Story image

Cyber insurance may have big part in Australia's future if data breach lawsuits gain ground

30 Apr 18

Could your organisation effectively navigate a class-action lawsuit in the event of a data breach? That may now be a reality under Australia’s mandatory notifiable data breach (NDB) legislation that is now in effect, according to Austbrokers.

The firm says that there is more attention than ever on the impact data breaches have on organisations and individuals. Breaches may lead to increased costs, reputational damage, loss of customers, and even a class-action lawsuit.

Austbrokers divisional chief executive Nigel Thomas says the United States is already facing class-action lawsuits as a result of data breaches, and it may only be a matter of time before Australian courts start seeing a similar pattern.

The NDB legislation is designed to protect individual’s personal information and minimise harm to people who have their personal information involved in a data breach such as unauthorised access or data theft. The NDB legislation definition of ‘serious harm’ to an individual not only includes financial loss but provides for emotional distress and reputational damage. 

“Organisations that fail to keep data secure and don’t take the prescribed steps under the NDB legislation can be fined up to $2.1 million before an affected individual even considers taking legal action. The civil penalties could end up costing the business much more,” comments Thomas.

Organisations now have to report such eligible data breaches to the Office of the Australian Information Commissioner (OAIC) and the individuals whose information is involved in the breach.

As a result, people will have more information about what’s happened to their personal information, potentially giving them ammunition to take legal action against companies that haven’t done enough to keep their information private and secure. 

“While most businesses have cybersecurity measures in place to mitigate the risk of a breach, the increasing sophistication and determination of cybercriminals mean it’s not possible to guarantee that a breach won’t occur. It’s therefore essential, like any business risk, to mitigate it with the right risk management and insurance,” Thomas says.

According to the ASX, cyber insurance is a growing market in Australia. 80% of ASX-surveyed companies expect an increase in cyber risk over the next year.

Firms that buy cyber insurance are ‘well ahead of the curve’ in mitigating business risk, Austbrokers says. 54% of surveyed ASX companies either have a cyber insurance policy or plan to implement one in the next 12 months.

“Rejecting cyber insurance is as risky as refusing to insure business premises against fire. Businesses hope they won’t have to deal with a data breach such as a cyberattack and smart organisations will take all possible steps to prevent a successful attack. However, if the worst-case scenario happens, the right cyber insurance policy can help businesses recoup the losses associated with the fallout of an attack, including legal action,” Thomas adds.

“While cyber insurance is in its relative infancy in Australia at the moment, it won’t be long before it’s considered as essential as any other business insurance. Businesses need to make sure they’re covered so they can operate with confidence,” he concludes.

How to stay safe when shopping online
Online shopping is a great way to avoid the crowds – but there are risks.
Dell EMC embeds security in latest servers
Dell EMC's 14th generation of PowerEdge servers has comprehensive management tools to provide security across hardware and firmware.
Why data backups should be a part of daily operations
"Disaster recovery needs to address complete system failure and provide a set of security policies to govern disaster incidents."
Businesses focusing on threats from within - survey
Over 50% of respondents reported that 100 days of dwell time or more was representative of their organisation.
Corelight and Exabeam partner to improve network monitoring
The combination of lateral movement and siloed usage of point security products leaves many security teams vulnerable to compromise.
SailPoint releases first identity annual report
SailPoint’s research found that many organisations are lacking maturity in their governance processes over identities.
Disruption in the supply chain: Why IT resilience is a collective responsibility
"A truly resilient organisation will invest in building strong relationships while the sun shines so they can draw on goodwill when it rains."
Businesses too slow on attack detection – CrowdStrike
The 2018 CrowdStrike Services Cyber Intrusion Casebook reveals IR strategies, lessons learned, and trends derived from more than 200 cases.