How to stay connected on cyber insurance
Australian businesses will need to ensure strict data management and cyber security measures are in place or risk facing compliance, financial and reputational ramifications under new mandatory reporting legislation.
The new rules are set to transform Australia’s business landscape and take the issues of cyber security from the IT department to the boardroom.
What does mandatory data breach reporting mean for business?
The new legislation requires mandatory reporting of any data breaches to both the privacy regulator as well as affected customers. It will apply to all businesses with a turnover of more than $3 million, health service providers, credit reporting bodies, credit providers and tax file number recipients.
QBE cyber insurance expert Ben Richardson said the new legislation emphasises the need for data management and cyber security practices to be escalated and reviewed within a company’s overall risk management framework to ensure that they are fit for purpose.
Cyber security breaches are escalating
Cyber security breaches in Australia are on the rise, according to the latest data. Fifty-nine per cent of organisations in Australia detected a business interruption cyber security breach on at least a monthly basis, according to the Telstra Cyber Security Report 2017. This was more than twice as often as in 2015.
“We’re starting to see criminals move away from attacking larger organisations who present more complex defence mechanisms and instead target SMEs who are often unable to invest in high levels of IT security or risk management and are more susceptible to automated, lower cost threats, such as phishing and ransomware,” Richardson said.
The wide-ranging consequences of a data breach would undoubtedly put cyber insurance on the radar for businesses of all sizes.
Richardson said cyber insurance in Australia is still a relatively new product, but the introduction of mandatory notification brings Australia into line with the more established US market and is expected to lead to a maturing cyber insurance market.