follow us
Planning your next holiday? Find an ATAS accredited agent here » ATAS Logo


If you're a new user and do not yet have a username/login.

Register Now

Participant Zone

Accredited ATAS participants click here for access to the secure business support area.


Returning users log in to commence or access your ATAS application.

My AFTA Login

News Hub

« Back

Out there in Cyber Space bad things are happening

We all had a bit of a chuckle after the ABS Census debacle, but the reality is that some of what happened on the night of the Census is only the tip of the iceberg of what is really happening in Cyber Space.

Cybercrime, are you at risk?While it is true that vandals and criminals still cause major damage to physical property and disruption to businesses all over the country, there has been a massive surge in the damage caused to business operations in Australia via Cyber Attacks. Too many businesses believe they are not at risk or have the attitude of “it won’t happen to me” - chances are it will, if it hasn’t already.

Cyber Risks have quickly become one of the leading exposures to Australian businesses. The Australian Government estimates almost 700,000 businesses have experienced a cybercrime. Of these attacks, 60% were targeted at small to medium businesses with the average cost of a cybercrime attack being more than $275,000.

Losses can be extensive, especially when your customers’ personal information has been stolen. The cost of Crisis Management, notifying your customers, IT system remediation and recreation of lost data, extortion costs and even fines from regulators can add up very quickly. These fines in relation to privacy regulations mean that the business can be fined up to $1.7m and responsible privacy officers (the individual) up to $340k.

Incidents can be as basic as attaching a wrong file to an email or using an image on your website which has been copyrighted by another entity but they can be as complex as a hacker attack and loss of all records, possibly many years of work destroyed.

Even more alarming is where these threats can come from. They can be “vandal- like” attacks to disrupt or deface your business or they can be Cyber Attacks to steal customer information (such as credit card numbers or passport details). You can be attacked for your Intellectual Property or just fraud. Attacks can come from organised crime syndicates and professional hackers, but they can also come from disgruntled employees, unhappy contractors or even competitors.

Cyber & Privacy Protection Insurance can provide protection for many exposures including:-

  • Privacy Breach - Your liability to third parties for loss of personal information, commercially confidential information and employee information

  • System Damage - Can cover your IT Systems as well as lost data and also the cost of external IT Forensic and Security Consultant costs

  • Business Interruption - Can cover loss of profits as a result of the attack

  • Computer Virus & Hacking - Aims to provide cover for the liability arising from hackers and viruses including the loss or theft of data for which you are responsible and also losses as a result of phishing emails or Denial of Service attacks.

Sometimes the real danger lies in the fact that a company will not know the full extent of the damage immediately after the attack. Stolen information may not be made public all at once.
It is crucial that all data is backed up regularly (and copies kept off site). It is also exceptionally important appropriate virus / security protection is kept updated at all times.

Best Practices

Besides having in place a quality Cyber & Privacy Protection Insurance Policy, you need to ensure your organisation regularly informs all of your staff what to watch for. Some examples include:

  1. Be wary of unsolicited phone calls. People can claim they are from your bank or other well-known organisations and can be very convincing. Do not give out information that the organisation calling you should already know. Fraudsters will often say there is a problem with your account, ask you to transfer money. They can even ask you to call a number you know and keep the phone line open so when you call back you are speaking to them.

  2. Always be very careful with your customers personal details and how this information is used

  3. Unsolicited emails may direct you to a link containing a virus – just one accidental click can bring an entire network down. Remind your staff that under no circumstances should these emails be opened, and if it does happen, it should be reported IMMEDIATELY. The sooner your IT firm is advised, the sooner the damage can be halted.

  4. All portable equipment (laptops, smartphones, iPads and the like) should be password protected/encrypted to protect sensitive information. When these items are lost, it is not only the property that has gone – the unsecured information could be much more costly.

What you need to do

  • Ensure you have protocols that are followed by all staff at all times
  • Should an attack happen, act immediately and contact your IT Provider 
  • Be certain that you have a comprehensive Cyber & Privacy Protection Insurance Policy in place – if an attack happens, your Broker will be able to put you in contact with specialist firms that can assist you through the incident

If you believe that this issue is relevant to your business, please feel free to contact Rebecca Fleming, Account Manager of our Travel Industry Division at Gow-Gates Insurance Brokers on (02) 8267 9919 or to discuss your circumstances or to obtain a quotation.

Best practice to avoid Cybercrime

Gow-Gates Insurance Brokers advises that persons should not act on the material contained in this article as the items are of a general nature only and may be misinterpreted. We therefore recommend that advice be sought before acting in these areas.