Cyber security breaches were big news in 2015. It seemed barely a day went by where the media wasn’t reporting yet another major hack somewhere in the world.
According to US-based Privacy Rights Clearinghouse, there were more than 120 million personal records breached globally in just the first eight months of 2015. This was up from 70 million for the full year of 2014. And all indications point to a further increase in 2016. These figures underline that the risk of falling victim to a cyber security breach is very real and one that needs to be taken seriously.
Protecting consumers from the potential consequences of cyber security breaches is now being addressed by the Federal Government. Every business keeps some level of personal information about their clients and customers. Being the victim of a hack and having this information stolen or published can have serious ramifications. So it seems surprising that currently there’s no legal obligation on business owners to notify a person if their personal information has been compromised.
That’s all set to change. The draft Privacy Amendment (Notification of Serious Data Breaches) Bill 2015 will require notifications to be sent to individuals whose personal information may have been exposed due to a data breach.
Under the proposed new laws companies will have 30 days to conduct an assessment, including IT forensics, as to whether a serious data breach has occurred. If a notification is required, then a detailed notice must be sent to the affected individuals. In general, any company that has an annual turnover of more than $3 million will be subject to the notification scheme. Assuming the Bill passes, companies will have 12 months from enactment to get ready. And they’ll need every moment of that 12 months to prepare. You can find out more about the Bill on the Attorney-General’s website.
Whether or not your business is captured by the proposed new laws, don’t make the mistake of thinking a cyber security breach won’t happen to you. The impact of a hack can be crippling for your business. Here are some things you should consider:
- Ensure you have a well-tested data breach response plan in place, so your business can respond quickly.
- Put a formal data security policy in place outlining your business’s approach to data security and make sure all employees understand the policy.
- Adopt best practice data security measures – software, passwords, encryption, firewalls etc – and make sure they are tested and updated regularly.
- Have cyber insurance. The losses from a cyber attack can be significant (including costs associated with the proposed new notification regime) and cyber insurance can help to mitigate the risk.
The draft Bill is a wake-up call for business to take the threat of cyber security breaches seriously. Take steps now to defend against cyber attacks so you are prepared to respond if such a breach occurs.
Having adequate cyber insurance in place should be part of your business strategy to mitigate the risk of cyber crime. At Emjay Insurance Brokers, we have a deep understanding of the cyber risks your business may face and access to the leading cyber insurance policies on the market. Contact us today to discuss your needs on (02) 9796 0400.