follow us
Planning your next holiday? Find an ATAS accredited agent here » ATAS Logo

Register

If you're a new user and do not yet have a username/login.


Register Now

Participant Zone

Accredited ATAS participants click here for access to the secure business support area.

My AFTA

Returning users log in to commence or access your ATAS application.

My AFTA Login

News Hub

« Back

Cyber and Privacy Attacks... hacking doesn’t just happen in the movies! Gow-Gates explores potential data security risk for business

More and more the headlines are filled with names of companies that have been hacked and the reality is that this crime is no longer limited to governments and banks. Even loyalty programs and small businesses are finding that they can be a target, and whilst the technology age has brought with it so many benefits there are risks involved.

Stories of stolen personal information (including customer credit cards), stolen laptops containing client information, or a disgruntled employee downloading confidential records before leaving the company are becoming more common. There are also risks arising from internal errors or failure to follow information handling policies that cause accidental loss or disclosure. In fact, recent information collected by insurers has indicated that it is more than likely a staff member inadvertently allowed access that resulted in a cyber attack – for example, not logging off properly, not following guidelines on passwords, or just opening a link on a strange email without thinking. Statistics show in 2013, 1 in 392 emails contained a phishing attack* – cyber risks are now a people issue, not just a technology issue.

When it comes to a data security or privacy breach, it isn’t a matter of if it will happen, it is a matter of when, and what the consequences will be. Last year alone there was an increase of 500% of Ransomware attacks across the globe with 552 million identities stolen – numbers too high to comprehend*.

All businesses collecting and/or dealing with personal information in Australia should review their privacy procedures to ensure compliance and put in place risk management measures to make sure the financial impact of such a breach does not impact on the organisation.

Managing your risk

There are protocols your company can implement to reduce and manage the exposure to your business. Though not an exhaustive list of protocols that could be considered the following, if implemented, would assist in risk reduction.

Have an Incident Response Plan – if you have a clear and concise plan you will be able to take fast action to contain a breach and minimise the financial and reputational damage to your company.

Appoint a Security Information Officer – network and data security is no longer only the sole responsibility of the IT department. There should be an officer responsible for data protection and this person should coordinate the organisation’s procedures and response.

Encrypt Data – with all employees accessing network via many different types of mobile devices (from mobiles to laptops) a breach can occur from simply losing a phone. If the device is lost or stolen, the data cannot be used which will mitigate the potential exposure.

Have a Network Security Policy – A current and enforced network security policy should outline the organisational rules for appropriate use of an organisation’s computer resources. The policy should include strong password protocols, website access and usage restrictions and appropriate email usage.

Effect appropriate insurance – explanation below.

Cyber/Security and Privacy Protection – Insuring your risk

Cyber Insurance Policies to protect your business from the consequences of these type of attacks are becoming much more common and are providing more protection to companies that may have otherwise had to incur the cost of the damage themselves.

Insurance is now available to protect you against these risks and provides cover for:

Third party coverage for:

  • Security and privacy liability including cover for regulatory proceedings defence costs
  • Civil fines and penalties cover (available as an option)
  • Internet media liability (available as an option)

First party coverage for Privacy breach costs including:

  • Cost of notifying client or data compromise
  • Forensic investigation expenses of a company’s computer system to determine the cause and extent of the privacy breach
  • Certain legal and public relations expenses
  • Digital asset replacement expenses cover
  • Business income loss and dependent business income loss coverage
  • Cyber Extortion Threat and Reward Payments

Claims Examples

Scenario 1:

Profile:
Large travel business
background
The Insured experienced three separate data breaches over a three-year period in which hackers gained access to the Company's computer system. Over 250,000 individuals' credit card information and passport details were compromised
Policy response

Privacy Protection, Breach Costs
 outcome
$1,750,000 paid for the forensic and legal costs in defending the investigation brought by the regulator and the cost of notifying the affected individuals including providing credit monitoring services.

Scenario 2:

 profile:Online Retailer
Background:
The Insured's website was defaced and included a link to a competing retailer's website when hackers gained access to personal information of their customers and overtook their website.
policy response:

Cyber Business Interruption, Hacker Damage, Privacy Protection, Breach Costs
 Outcome:
$800,000 was paid for loss of income, cost of notifying the affected individuals including providing credit monitoring services. 

Gow-Gates specialises in this type of risk placement, so if you believe that this issue is relevant to your business, please feel free to contact Rebecca Fleming, Account Manager of our Travel Industry Division at Gow-Gates Insurance Brokers on (02) 8267 9919 or rfleming@gowates.com.au to discuss your circumstances or to obtain a quotation.

Gow-Gates Insurance Brokers advises that persons should not act on the material contained in this article as the items are of a general nature only and may be misinterpreted. We therefore recommend that advice be sought before acting in these areas.

* Statistics provided by Chubb Insurance Company of Australia Limited

logo