A major data breach can destroy a business. In Australia, the uptake of cyber insurance is relatively low (compared with the US). Many Australian businesses are either uninsured or underinsured. In this article, we examine the ins and outs of cyber insurance in Australia.
What is cyber insurance?
Cyber insurance is designed to protect policy holders from Internet risks. Such as data breaches and cyber-attacks. It is also called cyber protection insurance. It is available as a standalone product or as part of an insurance package.
Which companies in Australia provide cover?
Cyber Insurance Cover is provided by a number of leading insurance companies and underwriters. For example, AIG, Allianz, CGU, Chubb, QBE and Zurich. Many of these companies sell their products through insurance brokers and advisor networks.
What does a cyber insurance policy cover?
Policies can vary considerably. Therefore, when seeking cyber insurance it’s important to specify the cyber risks you’re seeking to mitigate. Ideally, you want a policy that covers your business for a wide range of risk scenarios and potential liabilities.
A “comprehensive” policy might cover the following:
- Investigation, remediation and recovery. For example, the cost of identifying and fixing the IT problem that led to the data breach.
- Notification. The could include the cost of notifying people and parties affected by the data breach.
- Business interruption. For example the loss of revenue suffered by the business.
- Theft of money. Such as, The unauthorised transfer of electronic funds.
- Financial penalties. The Office of the Australian Information Commissioner (OAIC) can impose penalties of up to $1.8 million for non-compliance with the Notifiable Data Breaches (NDB) scheme.*
* Applies to enterprises with an annual turnover of $3 million or more.
- Legal costs. For example, the cost of legal representation to defend court actions from aggrieved third parties.
- Brand protection. For example, the cost of a PR agency to handle negative publicity.
- Extortion. Such as, the cost of a ransom to unlock valuable files and sensitive data.
- Employee error. This could include the financial consequences of phishing emails and accidental disclosure of confidential data.
Does professional indemnity insurance cover cyber incidents?
Professional indemnity insurance doesn’t usually cover cyber incidents. However, some businesses may have an insurance package that provides both professional indemnity and cyber insurance cover.
Is it expensive?
Cyber Insurance Cover is relatively inexpensive when compared with the cost of a major data breach. However, large businesses seeking comprehensive cover in high-risk industries can expect to pay sizable premiums. For example, health, finance, education and retail.
Is it worth it?
Cyber insurance is becoming essential for businesses that handle large volumes of data. For example health, finance and education. As well as those who online payments. Such as, retail and finance. Given the high cost of data breaches (AUD 2.13 million*), it’s fair to say that it is worth the investment. However, it’s imperative to read any policy documents carefully, as exclusions may apply.
* 2019 Cost of a Data Breach Study (research conducted by Ponemon Institute LLC and sponsored by IBM Security).
Ideally, any business that procures cyber insurance should be committed to ongoing IT security audits (to ensure policy compliance) and staff security awareness training.
A final word
With cyber-attacks on the rise, along with regular IT security audits, more businesses need to consider cyber insurance.
At DC Encompass, we assist businesses to secure their IT systems and data, protecting brand and profitability in the process. We also assist in the design and implementation of cost-effective cyber security awareness training programs. For further information, please contact us today.
Disclaimer: This article is for general information purposes only. If you’re considering cyber insurance, you must consult an independent, licensed insurance professional for advice. DC Encompass cannot be held liable (in any form) if you act on the general information in this article.