The Australian Cyber Security Centre's 2017 Threat Report (PDF) found that small businesses, in particular, were targeted by themed phishing emails. The evolving cyber threats facing companies demonstrate how easily a compromise can impact core functions and services. 

From February 2018, companies have to comply with the Notifiable Data Breaches (NDB) scheme, which makes it mandatory for businesses to report data breaches to the Government and their customers if the data breach is likely to result in data being misused. The Office of the Australian Information Commissioner's latest statistics show that since 22 February 2018, the OAIC has received 305 notifications. Find out more.

Accountants are a highly targeted profession due to the sensitive data often kept on file, such as tax file numbers.

Cyber security and your business

Exposure risks

Any company which holds information has a risk exposure. This can be demonstrated by the claims examples detailed:

Law firm



$2 million turnover

8 employees

Background: The insured's server and client records were locked by ransomware software. The insured was only able to get the files released after paying a ransom of $50,000 to hackers.

Negotiated settlement: $150,000 paid for the loss of income, the ransom demand, consultants costs to advise on handling and negotiation of the ransom.
Bookkeeper



$200,000 turnover

5 employees

Background: After a public holiday, a bookkeeper experienced a cryptolock virus on their computer. This was subject to ransom of $25,000 to have their files restored. Due to the sophistication of the hackers, the insurer paid the ransom to have their files restored. The insured was unable to trade for five days which resulted in a loss of income.

Negotiated settlement: $120,000 paid for the legal fees, IT service fees to replace the system and the business interruption costs for loss of income to the business.
Charity



$18 million turnover

80 employees
Background: The insured was targeted with a denial of service attack, which floods a targeted system with incoming web traffic until it is virtually crippled, in the last few days of a fundraising campaign. People were unable to make donations for a day while the website was being fixed.

Negotiated settlement: $1,500,000 paid for the lost donations and to rectify the damage to the insured's website.

This claims data was provided by Fenton Green. 

Cyber liability insurance for members

CPA Australia’s preferred underwriter and broker, QBE Insurance (Australia) Ltd, and Fenton Green & co offer cyber liability insurance to transfer this liability and assist with claims management.

The policy is tailored specifically for CPA Australia members and is available as an optional extension to your professional indemnity insurance policy. Members not currently insured with QBE and Fenton Green can purchase this as a separate policy in its own right.

The cyber liability insurance extension includes coverage for:

  • third party cyber liability
  • first party hacker damage
  • cyber extortion
  • public relations expenses
  • business interruption
  • data breach notification costs.

The limit of liability being offered for cyber risks under this optional extension is $200,000 for any one claim and in the aggregate.

Contact

CPA Australia
publicpractice@cpaaustralia.com.au

Fenton Green
cpa@fentongreen.com.au 

Terms and conditions

The products and services are underwritten and issued by QBE Insurance (Australia) Limited ABN 78 003 191 035 (AFSL 239545) (QBE) through its broker, Fenton Green Insurance Services Pty Ltd (Fenton Green). CPA Australia is solely a mere referrer of the products and services. CPA Australia makes no warranty as to the accuracy or completeness of any information contained on this webpage and/or fact sheet, nor does CPA Australia accept responsibility for any acts or omissions in reliance upon any such information. Before acting on such information, consider the appropriateness of the products and services that are promoted having regard to your objectives, financial situation and needs. Independent professional advice should be sought with respect to the product(s) and service(s) and any information referred to on the webpage and/or fact sheet. To the extent permitted by applicable law, CPA Australia, its employees, agents and consultants exclude all liability for any loss or damage claims and expenses including but not limited to legal costs, indirect special or consequential loss or damage (including but not limited to, negligence) arising out of or related to: (a) information contained on the Landing Pages; (b) Third Party Information; and/or (c) the products and services offered by any Partner. As a 'mere referrer', CPA Australia may receive revenue from QBE.