What is Cyber Insurance, is it really that important?

Based on the many conversations with our clients and potential clients over the last few months it has become obvious that many don’t see the urgency or need for cyber insurance or simply don’t understand what it really is for.

With this in mind, we have decided to try and help you understand just what cyber insurance is and why it is so important.

By Craig Ford - Cyber Security Specialist

So let’s start at the beginning and outline a few statistics we have obtained to indicate the cybersecurity problem as it exists in Australia. Additionally we will outline what benefits cyber insurance can bring to your organisation, as well as offer our assistance in ensuring you can make an informed decision on what cyber insurance packages are best suited for your organisation.

The frequency of cyber attacks is increasing at a rapid rate and perpetrators are smarter and savvier than ever. Both Cadbury and TNT were brought to a halt in June from a ransomware infection.  TNT in particular appeared to be have been the most severely affected in Australia with their parent company FedEx providing an indicative loss of $374 million from the incident. It was also indicated that several systems as of September were still not restored and could be permanently lost. TNT also indicated that operations had to be manually handled during the several months following the recovery, with indication that several systems may never be restored.

In October it was found that personal information on some 5000 Australian public servants of the Department of Finance, the Australian Electoral Commission and National Disability Insurance Agency was publicly accessible because of a cloud services misconfiguration.

Additionally the personal information on almost 50,000 private sector employee’s had been insecurely stored on an Amazon cloud storage service (just one of several worldwide over the last few months) and was easily accessible by anyone! This breach was caused by a private contractor who works with both government agencies and the private sector.

This is just a small percentage amoung hundreds of breaches that would have occurred over the last year. The most recent being the highy publicised breach by Uber, although an American organisation;  they are very active in the Australian marketplace and it is almost guaranteed that a large percentage of the 57 million driver and customer data that had been stolen in this breach were Australian individuals.

The reality is that cybercrime is estimated to cost Australian businesses of all sizes around $4.5 billion dollars every year with evidence that this trend will only get worse as we become more and more reliant on data and our electronic devices for both personal and business use with everything interconnected via The Internet of Things. Organisations need to adapt as quickly as cyber attackers do and cyber insurance has a role to play in their overall risk mitigation strategies.

It’s great to ensure that your systems are as secure as they can be and you are prepared to respond to an incident quickly and effectively when it happens, but what about the monetary costs involved with a breach?

Man holding cyber insurance on a blue dashboard
cyber insurance

An example of the initial costs to a business from a security breach are:

  • Time lost to the organisation from staff not being able to do their job, to labour costs for IT/security specialists to come in and recover your systems.
  • Loss of income from not be able to access encrypted data for all outstanding invoices in which you don’t have a physical printed copy. Some organisations will still pay but you don’t know what they owe or if they have any outstanding invoices.
  • Cost for new equipment and tools/software required to remediate or prevent a secondary incident occurring (it is always more expensive to secure systems after a breach than before an incident occurs).

These are the basics outlined above that most people will be aware of but what about these costs:

  • Loss of revenue due to the damage to your organisation’s reputation.
  • Your organisation could be the target of a lawsuit because of a loss of sensitive data. This would mean you would have legal fees, possible compensation payouts.
  • The organisation could be fined for not meeting regulatory requirements if this is something your organisation must adhere to.

The list can go on but as you can see there many costs relating to a breach that are not always obvious thus bringing into focus the need to look at cyber insurance for our organisations.

What does cyber insurance cover?

Although policies will vary between insurers, a typical cyber insurance policy is designed to help you with both preventing breaches in the first place and dealing with them if and when they occur. Cyber insurance policies usually include the following:

  • The cost of restoring or recreating electronic data following a breach or leak
  • Forensic services to investigate a breach
  • PR coaching in the event a breach harms your business’s reputation
  • Assistance guarding against data breaches, hacking and employee error
  • Guidance on how to respond to a breach
  • Funds to cover the adverse financial effects related to a breach
  • Funds to cover any fines that might be payable following a breach

We are not an insurance broker however we understand and support the need for Cyber Insurance for our clients, so if you would like to discuss any of the the above we are happy to have a discussion with you, so reach out to our security team via email: cybersecurity@davichi.com.au or give us a  phone call on 07 3124 6059.

 

Need more information?

For more information, Click Contact Us, or call us on +61 7 3124 6059 and speak to a Davichi Representative Today!

Latest News

What is Penetration Testing?

What is Penetration Testing? Penetration testing is a security evaluation executed exactly as a real attacker would. System vulnerabilities are discovered and exploits are launched

Read More »

Lets Talk

Please fill in this form, and our sales team will get back to you as soon as possible.