The Australian Cyber Security Centre's 2017 Threat Report (PDF) found that small businesses, in particular, were targeted by themed phishing emails. The evolving cyber threats facing companies demonstrate how easily a compromise can impact core functions and services.
From February 2018, companies have to comply with the Notifiable Data Breaches (NDB) scheme, which makes it mandatory for businesses to report data breaches to the Government and their customers if the data breach is likely to result in serious harm. The Office of the Australian Information Commissioner's latest statistics show that since 22 February 2018, the OAIC has received 305 notifications. Find out more.
Cyber security and your business
Any company which holds information has a risk exposure. This can be demonstrated by the claims examples detailed:
$2 million turnover
Background: The insured's server and client records were locked by ransomware software. The insured was only able to get the files released after paying a ransom of $50,000 to hackers.
Negotiated settlement: $150,000 paid for the loss of income, the ransom demand, consultants costs to advise on handling and negotiation of the ransom.
$10 million turnover
Background: The insured experienced three separate data breaches over a three-year period in which hackers gained access to the company's computer system. Over 250,000 individuals' credit card information and passport details were compromised.
Negotiated settlement: $1,750,000 paid for the forensic and legal costs in defending the investigation brought by the regulator and the cost of notifying the affected individuals, including providing credit monitoring services.
$18 million turnover
Background: The insured was targeted with a denial of service attack, which floods a targeted system with incoming web traffic until it is virtually crippled, in the last few days of a fundraising campaign. People were unable to make donations for a day while the website was being fixed.
Negotiated settlement: $1,500,000 paid for the lost donations and to rectify the damage to the insured's website.
This claims data was provided by Fenton Green.
Cyber liability insurance for members
CPA Australia’s preferred underwriter and broker, QBE Insurance (Australia) Ltd, and Fenton Green & co offer cyber liability insurance to transfer this liability and assist with claims management.
The policy is tailored specifically for CPA Australia members and is available as an optional extension to your professional indemnity insurance policy. Members not currently insured with QBE and Fenton Green can purchase this as a separate policy in its own right.
The cyber liability insurance extension includes coverage for:
- third party cyber liability
- first party hacker damage
- cyber extortion
- public relations costs.
The limit of liability being offered for cyber risks under this optional extension is $200,000 for any one claim and in the aggregate.
Terms and conditions
The products and services are underwritten and issued by QBE Insurance (Australia) Limited ABN 78 003 191 (AFSL 239545) (QBE) through its broker, Fenton Green Insurance Services Pty Ltd (Fenton Green). CPA Australia is solely a mere referrer of the products and services. CPA Australia makes no warranty as to the accuracy or completeness of any information contained on this webpage and/or fact sheet, nor does CPA Australia accept responsibility for any acts or omissions in reliance upon any such information. Before acting on such information, consider the appropriateness of the products and services that are promoted having regard to your objectives, financial situation and needs. Independent professional advice should be sought with respect to the product(s) and service(s) and any information referred to on the webpage and/or fact sheet. To the extent permitted by applicable law, CPA Australia, its employees, agents and consultants exclude all liability for any loss or damage claims and expenses including but not limited to legal costs, indirect special or consequential loss or damage (including but not limited to, negligence) arising out of or related to: (a) information contained on the Landing Pages; (b) Third Party Information; and/or (c) the products and services offered by any Partner. As a 'mere referrer', CPA Australia may receive revenue from QBE.