From Thursday 22 February, Australia’s Notifiable Data Breaches (NDB) scheme comes into force. The scheme requires notification of unauthorised access to, disclosure of, or loss of information likely to result in serious harm.
The NDB scheme means you cannot keep silent on data breaches and hope for the best. From 22 February 2018, breaches must be reported to both the Office of the Australian Information Commissioner and people affected.
A wide range of entities are at risk and the statistics are horrifying. For example:
• 63% of confirmed data breaches involved leveraging weak, stolen or default passwords and usernames
• 22% of small businesses breached by ransomware attacks in 2017 were so badly affected they could not continue operating
• 41% of people surveyed globally could not identify a phishing email
• 30% of phishing emails were opened and 12% clicked on infected links or attachments.
The number of Australian businesses using commercial cloud computing services has risen from 19% to almost one third in just one year and just because your data is in the cloud, it doesn’t mean it is protected.
Lax security is frequently to blame for breaches. We suggest you review your arrangements with cloud and other third-party service providers and, where possible, encrypt sensitive information before disclosing it to third parties.
Claims experience at Cyber specialist Emergence Insurance shows that:
• Multiple backups are a must
• Whether or not the NDB scheme is triggered in a ransomware attack, the impact on the business and reputational damage can be substantial
• Encryption can effectively protect data.
You are only as safe as your weakest link.
Cyber Insurance is not the first line of defence; it is designed to protect a business when its IT security, policies and procedures fail to stop an attack.
A Cyber Insurance policy should be part of every successful business’s risk management framework. A good Cyber product includes instant access to an incident response team of experts who understand the importance of immediately mitigating potential threats to insureds’ businesses.
A Cyber Insurance Policy like that of Emergence gives businesses financial support and incident response expertise to recover from adverse events, including ransomware attacks, point-of-sale intrusions, denial-of-service attacks and cyber espionage.
Contact your Account Manager now to discuss how a Cyber Insurance policy will work for you.