Story image

Cyber insurance may have big part in Australia's future if data breach lawsuits gain ground

30 Apr 2018

Could your organisation effectively navigate a class-action lawsuit in the event of a data breach? That may now be a reality under Australia’s mandatory notifiable data breach (NDB) legislation that is now in effect, according to Austbrokers.

The firm says that there is more attention than ever on the impact data breaches have on organisations and individuals. Breaches may lead to increased costs, reputational damage, loss of customers, and even a class-action lawsuit.

Austbrokers divisional chief executive Nigel Thomas says the United States is already facing class-action lawsuits as a result of data breaches, and it may only be a matter of time before Australian courts start seeing a similar pattern.

The NDB legislation is designed to protect individual’s personal information and minimise harm to people who have their personal information involved in a data breach such as unauthorised access or data theft. The NDB legislation definition of ‘serious harm’ to an individual not only includes financial loss but provides for emotional distress and reputational damage. 

“Organisations that fail to keep data secure and don’t take the prescribed steps under the NDB legislation can be fined up to $2.1 million before an affected individual even considers taking legal action. The civil penalties could end up costing the business much more,” comments Thomas.

Organisations now have to report such eligible data breaches to the Office of the Australian Information Commissioner (OAIC) and the individuals whose information is involved in the breach.

As a result, people will have more information about what’s happened to their personal information, potentially giving them ammunition to take legal action against companies that haven’t done enough to keep their information private and secure. 

“While most businesses have cybersecurity measures in place to mitigate the risk of a breach, the increasing sophistication and determination of cybercriminals mean it’s not possible to guarantee that a breach won’t occur. It’s therefore essential, like any business risk, to mitigate it with the right risk management and insurance,” Thomas says.

According to the ASX, cyber insurance is a growing market in Australia. 80% of ASX-surveyed companies expect an increase in cyber risk over the next year.

Firms that buy cyber insurance are ‘well ahead of the curve’ in mitigating business risk, Austbrokers says. 54% of surveyed ASX companies either have a cyber insurance policy or plan to implement one in the next 12 months.

“Rejecting cyber insurance is as risky as refusing to insure business premises against fire. Businesses hope they won’t have to deal with a data breach such as a cyberattack and smart organisations will take all possible steps to prevent a successful attack. However, if the worst-case scenario happens, the right cyber insurance policy can help businesses recoup the losses associated with the fallout of an attack, including legal action,” Thomas adds.

“While cyber insurance is in its relative infancy in Australia at the moment, it won’t be long before it’s considered as essential as any other business insurance. Businesses need to make sure they’re covered so they can operate with confidence,” he concludes.

Automation beginning to impact Aussie workforce
18% of those surveyed said automation has already impacted their job ‘significantly’, with their duties changing or their role becoming redundant.
OVH launches public cloud down under
OVH Public Cloud services is expanding to Australia out of two data centres - one in Sydney and one in Singapore.
Acer’s new programme and portal for partners
A simple and manageable programme designed to incentivise, recognise and reward commercial partner achievements.
Interview: Culture and cloud - the battle for cybersecurity
ESET CTO Juraj Malcho talks about the importance of culture in a cybersecurity strategy and the challenges and benefits of a world in the cloud.
In ongoing cloud war, Google to acquire data migration specialist
Google is currently behind AWS and Microsoft in the cloud battle, and it would seem this play is an attempt to claw some ground back.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Why Aussie companies are struggling with data
The top culprits in poor data quality in Oz are human error, different data sources, lack of comms, inadequate strategy, and too much information.