refer to internal policies and procedures to ensure measures for employee safety are in place. Honan has resources to actively advise on Workplace Risk exposure, as well as Legal and Work Health and Safety partners who can assist with ongoing management of this changing environment.


All companies will need to keep up to date in what is evolving environment.  Please see below some resources to do so:

Australian Government Department of Health

Safe Work Australia


McKinsey & Company have released a briefing paper (9th March 2020) which provides some insight into possible global economic impact as well as some common steps that can/need to be taken in preparation for businesses being affected and the formation of a working group: link here.

For any additional queries or concerns, please contact your Honan client manager.


*Property/Office/Business Interruption

The advice in this paper is general in nature. While the utmost care has been taken in the preparation of this preliminary advice or opinion, you use it at your own risk.

If you have difficulty reading and/or understanding the cover provided in the policy(ies) that you have please contact your Client Manager.

Cybercrime: Is Your Business Aware, Prepared & Protected?

By Henry Clark
Head of Professional & Executive Risks

With cybercrime an ever-growing threat both in Australia and across the world, knowing what to look out for and how to mitigate business risks has never been more critical.

In the following article, we’ll look at three key areas: a) the latest trends, b) common threats and c) some simple steps businesses can take to protect themselves.


BE AWARE: Cybercrime in Australia – The Latest Trends

With Australia’s high and growing reliance on technology, our economy is an increasingly popular target for astute cyber criminals located across the globe.

In 2019, 1,209 data breaches were registered by Australian businesses to the Office of the Australian Information Commissioner (OAIC). This marked an increase of 712% since February 2018 when the Notifiable Data Breach (NDB) scheme came into effect.* The top source of these data breaches was Malicious Attacks (61%), followed by Human Error (35%) and System Faults (4%).

Thanks to their commonly unsophisticated security systems and anti-virus/ anti-ransomware software, small and midsize businesses are major targets to cybercriminals, while industries particularly vulnerable to malicious attacks include Healthcare, Finance, Legal, Accounting and Education. Such sectors hold significant volumes of sensitive data, and lucrative financial prospects to organised crime syndicates as a result.

And the cost of all this to the Australian economy? The Cyber Security Review** found that up to $1 billion in direct costs are racking up each year. In addition to financial costs, however, even a single cyber attack has the potential to inflict considerable damage to your brand’s reputation if the incident is not managed swiftly, and thoroughly.

Furthermore, following major changes to the Privacy Act, all Australian businesses are now at risk of large penalties from the OAIC in the event of a cyber attack.

*References from Cyber Market Update – Clyde & Co
** Reference from ACIC (Australian Criminal Intelligence Commission)


BE PREPARED: Recognising Cyber Threats

As businesses become savvier to cybercrime, cyber criminals are innovating with equal pace and are now more creative than ever when it comes to hacking sensitive data. Equipping your team with the smarts to identify common scams as they go about their daily work, is now a fundamental business imperative.

Common threats to your business include;

  • Phishing: when someone uses a fake message or email to coax you into disclosing private, personal, commercial or financial details. These messages or emails will often look genuine by way of branding, logos, similar or deceptive domain names or links to authentic looking websites.
  • Malware: malicious software used by criminals to steal confidential information, hold your system ransom or instal damaging programs without your knowledge. Malware can get into your system and spread viruses through email, infected files, pop-ups or false websites.
  • Ransomware: a type of malware which is often spread through phishing emails and locks your computer’s content/operating system. This allows cyber criminals to demand a ransom in return for unlocking your computer. Ransomware will often prevent you from using your devices and/or encrypt your files so you cannot access them.

Rule: never respond to unknown messages requesting personal information, or click on links from unknown sources.


BE PROTECTED: Simple Steps Toward Safety

Preventing a cyber-attack doesn’t always require a cybercrime expert or an excessive new software investment. To mitigate financial and reputational risks to your business, some simple steps toward a more ‘cyber safe’ organisation can include:

  • Be aware of cyber threats and how to manage them – educate ALL your employees
  • Develop a set of clear cyber policies and procedures for your business
  • Have advanced security operating defaults and systems in place – instal and regularly update anti-virus/ anti-ransomware software and firewalls to stop traffic from untrustworthy sources
  • Back up data regularly
  • Implement the use of strong passwords and safe behaviour when using emails and the web
  • Have an Incident Response Plan (IRP) in place for your business which has been pre-approved by a third party insurer. A robust IRP will work in tandem with a comprehensive cyber insurance policy and guarantee your business has specialist vendors mobilised ASAP in the event of an attack. An IRP will reduce potential damage and impact to your business exponentially, and triage you back to BAU as quickly as possible thereafter. 


How can we help?

Honan has an industry-leading team of cyber advisors and specialist partner vendors with deep expertise in cybercrime prevention, management and recovery. To discuss your needs, and how we can assist with an Incident Response Plan and/or tailored insurance policy, please contact us at any time.

Henry Clark, Head of Professional & Executive Risks    henry.clark@honan.com.au

Cyber breach costs CEO his job


Your IT security may not protect you from every cyber breach

Cyber breaches are unfortunately becoming more common in Australia, with organisations needing to become more vigilant when it comes to protecting their balance sheet and the reputational damage that can be caused by a cyber breach.

ASX-listed property valuation firm Landmark White experienced were made aware of a cyber breach in February of this year, forcing the company into a trading halt.

The company expects to lose up to $7m in revenue as a result of the breach, costing the CEO Chris Coonan his job as he was forced to resign. The company resumed trading in May, where the share price has tumbled from $0.43 down to $0.26.

This case is a timely reminder that companies cannot afford to rely solely on their IT security software in this era of cybercrime. For complete protection, companies need to look towards their insurance broker for guidance on how to manage their cyber risk.

Source: IT News, https://www.itnews.com.au/news/massive-data-breach-costs-valuer-landmark-white-7m-524716


Cyber attacks on the rise for the real estate industry


As cyber breaches are becoming more common in Australia, real estate organisations need to become more vigilant when it comes to protecting their balance sheet, and the reputational damage that can be caused by a cyber breach.

The industry is seeing an increase in cyber breaches, as hackers realise the potential to access sensitive information that real estate companies hold.

This year alone, Honan have received claims for two separate agencies that have been victims of Social Engineering Fraud. In both cases, hackers were able to access documents and contracts, changing the bank account details to their details, sending payments directly to the hacker’s accounts. Together both claims totalled over $100,000.

Ransomware is another form of a cyber breach affecting the real estate industry. This occurs when malware infects files or devices, locking them and demanding a ransom to regain access. With offices relying on IT systems to run the day-to-day operations, a ransomware attack can shut down a business for days or weeks and can be extremely costly to resolve.

ASX-listed property valuation firm Landmark White was made aware of a cyber breach in February of this year, forcing the company into a trading halt. The company expects to lose up to $7m in revenue as a result of the breach, causing the CEO Chris Coonan to resign. The company resumed trading in May with the share price plummeted by 40%.

With today’s reliance on all things digital to run a business, it is more important than ever that the real estate industry look towards their insurance broker for guidance on how to manage their cyber risk.

For more information on how to protect your business from these and many other emerging cyber exposures, please feel free to contact a Honan representative below;

For more information on our Real Estate Solutions, please contact our team at Realestate@honan.com.au

Suggested Searches

  • Melbourne Office
  • Financial Service
  • Quote
  • Insurance Services
  • Trade Credit Insurance
  • Strata
  • Claims
  • Real Estate

Contact Us

Contact Information

  • Suite 8.01, Level 8, The Gardens North Tower, Mid Valley City (Lingkaran Syed Putra) 59200 Kuala Lumpur