Australian Education at Risk: How Cybercrime Insurance can Help

Technology

Around the world, Australia is recognised for its excellence in education and training. Contributing over $32 billion to our economy, this critical industry represents Australia’s third largest export. Unfortunately however, this sector is one of the most vulnerable to cyber threats, due to a high dependency on digital infrastructures and web-based learning. In 2017, the education sector alone accounted for 26% of cyber-attacks in Australia, and 57% of cybercrime across the Asia-Pacific region.

 

The Impacts: How it Hurts

At present, the Government estimates that cyber incidents involving Australian businesses cost up to $29 billion a year. The financial implications of cybercrime are overwhelming, but they extend beyond the balance sheet. Significant damage to an organisation’s reputation is also common, as demonstrated in the recent attacks on The Australian Catholic University, Australian National University and Toll Group.

The vast number of digital libraries storing sensitive personal data also makes the education sector highly attractive to cyber criminals. Personally Identifiable Information (PII), such as student records, make cyber breaches particularly damaging. Furthermore, high-risk technology systems, hardware and infrastructures such as laptops, tablets, interactive whiteboards, mobile phones and video conferencing are commonplace in the education industry. Designed and utilised by multiple parties across the sector, e-learning platforms also house data relating to students, teachers, curriculums and learning outcomes, all of which may be at risk.

 

How Hackers Work

Hackers are becoming increasingly sophisticated in their approach to hacking anti-virus/anti-ransomware software. Readily available through the dark web, hackers now use scanning tools to identify particularly vulnerable organisations, and to further isolate the weak points in their systems and networks.

Once a hacker gains access to a device, systems like malware and ransomware can be used to extract confidential information or shut down computer systems/networks, demanding a ransom in return for access.

 

Cyber Insurance: Protection Through Policy

Cyber Insurance can represent a low-cost way to help protect your business from the risks of cybercrime. Given most organisations are not able to resolve cyber attacks in-house, a robust Cyber Insurance Policy will include an Incident Response Team (IRT). Equipped to respond immediately, the client’s IRT can:

  • minimise further loss to the business (e.g. financial, reputational)
  • regain critical system access ASAP with a view to protecting systems and data
  • limit business downtime, minimising income loss as a result.

 

Cybercrime Case Study: How Honan Helped

Honan recently supported a client (Sydney-based driver training school) through a cybercrime event.

The cybercrime (insurable event)

A ransomware attack causing the booking and payment processing system to be down for five days, resulting in a $25,000 loss in revenue, plus IT vendor fees.

The resolution

Having a Cyber Security Insurance Policy in place with Honan meant the total costs incurred by the client were covered by their insurance premium. Beyond potential financial loss, the IRT provided valuable insights into the type of attack and the resulting damage. The IRT conducted analysis of the client’s systems to limit the risk of further attacks.

 

 

Honan – we’re with you all the way

For more information on how to protect your business from cyber threats and other emerging exposures, please contact us at any time:

 

Chris Prowse

Senior Client Executive ‑ Corporate Insurance & Risk Solutions

chris.prowse@honan.com.au

0491 696 380

 

Exclusive Global Partnership to Supercharge Honan’s Tech Insurance Offering

Biotech & Life Science

In a world where robust technology and cyber security are more essential than ever, we’re pleased to announce a powerful new partnership with TechAssure. A global leader in its field, TechAssure is an invitation-only international network of independent insurance brokers specialising in technology. Already live, Honan’s Dan McCallum shares how this critical partnership came about, and what benefits are in store for clients.

 

The ideation of Honan’s partnership with TechAssure commenced when?

Across the last 12 months, a number of technology insurance carriers and overseas brokers have recommended Honan to the TechAssure network.

 

What’s the core value proposition of this new partnership? 

The TechAssure network aims to have a presence in each technology hub around the world, giving clients access to the largest network of specialist technology brokers in the insurance industry.

 

What makes TechAssure so special?

To ensure each member of the global TechAssure network contributes valuable expertise to the greater group, they must meet a strict set of criteria (e.g. a minimum level of technology premiums, capability statements and service reports are also vetted). We’re in good company!

 

What benefits can Honan clients expect to enjoy from this new partnership? 

Our clients gain immediate access to market-leading industry insights and tools, including comparative data (e.g. insurance limits purchased by competitors), claims scenarios and claims trends. TechAsssure Brokers also gain access to pre-agreed policy endorsements, which provide their clients with enhanced levels of cover. Honan clients will also have tools on hand to support cyber loss calculations, pre-loss coaching, post-loss coaching and regulatory requirements for other countries (e.g. the General Data Protection Regulation in Europe).

Thanks to timely, industry-leading intel from TechAssure experts across the globe, Honan clients expanding overseas will be equipped with sharper insights than ever before.

 

What kinds of businesses are currently turning to Honan for their tech, cyber &/or digital risk protection needs?

Tech companies across the globe are now turning their attention to Australia as a stable environment to launch new ventures. We’re working with a number of companies in the technology space who are either raising capital through either an ASX listing or seed investment. Honan is being called on by such tech leaders to ensure their assets, people, investors and operations are protected through these exciting new chapters.

 

Where can we go to learn more about TechAssure?

Check out the TechAssure website.

 

Your #1 go-to resource for the latest on all things cyber & tech?

For excellent tech insights and resources across a broad range of industries, check out Kroll.

 

We’re With You All The Way

Please feel free to contact Dan at any time on dan.mccallum@honan.com.au , +61 499 799 131 or connect with him on LinkedIn.

COVID-19: Tips for Remote Working, Cyber Security and Avoiding Email Scams

Technology
By Dominic Brettell
Head of Client Service (NSW) – Corporate Insurance & Risk Solutions

When a crisis hits, it can bring out the best in humanity. This was evident during Australia’s recent bushfire crisis, where people from around the nation (and the world) came together to support communities.  Unfortunately, crises can also bring out the worst, where people see opportunities to exploit people’s anxiety, fear and panic.

The COVID-19 pandemic has countries and governments scrambling to respond. The healthcare system is being pushed and our economy is suffering. There are significant changes to how and where we work. It’s predicted many businesses will face solvency issues, which may lead to closures, especially to the most vulnerable small to medium business sector, the lifeblood of Australian communities.

A growing number of employers are implementing social distancing and/or remote working policies. Moving at short notice from a trusted office environment to working remotely can create security risks. Our experience tells us that employees are typically the weakest link in the network security chain. In these times of anxiety and uncertainty, they are even more vulnerable than usual to cyber threats. At Honan, we have already witnessed increased activity from cyber criminals looking to exploit the crisis. We have seen a rise in email scams, phishing emails, malware and social engineering fraud.In response, we’d like to share with you some guidance on enhancing your cyber security.

 

Eight ideas for improved cyber security for remote workers:

  1. Implement the latest version of your security software and anti-virus protection. Regularly check for patches as these often fix entry points for cyber criminals
  2. Ensure your WiFi connection is secure
  3. Back up regularly – if you are a target of an attack, a back up means you won’t lose everything
  4. Install encryption tools
  5. Change your password regularly
  6. If working in a shared space, ensure you lock your screen when stepping away
  7. What’s the plan? – If there is a cyber security incident what are the procedures to follow? Educate staff on these procedures
  8. Cyber Insurance – review your Cyber insurance policy or consider purchasing one.

 

We have gathered some additional resources to help you protect against cyber risks in the current climate:

  • The Australian Cyber Security Centre has provided a list of proactive strategies businesses can take in preparation for COVID-19.
  • Mailguard, a leading cloud email security provider, has produced an eBook detailing the          5 Types of Email Scams Exploiting COVID-19
  • Small Business Cyber Security Guide from The Australian Cyber Security Centre

 

 

For any further queries or concerns, please contact: 

Dominic Brettell

Head of Client Service (NSW) – Corporate Insurance & Risk Solutions.

dominic.brettell@honan.com.au

COVID-19: Business Interruption, Contingency and Workplace Risk

Agriculture

On 30 January 2020, the World Health Organisation declared the Coronavirus outbreak a Public Health Emergency of International Concern. We sympathise with everyone who has been impacted by the virus and Honan Insurance Group have implemented additional resources and contingency planning to ensure that we remain able to provide advice, insurance and support to our clients as the situation develops.

 

As the impact of COVID-19 on local and international economies continues to evolve, we highlight to all clients the need for management to consider financial, strategic and business risks to operations. In this article, we examine the key areas we have received the most queries about: Property and Business Interruption, Business Contingency and Workplace Risk.

 

Industrial Special Risks* (Property and Business Interruption) Insurance & COVID-19 

(Potential Policy Response under ISR Mark IV Policy)

It is expected that many businesses will suffer disruption as a result of the spread of the Coronavirus (COVID-19).   With the situation changing rapidly and restrictions on the movement and gathering of people (both at local level and internationally), there is no doubt many companies will suffer from loss of revenue and/or additional expense.

 

Property Damage

Generally, property policies (including office risks) cover physical loss, destruction or damage to insured property resulting from a covered peril (all risks).  In the case of the Coronavirus, the ISR (Mark IV) policy exclusion 4(a) excludes physical loss destruction or damage occasioned by or happening through disease.  Office-related risks also have very similar exclusions. The ISR policy can include a myriad of endorsements with some coverage writebacks for costs to clean-up a site (where required by order of a public authority), however, this would need to be reviewed on a case by case basis.

 

Business Interruption

An ISR insurance policy extends to include under Section 2 coverage for business interruption.  This cover traditionally applies only to interruption caused by an insured material damage event such as fire, storm, impact or accidental damage.

In addition, cover is extended to include closure of the business by public authority for several risks including human infectious or contagious diseases.   This coverage was designed to cover events such as an outbreak of Legionnaires disease or measles which could affect one or two buildings and a small number of businesses.  Some ISR policies can extend to provide coverage for outbreaks in a 20-50km radius from the insured location.

Specifically, in relation to the COVID-19 outbreak, the ISR policy contains a specific exclusion for loss resulting from interruption of or interference directly or indirectly arising from or in connection with Highly Pathogenic Avian Influenza in Humans or any other diseases declared to be quarantinable diseases under the Quarantine Act 1908 and subsequent amendments.

Following the H5N1 virus (avian influenza) outbreak in 2006 and the H1N1 virus (swine influenza) outbreak in 2009, insurers adopted this exclusion as a market standard position in Australia.

The Australian Quarantine Act 1908 was replaced by the Biosecurity (Consequential Amendments and Transitional Provisions) Act in 2015.  COVID-19 was added to the Act as a listed (quarantinable) human disease on 21 January 2020, under Biosecurity (Listed Human Diseases) Amendment Determination 2020 (Cth) F2020L00037.

 

Listed Human Diseases under the Act are thus now:

  • Human influenza with pandemic potential
  • Plague
  • Severe acute respiratory syndrome (SARS)
  • Middle East respiratory syndrome
  • Smallpox
  • Viral haemorrhagic fevers
  • Yellow Fever
  • Human Coronavirus with pandemic potential

As a result of the above, the business interruption section of your insurance will not provide cover for COVID-19 disruptions. As with any other threat it is important to consider what risk management measures you can introduce to mitigate the risk to your staff, customers and business.

 

Risk Management Tips: How to avoid infection

Here is a short list of ways to minimise the spread of Coronavirus

  • Practice good personal hygiene.
  • Avoid contact with anyone with or suspected of having Coronavirus.
  • Boost your immune system by eating well, exercising, having enough sleep, and keeping your stress levels under control.
  • Cancel or delay any travel until the crisis is over.

 

Recommended Actions for your organisation:

  • Implement a home quarantine regime for anyone that has travelled to an infected country or is likely to have been in contact with someone infected with Coronavirus.
  • Review and update if necessary human resource (‘HR’) policies on fitness for work including possible quarantining of employees and formalising the requirement for employees to remain off work if affected.
  • Consider or extending flexible working arrangements to reduce the likelihood of the spread of the virus in the workplace or the community.
  • Update travel rules and arrangements limiting non-essential business travel.
  • If not already in place, provide sanitized hand washing stations for use by staff and visitors.
  • Review arrangements for workplace hygiene and cleaning protocols including “cough and sneeze” etiquette.
  • Protect the mental wellbeing of employees concerned about the Coronavirus.
  • Ensure clear and honest communication to employees on their welfare.

 

Keep Informed

Everyone should remain alert for updates and advice from the relevant authorities on additional steps to manage the spread of the disease. The health department in each state is providing excellent resources and advice and regular updates. Before travelling, check for and take the advice of any travel warnings on smartraveller.gov.au.

 

Business Continuity Management Planning

A pandemic is just one risk facing modern organisations.   Having a fully documented and exercised business continuity management plan is important for every business.  Honan has resources to assist you in developing a business continuity plan and please speak to your Client Manager for further information.

*Property/Office/Business Interruption

 

Business Contingency

The Coronavirus may impact revenue for businesses through:

  • Production slowdown & disruption to workforce (sick or quarantined employees)
  • Disruption to Supply chains and supplier services
  • Decrease (or increase) in demand for stock
  • Large scale closures of consumer markets and public spaces due to quarantine
  • Delays in customers paying outstanding invoices within normal trading terms
  • Economic slowdown on global and local scale

 

Whilst there is coverage available under Corporate and Business Travel insurance policies in certain circumstances, there is limited cover available under most standard General Insurance policies for loss of trade and interruption to business operations.

As a general rule, it is not viable for most insurance markets and products to cover “global pandemics” as an insurable event. This is because the financial impacts of a pandemic are not quantifiable, meaning risk cannot be priced accurately or sustainably by insurers. If you do suffer a loss, please contact our team to discuss the specific circumstances and how your policy may respond.

Whilst insurance cover availability may be limited, businesses can prepare.  We would strongly recommend formation of a working committee to evaluate the impact to business as conditions continue to evolve, with accountability to the board or executive team.

 

Considerations for a COVID-19 working group should include:

  • Review of policies, procedures and protocols in place to protect the safety and wellbeing of employees and prevent further risk of spread of COVID-19 within the workforce and community.
  • Assess venerability of IT Infrastructure (including stress-testing) for an organisation’s ‘Work from Home’ capabilities in the event of premises closure/staff quarantine
  • Consider the impact on supplier and customer contracts to meet delivery/service obligations from both parties (how Contractual Penalties & Force Majeure clauses may be applied)
  • Evaluation of possible supply chain disruptions and how these can be mitigated or bypassed through appropriate work arounds and contingency planning
  • Evaluation and stress testing of stock levels and planning for inventory shortage as supply from China recommences operations
  • Review ability to support alternative revenue streams that are not as severely impacted by COVID-19
  • Review communications with key customers and other stakeholders to maintain relationships and manage challenges in a sensible, commercial & collaborative manner
  • Review credit and debt facilities to ensure that cash is available in the short term to manage financial impacts and support increased business restart
  • Communicate with creditors if a reduction in revenue has the potential to impact on cash flow and financial obligations.

 

 

Workplace Risk: Workers’ Compensation and Coronavirus (COVID-19)

There has been much discussion around the exposure and potential liability under Workers’ Compensation should an employee or contractor contract Coronavirus.

As outlined by Safe Work Australia (2020), Workers’ Compensation arrangements differ across schemes, however there are common threshold requirements that would apply in the case of COVID-19:

  • that the worker is covered by the scheme, either as an employee or a deemed worker
  • that they have an injury, illness or disease of a kind covered by the scheme, and
  • that their injury, illness or disease arose out of, or in the course of, their employment.

Compared to work-related injuries, it is difficult to prove that a disease was contracted in, or caused by particular employment. In the case of a virus such as COVID-19, establishing the time and place of contraction may become increasingly hard. We have sought clarity from our legal partners and obtained publications from the governing state regulators. Their view is it will be challenging to prove workplace exposure to Coronavirus as questions will arise as to the exact time and place of contraction.

For coverage to exist, a determining authority would need to be satisfied that the employment significantly contributed to the employee contracting the virus. For viruses, it can be difficult to accurately determine the exact time and place of transmission. As a result, it may be difficult to determine that employment significantly contributed to the virus.

However, where an employee’s employment puts them at greater risk of contracting the virus the significant contribution test may be easier to meet. For example, if the employment involves:

  • travel to an area with a known viral outbreak
  • activities that include engagement or interaction with people who have contracted the virus
  • activities that contravene Department of Health recommendations.

Each workplace illness would need to be considered on its individual merits, having regard to the individual circumstances and evidence in relation to the claim. More information is available here: Comcare Australia.

Deeming an illness or disease as work related and unique to the workplace may require court intervention to distinguish medical opinion from legal facts. There is no liability determination available to declare an illness or disease compensable or non-compensable; each case is determined on its own merits and circumstances.

Although you may not be able to eliminate the potential risk of employees contracting Coronavirus while carrying out work, you must do what is reasonably practicable to minimise the risk of employees contracting Coronavirus.

 

Coverage while travelling overseas for work

Any liability or workplace contribution applies to both employees working overseas and those working within Australia. Each case will be determined on its own merits and circumstances.

Note: For international employees engaged locally, state or country specific legislative conditions will apply. Queries should be directed to Honan. Depending on the state of urgency, travel restrictions and periods of self-isolation may need to be considered and communicated to all employees and contractors.

 

Employer Support

It is important that employers refer to internal policies and procedures to ensure measures for employee safety are in place. Honan has resources to actively advise on Workplace Risk exposure, as well as Legal and Work Health and Safety partners who can assist with ongoing management of this changing environment.

 

All companies will need to keep up to date in what is evolving environment.  Please see below some resources to do so:

Australian Government Department of Health

Safe Work Australia

Smartraveller

McKinsey & Company have released a briefing paper (9th March 2020) which provides some insight into possible global economic impact as well as some common steps that can/need to be taken in preparation for businesses being affected and the formation of a working group: link here.

For any additional queries or concerns, please contact your Honan client manager.

 

*Property/Office/Business Interruption

The advice in this paper is general in nature. While the utmost care has been taken in the preparation of this preliminary advice or opinion, you use it at your own risk.

If you have difficulty reading and/or understanding the cover provided in the policy(ies) that you have please contact your Client Manager.

Cybercrime: Is Your Business Aware, Prepared & Protected?

Technology
By Henry Clark
Head of Professional & Executive Risks

With cybercrime an ever-growing threat both in Australia and across the world, knowing what to look out for and how to mitigate business risks has never been more critical.

In the following article, we’ll look at three key areas: a) the latest trends, b) common threats and c) some simple steps businesses can take to protect themselves.

 

BE AWARE: Cybercrime in Australia – The Latest Trends

With Australia’s high and growing reliance on technology, our economy is an increasingly popular target for astute cyber criminals located across the globe.

In 2019, 1,209 data breaches were registered by Australian businesses to the Office of the Australian Information Commissioner (OAIC). This marked an increase of 712% since February 2018 when the Notifiable Data Breach (NDB) scheme came into effect.* The top source of these data breaches was Malicious Attacks (61%), followed by Human Error (35%) and System Faults (4%).

Thanks to their commonly unsophisticated security systems and anti-virus/ anti-ransomware software, small and midsize businesses are major targets to cybercriminals, while industries particularly vulnerable to malicious attacks include Healthcare, Finance, Legal, Accounting and Education. Such sectors hold significant volumes of sensitive data, and lucrative financial prospects to organised crime syndicates as a result.

And the cost of all this to the Australian economy? The Cyber Security Review** found that up to $1 billion in direct costs are racking up each year. In addition to financial costs, however, even a single cyber attack has the potential to inflict considerable damage to your brand’s reputation if the incident is not managed swiftly, and thoroughly.

Furthermore, following major changes to the Privacy Act, all Australian businesses are now at risk of large penalties from the OAIC in the event of a cyber attack.

*References from Cyber Market Update – Clyde & Co
** Reference from ACIC (Australian Criminal Intelligence Commission)

 

BE PREPARED: Recognising Cyber Threats

As businesses become savvier to cybercrime, cyber criminals are innovating with equal pace and are now more creative than ever when it comes to hacking sensitive data. Equipping your team with the smarts to identify common scams as they go about their daily work, is now a fundamental business imperative.

Common threats to your business include;

  • Phishing: when someone uses a fake message or email to coax you into disclosing private, personal, commercial or financial details. These messages or emails will often look genuine by way of branding, logos, similar or deceptive domain names or links to authentic looking websites.
  • Malware: malicious software used by criminals to steal confidential information, hold your system ransom or instal damaging programs without your knowledge. Malware can get into your system and spread viruses through email, infected files, pop-ups or false websites.
  • Ransomware: a type of malware which is often spread through phishing emails and locks your computer’s content/operating system. This allows cyber criminals to demand a ransom in return for unlocking your computer. Ransomware will often prevent you from using your devices and/or encrypt your files so you cannot access them.

Rule: never respond to unknown messages requesting personal information, or click on links from unknown sources.

 

BE PROTECTED: Simple Steps Toward Safety

Preventing a cyber-attack doesn’t always require a cybercrime expert or an excessive new software investment. To mitigate financial and reputational risks to your business, some simple steps toward a more ‘cyber safe’ organisation can include:

  • Be aware of cyber threats and how to manage them – educate ALL your employees
  • Develop a set of clear cyber policies and procedures for your business
  • Have advanced security operating defaults and systems in place – instal and regularly update anti-virus/ anti-ransomware software and firewalls to stop traffic from untrustworthy sources
  • Back up data regularly
  • Implement the use of strong passwords and safe behaviour when using emails and the web
  • Have an Incident Response Plan (IRP) in place for your business which has been pre-approved by a third party insurer. A robust IRP will work in tandem with a comprehensive cyber insurance policy and guarantee your business has specialist vendors mobilised ASAP in the event of an attack. An IRP will reduce potential damage and impact to your business exponentially, and triage you back to BAU as quickly as possible thereafter. 

 

How can we help?

Honan has an industry-leading team of cyber advisors and specialist partner vendors with deep expertise in cybercrime prevention, management and recovery. To discuss your needs, and how we can assist with an Incident Response Plan and/or tailored insurance policy, please contact us at any time.

Henry Clark, Head of Professional & Executive Risks    henry.clark@honan.com.au

Cyber breach costs CEO his job

Technology

Your IT security may not protect you from every cyber breach

Cyber breaches are unfortunately becoming more common in Australia, with organisations needing to become more vigilant when it comes to protecting their balance sheet and the reputational damage that can be caused by a cyber breach.

ASX-listed property valuation firm Landmark White experienced were made aware of a cyber breach in February of this year, forcing the company into a trading halt.

The company expects to lose up to $7m in revenue as a result of the breach, costing the CEO Chris Coonan his job as he was forced to resign. The company resumed trading in May, where the share price has tumbled from $0.43 down to $0.26.

This case is a timely reminder that companies cannot afford to rely solely on their IT security software in this era of cybercrime. For complete protection, companies need to look towards their insurance broker for guidance on how to manage their cyber risk.

Source: IT News, https://www.itnews.com.au/news/massive-data-breach-costs-valuer-landmark-white-7m-524716

 

Cyber attacks on the rise for the real estate industry

Industry

As cyber breaches are becoming more common in Australia, real estate organisations need to become more vigilant when it comes to protecting their balance sheet, and the reputational damage that can be caused by a cyber breach.

The industry is seeing an increase in cyber breaches, as hackers realise the potential to access sensitive information that real estate companies hold.

This year alone, Honan have received claims for two separate agencies that have been victims of Social Engineering Fraud. In both cases, hackers were able to access documents and contracts, changing the bank account details to their details, sending payments directly to the hacker’s accounts. Together both claims totalled over $100,000.

Ransomware is another form of a cyber breach affecting the real estate industry. This occurs when malware infects files or devices, locking them and demanding a ransom to regain access. With offices relying on IT systems to run the day-to-day operations, a ransomware attack can shut down a business for days or weeks and can be extremely costly to resolve.

ASX-listed property valuation firm Landmark White was made aware of a cyber breach in February of this year, forcing the company into a trading halt. The company expects to lose up to $7m in revenue as a result of the breach, causing the CEO Chris Coonan to resign. The company resumed trading in May with the share price plummeted by 40%.

With today’s reliance on all things digital to run a business, it is more important than ever that the real estate industry look towards their insurance broker for guidance on how to manage their cyber risk.

For more information on how to protect your business from these and many other emerging cyber exposures, please feel free to contact a Honan representative below;

For more information on our Real Estate Solutions, please contact our team at Realestate@honan.com.au

Your IT security software may not protect you from every cyber risk

Industry

Cyber breaches are unfortunately becoming more common in Australia, with organisations needing to become more vigilant when it comes to protecting their balance sheet and the reputational damage that can be caused by a cyber breach.

ASX-listed property valuation firm Landmark White experienced were made aware of a cyber breach in February of this year, forcing the company into a trading halt.

The company expects to lose up to $7m in revenue as a result of the breach, costing the CEO Chris Coonan his job as he was forced to resign. The company resumed trading in May, where the share price has tumbled from $0.43 down to $0.26.

This case is a timely reminder that companies cannot afford to rely solely on their IT security software in this era of cybercrime. For complete protection, companies need to look towards their insurance broker for guidance on how to manage their cyber risk.

For more information, please feel free to contact Dan McCallum at dan.mccallum@honan.com.au or on +61 499 799 131

Source: IT News, https://www.itnews.com.au/news/massive-data-breach-costs-valuer-landmark-white-7m-524716

Tougher penalties for Privacy Act breaches

Financial

Are you protected?

It has now been over a year since the amendments to the Privacy Act were introduced, requiring companies to voluntarily notify any breaches to the Office of the Australian Information Commissioner (OAIC).

In a swift follow-up from this at the end of March, Attorney-General, The Hon Christian Porter MP, announced the government’s intention to introduce even tougher penalties, as follows:

  • Penalties increased from $2.1m to $10m for serious or repeated breaches.
  • Providing the OAIC with the infringement notice powers, up to $63,000 for body corporates and $12,600 for individuals who fail to cooperate.
  • Introduce requirements for breaches to be addressed by third party audits, to ensure those directly affected are advised.
  • Require social media and online platforms to stop using or disclosing an individual’s personal information upon request.
  • Introductions of specific rules to protect the personal information of children and other vulnerable groups.

The Privacy Act amendments have forced Company Directors to become more digitally literate and cyber aware, however with the ever-changing nature of cyber risks, it is becoming increasingly difficult for Directors to keep up.

Protection

With these changes it is now more important than ever that every company manage their cyber risk through a robust insurance program, designed to protect not only your company’s balance sheet from significant first and third-party losses and fines, but also from the reputational damage that can be caused.

To manage your company’s Cyber Risk, contact Dan McCallum at dan.mccallum@honan.com.au or +61 499 799 131.

Sources: https://www.attorneygeneral.gov.au/Media/Pages/Tougher-penalties-to-keep-australians-safe-online-19.aspx

Honan Insurance Group Pty Ltd (Honan) holds an Australian Financial Services License 246749. Honan is not an insurance company, rather an insurance broker acting on behalf of our client. Where we act under a binder (as the insurer’s agent) we will notify you. This article contains general information only and is not advice. Before considering an insurance product you must read the Honan Financial Services Guide and relevant Product Disclosure Statement. 

 

Are you prepared for the mandatory Data Breach Notification regime?

Industry

Starting today, Thursday 22nd February, there is an important change to the way companies are required to manage and report data breaches.

The Australian Government introduced the Privacy Amendment (Notifiable Data Breaches) Bill 2016 to strengthen the protection of privacy and personal information, and to improve organisational transparency regarding data breaches.

Companies are now obliged to notify any individual whose personal information is involved in an eligible data breach that is likely to result in serious harm. Companies are also required to notify the Office of the Australian Information Commissioner (OAIC) of the eligible data breach.

Businesses should prepare by taking the following steps:

    1. Reviewing and understanding the data that is held and identifying personal information
    2. Revisiting the IT security policy and amending as appropriate
    3. Developing a sound data breach response plan with clear lines of authority
    4. Updating internal privacy and breach policies as appropriate
    5. Educating and training staff whilst setting out their responsibilities
    6. Taking out adequate insurance, including specific cyber cover. 

 

Cyber cover, whilst often overlooked, is fast emerging as one of the key ways to protect yourself from the risk of cyber-attacks. At Honan, we are dedicated to leading the market in providing our clients with comprehensive coverage options and have advisers with specialty knowledge of Cyber policies.

Give yourself the confidence that you’re covered. Call one of our advisers and we will assist you in analysing and understanding how your current insurance program will protect you amongst the changing regulatory and business environment.

For more background information on Cyber cover visit http://www.honan.com.au/the-cyber-minefield-for-directors-and-officers/

 

Some risk management tips:

  • Purchase a Cyber insurance policy
  • Write and put in place a data breach response plan in the event of a breach
  • Put in place a tried and tested business continuity plan for network downtime
  • Make sure you are aware of all regulatory requirements for all territories you work in or distribute to
  • Conduct employee training to ensure your staff are aware of risks the company faces
  • Put in place a “bring your own device to work” policy if you allow employees to use their own devices for work
  • Look at contracts with third party vendors providing data storage. Are there limitations of liability?
  • Conduct an external penetration test to highlight potential areas to address
  • Review system protection you have in place e.g. anti-virus, firewalls etc. and update regularly
  • Keep all your systems and software patched up
  • Enable multi-factor authentication
  • Enforce strong password policies

 

Honan Insurance Group Pty Ltd (“Honan”) ABN 67 005 372 396, AFSL 246749. Honan is not the underwriter for any insurance product that you may decide upon and insurance is issued subject to the terms, conditions and exclusions as set by the particular underwriter.

 Please note this information provided is for general advice only and does not factor in the objectives, needs or financial situation of the client. It is important for you to consider these matters and read the Product Disclosure Statement (PDS) and policy before deciding if this product is right for you. You can get a copy of the PDS by calling 03 9947 4333.

 

 

Suggested Searches

  • Melbourne Office
  • Financial Service
  • Quote
  • Insurance Services
  • Trade Credit Insurance
  • Strata
  • Claims
  • Real Estate

Contact Us

Contact Information

  • Suite 8.01, Level 8, The Gardens North Tower, Mid Valley City (Lingkaran Syed Putra) 59200 Kuala Lumpur