Everyone knows that home and car insurance are wise ideas - and executives know that various forms of business insurance are either good ideas or legal requirements. Yet, only 20% of Australian SMEs have extended that way of thinking to cyber data breach insurance.
To be fair, part of this may be because many people aren’t aware that data breach insurance exists. Those who are may not fully understand what the benefits are or what it covers. It’s reasonable that you may not want to invest in something that you don’t fully understand.
This article provides a brief introduction to data breach insurance in Australia. We’ll take a look at what it means, what it covers, and why it might be worth your consideration.
Data breach insurance specifically covers costs related to security breaches. This may include costs associated with data restoration, mandatory notification, and cyber extortion. The price of insurance will vary based on your provider and the level of risk.
| What Else Can You Be Doing to Safeguard Your Sensitive Data? |
Data breach insurance is focused on helping you cover the costs of a data breach if it happens. Comparatively, cyber liability insurance includes coverage for a wider range of cyber risks, not just data breaches. Cyber insurance does still help cover financial losses from data breaches, it just also covers other cyber incidents such as network damage or business interruptions.
Although cyber insurance is one broad policy, you can select different levels of coverage including data breach insurance.
Many experts advise choosing the broader cyber liability insurance over data breach insurance. This is simply because of the breadth of risks it covers. Still, there are some situations where data breach insurance is enough.
Examples of this situation include low-tech businesses that don’t heavily rely on complex digital systems or if your existing business insurance can cover those other risks.
| “In the digital age, guarding your business from cyber threats is as vital as locking the doors at night.” - Katherine Spanner, CEO, Sensible Business Solutions |
A cyber attack can cost a lot of money if it results in a breach. In Australia, the average cost is $3.35 million per breach and this is set to increase. Much of this has to do with the government’s response to the Optus breach, which is leading to stricter data privacy laws.
On that note, Australia’s data privacy laws give individuals affected by data breaches the right to seek compensation from the company who was responsible for their breached personal information. That’s a possible added cost on top of everything else that comes with a security incident. This is also on top of regulatory fines that may occur if you must follow compliance.
There’s no promise that your data breach insurance will cover litigation costs. However, if they don’t, they’ll still cover other areas related to the incident. This helps decrease the overall cost of the breach significantly.
Of course, it’s best to do what you can to stop breaches from happening in the first place. Data breach coverage is simply a back-up to help you stay financially afloat in the worst case scenario. Getting car insurance doesn’t give you an excuse to drive recklessly, nor does breach insurance give you room to skimp on cybersecurity.
| Get Your IT Needs Covered With a Sensible Solution |
Like any insurance policy, you need to qualify to get it. Bear in mind that the specifics of qualifying for data breach insurance can vary widely based on the individual insurance provider's risk assessment practices and underwriting criteria. Still, here is a general checklist that you can use to see if you might be eligible.
| Adherence to Australian Privacy Principles (APPs) | ||
| Requirement | Check? | Notes |
| Evidence of compliance with APPs |
|
|
| Documentation of privacy policy and procedures |
|
|
| Incident Response Plan | ||
| Requirement | Check? | Notes |
| Existence of a well-documented incident response plan |
|
|
| Regular updates to the plan |
|
|
| Alignment with the Notifiable Data Breaches (NDB) scheme requirements |
|
|
| Risk Management Procedures | ||
| Requirement | Check? | Notes |
| Documentation and implementation of robust risk management procedures |
|
|
| Use of secure technology measures like firewalls and encryption |
|
|
| Employee Training | ||
| Requirement | Check? | Notes |
| Regular cybersecurity and privacy training for staff |
|
|
| Evidence of a broader culture of privacy and security within the organisation |
|
|
| History of Data Breaches | ||
| Requirement | Check? | Notes |
| Record of previous data breaches |
|
|
| Documentation of response and mitigation measures taken in past breaches |
|
|
| Third-Party Risks | ||
| Requirement | Check? | Notes |
| Assessment of risks associated with third-party data sharing |
|
|
| Review of third-party software or hardware security measures |
|
|
If you’re interested in getting insurance, but looked at that checklist and thought you might not qualify, all hope is not lost. With the right IT consultants, you can cover your bases and increase your eligibility.
Sensible Business Solutions is a managed services provider and trusted IT consultant. We have helped many Australian business owners enhance their cybersecurity and decrease their breach risks. Our team will protect your business from security risks, and be there to help if anything does happen.
Reach out today to learn more about what we can do.
