The Notifiable Data Breach Scheme (NDB)’ came into effect here in Australia on the 22nd of February 2018. Since its inception there have been 964 notifications, which is a massive 712% increase on the 114 notifications in the year before the scheme’s launch. Under this new NDB law, failure to report a breach can incur up to $1,800,000 fine on a company and up to $360,000 fine for an individual.
Cyber is one of the most talked about topics in business, insurance and media, yet remains the most misunderstood and with good reason.
Recent stats released in The Office of the Australian Information Commissioner’s (OAIC) first annual report, indicates the need for staff education, as many breaches involve the human factor, such as clicking on a phishing email or by using social engineering or impersonation to obtain access to personal information fraudulently.
The sources of a data breach
Most common cyber incidents
What Can It Cover?
While all cyber insurance policies will vary from company to company, here are some of the fundamental coverage features…
- Business interruption loss due to a network security failure or attack, human errors, or programming errors.
- Data loss and restoration including decontamination and recovery.
- Incident response and investigation costs, supported by a 24/7 multilingual incident reporting hotline and on-demand vendors.
- Delay, disruption, and acceleration costs from a business interruption event.
- Crisis communications and reputational mitigation expenses.
- Liability arising from failure to maintain confidentiality of data.
- Liability arising from unauthorised use of your network.
- Network or data extortion / blackmail (where insurable).
- Online media liability.
- Regulatory investigations expenses.
- The expenses that you incur throughout the crisis management.
- The cost of informing your customers of the data breach, as well as the financial consequences of monitoring their data to ensure their protection.
- Cyber Crime/ Theft Loss as a result of theft of your money or securities due to malicious use or access of a covered computer system.
- Social Engineering an electronic transfer to an unintended third party that results in a direct financial loss.
It is worth noting that whist Cyber Crime/Social Engineering this is one of the biggest issues facing businesses today, not every cyber policy includes cover for theft of funds.