Contact us

1300 GOCYBER (1300 462 923)

Call or email us today!

Contact details:

Message:

Your message has been sent successfully. Close this notice.

Cyber Insurance Quote Form

Limit of Liability

Company Details

Do you process, transmit or store more than 10,000 financial transactions per year?

Yes No, less than 10,000

Do you use and keep up to date firewalls and anti-virus protection for all systems?

Yes No

Do you use third parties to complete audits of your system and security on a regular basis?

Yes NO

Are all portable devices password protected? (mobile phones, laptops, tablets, etc)

Yes No

Do you have encryption requirements for all data including portable media?

Yes No

Do you have back-up and recovery procedures for business critical systems, data and info assets?

Yes No

Do you outsource any part of your network, including storage?

Yes, we use third party providers. No, all managed in house

Do you store sensitive information on web servers?

Yes No

Do you know of any loss payments, fines or penalties being made on your behalf?

Yes No

Are you aware of any matter which might give rise to a claim or loss under such insurance?

Yes No

Have you suffered any loss or claim but not limited to a regulatory, governmental or administrative action brought against you, or any investigation or information request concerning any handling of personal info?

Yes No

The applicant or any subsidiaries have any knowledge of any loss payments, fines or penalties being made on behalf of any applicant or any person proposed for coverage any cyber policy or similar insurance?

Yes No
Your quote request has been sent successfully, one of our brokers will contact you today! Close this notice.

Business Insurance Quote

Contact details:

Sections

Property & Contents

Yes, please quote No, thank you

Public & Products Liability

Yes, please quote No, thank you

Cyber Liability

Yes, please quote No, thank you

Theft & Money

Yes, please quote No, thank you

Computers & electronic equipment

Yes, please quote No, thank you

Business Interruption

Yes, please quote No, thank you

Machinery Breakdown

Yes, please quote No, thank you
Your quote request has been sent successfully, one of our brokers will contact you today! Close this notice.
12 months ago · by · 0 comments

Notifiable Data Breach Scheme & Cyber Insurance

Many professional groups and associations are beginning to advise their members of the upcoming regulation changes which are going to impact the way businesses approach data and security.

As of February 22 2018 the Privacy Amendment (Notifiable Data Breaches) Act 2017 will commence for Australian organisations. The amendment to the privacy act has been long overdue and will require organisations covered by the Australian Privacy Act 1988(Privacy Act) to notify any individuals likely to be at risk of serious harm by a data breach.

Data breach notification laws have been in the US since 2002 and have slowly been adopted by most states since inception. Europe has also passed the General Data Protection Regulation(GDPR) which was designed to harmonize data privacy laws across Europe. The updated regulation will be enforced from 25 May 2018 at which time organisations in non-compliance will face heavy fines.

 

What is a Notifiable Data Breach?

A Notifiable Data Breach is a data breach that is likely to result in serious harm to any of the individuals to whom the information relates.

An eligible data breach arises when the following three criteria are satisfied:

  1. there is unauthorised access to or unauthorised disclosure of personal information, or a loss of personal information, that an entity holds
  2. this is likely to result in serious harm to one or more individuals  and
  3. the entity has not been able to prevent the likely risk of serious harm with remedial action

Examples of a data breach include when:

  • a device containing customers’ personal information is lost or stolen
  • a database containing personal information is hacked
  • personal information is mistakenly provided to the wrong person.

Failure to notify could result in fines of $360,000 for individuals and $1.8 million for organisations according to the OAIC.

 

What is the Notifiable Data Breaches Scheme?

The NDB scheme requires organisations covered by the Australian Privacy Act 1988 (Privacy Act) to notify any individuals likely to be at risk of serious harm by a data breach. Failure to notify could result in fines of $360,000 for individuals and $1.8 million for organisations according to the OAIC.

Investigating whether a notifiable data breach has occurred involves deciding whether, from the perspective of a reasonable person, the data breach would be likely to result in serious harm to an individual whose personal information was part of the data breach. For the NDB scheme a ‘reasonable person’ means a person in the entity’s position (rather than the position of an individual whose personal information was part of the data breach or any other person), who is properly informed, based on information immediately available or following reasonable inquiries or an assessment of the data breach.

This notice must include recommendations about the steps that individuals should take in response to the data breach. The Australian Information Commissioner must also be notified. Organisations will need to be prepared to conduct quick assessments of suspected data breaches to determine if they are likely to result in serious harm.

Not all data breaches are notifiable — the NDB scheme only requires organisations to notify when there is a data breach that is likely to result in serious harm to any individual to whom the information relates. For example, if an entity acts quickly to remediate a data breach, and as a result of this action the data breach is not likely to result in serious harm, there is no requirement to notify any individuals or the OAIC. There are also exceptions to notifying in certain circumstances.

What happens if your IT services provider or other third party with access to your network suffers an attack or data breach which allows your data to be exposed?

The legislation says that if more than one entity holds the same personal records, a breach at one could constitute a breach at the other. However it also considers that both organisations have complied with their notifiable data breach scheme obligations if only one notifies. Organisations are also allowed to decide amongst themselves which will be responsible for the reporting.

For more information about assessing a suspected data breach, please visit the OAIC Assessing a breach page.

or

For more information about notifying individuals about a breach, please visit the OAIC notifying individuals page.

 

Cyber Insurance

How does cyber insurance fit into the upcoming notifiable data breach changes? Cyber insurance policies are designed to assist a business or organisation with incident mitigation following an attack or breach using various resources and financial compensation. The majority of cyber insurers provide 24/7 incident response hotlines to assist businesses as soon as the incident is discovered with specialist vendors available for  overall damage control.

Benefits of a cyber insurance policy include;

  • Access to the insurers response team
  • Assistance investigating and resolving data security
  • Privacy commissioner investigation costs
  • Cover for civil regulatory fines & penalties
  • The insurer can advise on the obligation to notify and draft the notification
  • Legal & public relations support
  • Customer notification and credit monitoring costs cover
  • Cover for impacts to profits & increased costs of working

 

Points to think about before 22 February 2018;

  • Review existing insurance policies for cyber exclusions and limits of cover
  • Arrange and test a business continuity plan which specifically addresses a cyber attack or breach
  • Draft a data breach notification plan
  • Review contract management and ensure that due diligence is done on contractors’ policies, particularly in the areas of IT security and personal information storage and collection
  • Only collect and store personal information if it is necessary
  • Test and ensure information security procedures for effectiveness

 

Contact Cyber Insurance Australia today for a free review of your existing insurance policies or to get a competitive quote.

 

Cyber Insurance Australia Logo

Subscribe and follow Cyber Insurance Australia on Linkedin & Facebook for regular updates and information.

More information and resources:

https://www.legislation.gov.au/Details/C2017A00012

https://www.oaic.gov.au/engage-with-us/consultations/notifiable-data-breaches/#what-is-the-notifiable-data-breaches-scheme

Other articles you might be interested in:

Choosing the right cyber insurance policy

How much does cyber insurance cost?

2nd quarter 2017 cyber crime results

Read more

Take care of your business

Insurance for
your business future

Call us today for specialist business insurance packages.

Company information

Naga Risk Solutions Pty Ltd T/as Cyber Insurance Australia ABN 59 378 032 992. CAR 1250594

Authorised Representative for National Advisor Services Pty Ltd t/as Community Broker Network (CBN) ABN 60 096 916 184 | AFSL 233750

Financial Services Guide (FSG), Privacy Policy & Complaints & Dispute Handling, Insurance Brokers Code of Practice (FSG)

Contact details

E-mail address:
contact@cyberinsuranceaustralia.com.au

1300 GOCYBER

1300 462 923

Available 8:30am - 5:00pm

PO Box 1677, Milton LPO
Milton
Brisbane, QLD 4064

Join our monthly newsletter for:

Enter your email and stay up to date,

Subscribe to our monthly newsletter!