Notifiable Data Breaches Scheme Looms
The ramifications of cyber hacks are about to increase dramatically.
From Thursday 22 February, Australia’s notifiable data breaches (NDB) scheme comes into force.
The scheme requires notification of unauthorized access to, disclosure of, or loss of information likely to result in serious harm.
The NDB scheme means your clients cannot keep silent on data breaches and hope for the best. From 22 February 2018, breaches must be reported to both the Office of the Australian Information Commissioner and people affected.
A wide range of entities are at risk and the statistics are horrifying. For example:
• 63% of confirmed data breaches involved leveraging weak, stolen or default passwords and usernames
• 22% of small businesses breached by ransomware attacks in 2017 were so badly affected they could not continue operating
• 41% of people surveyed globally could not identify a phishing email; 30% of phishing emails were opened and 12% clicked on infected links or attachments.
The number of Australian businesses using commercial cloud computing services had risen from 19% to almost one third in just one year and just because your clients’ data is in the cloud, doesn’t mean it is protected.
Lax security is frequently to blame for breaches. We suggest you advise your clients to review their arrangements with cloud and other third-party service providers and, where possible, encrypt sensitive information before disclosing it to third parties.
Claims experience at cyber specialist Emergence Insurance shows that:
• Multiple backups are a must
• Whether or not the NDB scheme is triggered in a ransomware attack, business impact and reputational damage can be substantial
• Encryption can effectively protect data.
Your clients are only as safe as their weakest link.
A cyber insurance policy is part of every successful business’s risk management framework. Cyber insurance is not the first line of defense; it is designed to protect a business when its IT security, policies and procedures fail to stop an attack.
Emergence is a pioneer of cyber cover in Australia and provides protection for SMEs through to ASX-listed entities.
Its cyber product includes instant access to an incident response team of experts who understand the importance of immediately mitigating potential threats to insureds’ businesses.
Emergence’s product gives businesses financial support and incident response expertise to recover from adverse events, including ransomware attacks, point-of-sale intrusions, denial-of-service attacks and cyber espionage.
written by Troy Filipivic, Managing Director Emergence Insurance; Cyber Insurer Australia Specialist