sb-au logo
Story image

Cyber insurance may have big part in Australia's future if data breach lawsuits gain ground

30 Apr 2018

Could your organisation effectively navigate a class-action lawsuit in the event of a data breach? That may now be a reality under Australia’s mandatory notifiable data breach (NDB) legislation that is now in effect, according to Austbrokers.

The firm says that there is more attention than ever on the impact data breaches have on organisations and individuals. Breaches may lead to increased costs, reputational damage, loss of customers, and even a class-action lawsuit.

Austbrokers divisional chief executive Nigel Thomas says the United States is already facing class-action lawsuits as a result of data breaches, and it may only be a matter of time before Australian courts start seeing a similar pattern.

The NDB legislation is designed to protect individual’s personal information and minimise harm to people who have their personal information involved in a data breach such as unauthorised access or data theft. The NDB legislation definition of ‘serious harm’ to an individual not only includes financial loss but provides for emotional distress and reputational damage. 

“Organisations that fail to keep data secure and don’t take the prescribed steps under the NDB legislation can be fined up to $2.1 million before an affected individual even considers taking legal action. The civil penalties could end up costing the business much more,” comments Thomas. Organisations now have to report such eligible data breaches to the Office of the Australian Information Commissioner (OAIC) and the individuals whose information is involved in the breach.

As a result, people will have more information about what’s happened to their personal information, potentially giving them ammunition to take legal action against companies that haven’t done enough to keep their information private and secure. 

“While most businesses have cybersecurity measures in place to mitigate the risk of a breach, the increasing sophistication and determination of cybercriminals mean it’s not possible to guarantee that a breach won’t occur. It’s therefore essential, like any business risk, to mitigate it with the right risk management and insurance,” Thomas says.

According to the ASX, cyber insurance is a growing market in Australia. 80% of ASX-surveyed companies expect an increase in cyber risk over the next year.

Firms that buy cyber insurance are ‘well ahead of the curve’ in mitigating business risk, Austbrokers says. 54% of surveyed ASX companies either have a cyber insurance policy or plan to implement one in the next 12 months.

“Rejecting cyber insurance is as risky as refusing to insure business premises against fire. Businesses hope they won’t have to deal with a data breach such as a cyberattack and smart organisations will take all possible steps to prevent a successful attack. However, if the worst-case scenario happens, the right cyber insurance policy can help businesses recoup the losses associated with the fallout of an attack, including legal action,” Thomas adds. “While cyber insurance is in its relative infancy in Australia at the moment, it won’t be long before it’s considered as essential as any other business insurance. Businesses need to make sure they’re covered so they can operate with confidence,” he concludes.

Story image
Proofpoint and CyberArk extend partnership to further safeguard high-risk users
“Our CyberArk partnership extension provides security teams with increased detection and enhanced adaptive controls to help prevent today’s most severe threats."More
Download image
74% of APAC IT leaders say security culture is essential to business success
You can join these leaders in designing security awareness and training with your employees in mind.More
Story image
Global attack volume down, but fraud and cyber threats still going strong
“The move to digital, for both businesses and consumers, has been significant. Yet with this change comes opportunity for exploitation. Fraudsters look for easy targets: whether government support packages, new lines of credit or media companies with fewer barriers to entry."More
Story image
Jamf extends Microsoft collaboration with iOS Device Compliance
Organisations will soon be able to use Jamf for Apple ecosystem management while using Azure Active Directory and Microsoft Endpoint manager to maintain conditional access.More
Story image
Malware and email scams targeting employees spread rapidly in Q2
"Businesses must stay alert and should employ defense-in-depth tactics and equip themselves with multilayered security mechanisms, including high-sensor spam filters and a VPN connection, which would prevent malicious pages from opening."More
Story image
The SASE triangle: How a CASB protects managed apps
Enterprises that fail to adapt to the modern business world when it comes to security are likely to fall prey to data breaches and experience a host of other problems, writes Bitglass product marketing manager Will Houcheime.More