Prepared by James Finucane, Risk Solutions Manager, Network Insurance Group
This article is part of a series of articles intended to help AFTA Members understand their business insurance needs.
Cyber Risk is Growing
As more businesses rely more on technology, there are a growing number of cyber-attacks every year. In fact, around three in five Australian companies experience a cyber security breach every month. That’s where cyber insurance comes in – to help protect your company against risks such as computer hacking, malicious viruses, ransomware or data theft.
The Australian Financial review recently published an article explaining how Cyber-Attacks are evolving, with hackers often exploring company computer systems undetected, searching for vulnerabilities for later exploitation while leaving a dormant virus ready for activation.
How is a business impacted when a Cyber-attack occurs?
A Cyber-attack in your company could result in lost revenue, Liability claims for the damage caused by the attack and significant response costs (extortion costs, data restoration, notification costs, public relation costs, legal expenses).
How does a Cyber claim work?
We recently received a client claim relating to a hack of a client’s shared mailbox.
The virus was undetected for an hour and during this time it collected a copy of all e-mails then spammed thousands of e-mail addresses from the breached inbox (all of client’s contacts plus contacts imported by the hackers).
After investigation, it was discovered that the shared inbox contained several e-mails with forms attached which request credit card details and other personal information.
Our client immediately notified the insurer, who assisted by providing them with lawyers, and a specialist IT security firm to:
- Proactively contact credit cardholders and all other contacts who were spammed.
- Monitor potential use of credit cards obtained through the hack.
- Undertake forensic analysis to understand the number of records and type of information obtained by the hack.
- Prepare detailed documentation notifying the relevant Government Authorities of the breach, as required by legislation.
- Undertake a ‘serious harm assessment’ and create a remediation plan
Without these incident response costs being covered by the client’s cyber insurer, they would have caused significant financial strain to the client’s business.
Who can I contact for further advice?
AFTA recently launched a partnership with Network Insurance Group, a leading Australian-owned insurance broker, to provide insurance and risk advice to AFTA members. They are able to review members’ marine and other risks, and often secure cover at a reduced cost for members.
Contact Your AFTA Member Adviser: James Finucane
m: 0407 954 105 | e: afta@steadfast-irs.com.au
Every business should have a BCP (Business Continuity Plan) which covers such things as Risk Management Planning, Business Impact Analysis, Incident Responses Plan and Recovery Plan. It’s like having a backup – unless you check that the backup works and can be restored from, it’s not much use. How much you invest in your structures will depend on potential exposure, which gets covered through a Business Impact Analysis.