What is cyber protection insurance?

Cyber protection insurance is an insurance offering designed to help protect your business from the financial impact of a data breach or computer hacking.

In February 2017, the Australian government established a mandatory nationwide data breach notification scheme under the Privacy Amendment (Notifiable Data Breaches) Bill 2016. It means if you become aware of a security breach that could result in unauthorised access or distribution of personal information, you are legally required to report it within 30 days. You are also required to notify those affected.

For businesses who have websites or electronic records – that is, most businesses – you need to be aware of cyber vulnerabilities. Attacks on cyber systems can threaten your intellectual property, customer information, and reputation of your business and leave you with significant financial repercussions.

The following scenarios are based on events that have occurred – consider the risk to your business if one of these were to happen to you, and weigh up whether you have adequate insurance in place.

Data Theft

Coverage triggers: Cyber Extortion, Incident Response Expenses, Data Asset Loss, Privacy Liability, Business Interruption, Recovery Costs
A law firm was the victim of a hacking attempt, and while the extent of the data acquired was unable to be determined, the hackers may have had access to client information, including one client’s acquisition target, patented technology, venture capital prospectus documents and a large number of class action client lists with sensitive personal information.

The firm hired a forensic technician who established that malware had been planted during the hacking, and subsequently, the firm received a call demanding $10 million to prevent the information being sold or otherwise distributed online.

More than $1 million was spent on the forensic investigation, negotiating the extortion attempt, ransom payments, client notification, credit monitoring and restoration services. Losses to the business totalled more than $500,000.

Total costs associated with the event: $1.5 million.

 

Intermediary stealing personal information leading to Negligence and Invasion of Privacy

Coverage triggers: Negligence and Invasion of Privacy, Incident Response Expenses, Data Asset Loss, Privacy Liability

A manufacturing business provided leasing services of copy machines over two years. Employees at the company the equipment was leased to made copies of private proprietary client information, including personally identifiable information such as pension account details, drivers licenses, and other personal documentation.

The machine was returned to the leasing company via an intermediary company. A rogue employee at the intermediary company accessed the machine’s data and was able to extract the personal information stored on the equipment.

The manufacturer of the equipment incurred $50,000 in expenses retaining a forensic investigator, alongside notification, identity monitoring, restoration services and independent counsel fees. It also incurred approximately $75,000 in legal defence costs.

Total costs associated with the event: $125,000

 

Lost Laptop

Coverage triggers: Incident Response Expenses, Data Asset Loss, Privacy Liability, Business Interruption, Recovery Costs, Regulatory Fines, Potential Payment Card Loss.

An executive for a telecommunications company had their laptop stolen from a vehicle. The laptop contained confidential customer and employee information, in addition to financial records. Despite encryption, the passwords used throughout the device were weak, and the information was compromised.

A cyber forensic expert and legal counsel were retained at the cost of $30,0000, and following advice, the company voluntarily notified relevant customers and employees. Additional monitoring and restoration services, a nation-wide regulatory investigation, as well as upgrades to encryption, cost the business $200,000. The business was additionally fined $100,000 for deviating from its privacy policy.

Total costs associated with the event: $330,000.

Published On: April 9th, 2021 / Categories: News /

Subscribe To Receive The Latest News

Get the latest industry news direct to your inbox

Thank you for your message. It has been sent.
There was an error trying to send your message. Please try again later.

Add notice about your Privacy Policy here.