As of 13th February 2017 the Federal Parliament passed amendments to the Privacy Bill which now makes it compulsory for businesses to notify authorities of data breaches. The legislation affects all private sector businesses (including not-for-profits) with a turnover greater than $3m.
Data breaches include;
Unauthorised access to personal information including but not limited to client residential address, personal contact details, credit card information or tax file numbers.
Improper or accidental disclosure of personal information.
Breach of third party data storage facilities or cloud based data storage.
A data breach must be reported to the Office of the Australian Information Commissioner as well as notifying the individual it effects. Whilst the notification to authorities may at first appear to be relatively straight forward, the costs associated with notifying your customer base can be quite high.
An independent study in 2016 found:
The average cost of a data breach for 2016 was $2,640,000
The average cost of a data breach notification was $142 per record
65% of Australian businesses experienced cybercrime in the last two years and 1 in 10 report losses over $1 million
Attackers target business with less than 250 employees, with 43% of all attacks targeted at small business in 2015, proving that companies of all sizes are at risk.
Consequence of failing to report a data breach can result in penalties of up to $1.8 million.
Cyber liability insurance is designed to protect your business from such a costly event. Our client, FD Beck & Sons are experts in all aspects of business insurances and they can tailor a cyber liability insurance policy to meet your needs. The insurance can also cover losses to your business, loss to others, cyber event response costs and cover for business interruption.
If your business has a turnover greater than $3,000,000 and you are liable to report data breaches, please go to www.cyberinsuranceonline.com.au or contact 03 9583 0778 further for details.