Public Relations After Cyber Attack

Public Relations After Cyber Attack / Data Breach Incident

Cyber attacks and data breaches are now ranked as the top threat to a business’s reputation, along with environmental incidents. According to the Reputation Institute, a “reputation” is the emotional connection stakeholders have with a company. By bringing to light negligence within the company, a data breach/cyber-attack can break the emotional connection between the company and its stakeholders. Poor publicity and negative perceptions follow, spurred on by ever-active social media campaigns, text messages, and other forms of instant communication made possible by technological advances. The double-edged sword of the internet strikes; harmful information can spread in an instant. Unfortunately, a loss of customers and fall in share price often leads to financial loss for the business.

A Ponemon Insitute study—The Aftermath of a Mega Data Breach: Consumer Sentiment found that 29% of existing customers would discontinue relationship with the company after a data breach.

Building Trust with Customers after a Data Breach/Cyber Attack

How a company responds to the event, along with how quickly and skillfully it communicates with those affected by the incident, can greatly affect its success in retaining customers. Most companies spend large quantities of time debating on whether to go public about the cyber-attack/data breach. By doing so, they waste valuable time during which customer identities may on sale on the black market. Catch of the Day, Australia’s online department store, took 38 months to report a data breach that happened in 2011—a staggeringly long span of time during which much harm was likely done.

      Communication after Cyber Attack/ Data Breach

Notification Letters
Mandatory notification law does not exist in Australia. However, OAIC guidelines do stipulate notification to affected clients after a data breach. For data breach notification letters, companies must provide true facts. Consumers seek an honest answer from the company about the data breach and also expect directions on how best to protect their personal information. Consumers are likely to be most fearful about their stolen identifies and possible financial losses, and are at the highest danger of losing trust in the company at this stage. Receiving a personal letter from the business can go a long way in creating or maintaining trust—investing time in the customers will grant them a sense that they are being cared for and protected.
Other stakeholders, such as investors, are more likely to be concerned with how news of the breach could affect the stock price and the valuation of the company; in this time, it is important for them to learn about acts of restoration and recovery being performed by the business.

Social Media
Communication media for reaching out stakeholders need to be evaluated. Twitter & Facebook provide an interactive option to post messages and for customers to vent their fears, giving companies the opportunity to respond and reassure the troubled public.

Website
Businesses must post the right message on their website as soon as possible, as it serves as the most trusted source of information. Customers are most likely to go to a company website to check out the true version about the cyber attack/ data breach. By quickly informing the public, businesses can minimize the rumors and speculations sure to spread.
According to the Ponemon Study, a vast majority of respondents found details about data breaches in the media useful for understanding the extent of data compromised and taking actions to protect their personal information from identity theft.

      Cost of Crisis Management

Restoring reputation involves an expensive, lengthy process and may never be fully complete. A cyber-attack/data breach places the burden of extra cost on the business. Companies may need to hire Public Relations firms to work out crisis management strategies. A PR firm with experience in managing crisis communications and damage control can help in rebuilding credibility for the company and its brand—a crucial element for business hoping to recover.
Cyber liability/data breach insurance offers a comprehensive risk management solution for assisting in cyber-attack and/or data breach crisis management. Coverages such as the following (depending on the specific policies and endorsements) are included:

Crisis management and customer notification expenses: Emailing/ posting letters, telephone calling with a personalized message for each individual affected by cyber attack/ data breach explaining the data breach. Target, after its cyber attack incident in December 2013, sent an e-mail from CEO Gregg Steinhafel explaining the breach, apologizing, and offering free credit monitoring services to all customers whose data was stolen.

According to a study by Ponemon Institute in 2012, the average notification expense for a company in Australia was USD 219,986. Companies with insurance could have this cost alleviated.

Credit/identity theft monitoring cost: Cyber liability/data breach insurance helps in monitoring of credit card usage, credit card numbers, reissue of credit cards help in post breach personal identity protection. It also serves as a good PR tactic as companies admit to the breach and promise to work with their customers to mitigate all possible harm.

Public relations consultant fees: Hiring of PR consultants to offset reputation loss and re-establish trust of customers may include paying PR consultants. Cyber liability/data breach insurance coverage includes PR consultants fees under PR expenses.
In managing the crisis after a cyber-attack/data breach, a business must communicate not only with its customers, but also with the shareholders employees, regulators, and the community. Corporate boards are increasingly viewing cyber attacks as a risk. The Social & Reputational Capital of a business is dependent upon trust, communication & relationships. PR firms may find cyber attacks/data breach incidents as an opportunity to provide a benefit to the world of business and the society.

As can be seen, cyber-attacks and data breaches are far from simple issues. However, with effective and timely communication and the help of Public Relations professionals, companies can restore and rebuild their reputations. As always, preparation is exceedingly helpful. Knowing the proper steps and measures discussed here before a crisis strikes could be the difference between a serious blow to your company or a minor bruise. Choose the latter.

Disclaimer:.
“The information provided is general advice only and does not take account of your personal circumstances or needs. Please refer to our financial services guide which contains details of our services and how we are remunerated.”
______________________________________________________________________________________
A cyber attack can cripple a business of any size. By planning in advance and purchasing a cyber insurance policy, businesses can minimize their risks, costs, and the impact of a cyber attack on their reputation and brand.
To learn how a Cyber/Data Breach Insurance policy can help you be prepared for a cyber attack, network security, or data breach event, please complete the box below. Or call Cyber Data-Risk Managers Pty Ltd 02 8987 1913.

What Is Your Business’ Cyber Risk?

Cyber Risk is increasing for businesses. Businesses using the Internet for making transactions and conducting activities have never been more vulnerable. Mark Dreyfus – Attorney General of Austral summarize the cyber risk faced by businesses in the digital age in 2012 as:

____________________________________________

 Australia’s way of life is now integrally linked with the Internet. The Internet provides a global means of communication and interaction that underpins much of our lives – for government, business and individuals.But while the Internet offers a huge range of opportunities, it also brings risks associated with criminal and malicious activity that seeks to exploit those who use it. In particular, the activities and transactions conducted by business online require diligence to ensure that Australians maximize the opportunities offered by the digital economy

                       Mark Dreyfus -Attorney General of Australia      
        Cyber Crime & Security Survey Report 2012 CERT Australia

                                             __________________________________________________

 

To understand your business’ cyber risk, ask yourself these questions:

  • Does your company have a network connected to the internet or a website?
  • Does your business make use of mobile devices like laptops or mobile media to transport/store data including email communications?
  • Do you collect and store customer information through a CRM system?
  • Do you carry on trading through an e-commerce store?
  • Do you hold files with personal information of your employees?

With most business operations being conducted over the Internet, cyber risk exposures are increasing. What are your business’ first-party risk exposures and the third-party liability exposures? What kind of loss, expenses or fines could you possibly incur in the digital world?

 

First- Party Cyber Liability Exposure

1: Loss or damage to digital assets such as data or software programs (code), resulting in expense/loss/cost incurred in restoring, updating, re-creating or replacing those digital assets to the same condition they were prior to the loss or damage.

Example:
Over 100 Australian websites were hacked in 2013 resulting in damage to digital assets (websites). Businesses that suffered such loss included schools, community groups and a dry cleaning business. SMBs are prone to higher cyber risk.

 

2: Business interruption from unplanned network downtime is a major cyber risk causing interruption of service or failure of the network, resulting in loss of income/ cost of operations and/or extra cost having to be incurred in minimising loss plus forensic investigation for the network failure can hurt businesses.

Example:
In 2013, Nasdaq stock exchange suffered a three hour network shutdown– the reason was strain on the system for transmitting huge data/ high volume securities trading resulting in disruption of operations. Fewer shares traded on the stock exchange that day resulting in a loss for traders.
  

3. Cyber extortion risk– attempt to extort money by threatening to damage or restrict or deny service of the network/ or access to online store, threat of release of data obtained from the network and/or attempt to communicate with the customers using social engineering tools to get hold of personal information resulting in loss of revenue/ cost of ransom paid.

Example:
Australian Retailer Endless Wardrobe received an email asking for ransom and thereafter suffered a denial of service attack when they failed to pay the $3500 asked as ransom. They were unable to operate for over a week which resulted in loss of revenue and customers.
 
 

4. Reputation damage risk – due to data protection breach becoming public and  resulting in loss of customers and/or increased cost of operation

Example:
Large organisations like ANZ and Telstra have reported data breaches in the past. Customers may decide to leave a company after a data breach. New customers may weigh factors like their personal data security when using a company’s products or services.

 

Third-Party Cyber Liability Exposures

1. Security and privacy breaches pose a constant cyber risk – iinvestigation, defense cost and civil damages associated with security breach, transmission of malicious code, or breach of third-party /employee privacy rights or confidentiality, including failure by outsourced service provider

Example:
Firms like LinkedIn, Apple, Adobe, Google & Vodafone in the US have all faced class action lawsuits in the recent past related to data security or privacy.
 

2. Investigation, defence cost, awards and fines for privacy breach resulting from an investigation or enforcement action by a regulator as a result of security and privacy obligation can be a costly cyber risk.

Example:
Sony was fined by the UK Information Commissioner for the security breach of its PlayStation Network, which took place in 2011. The Information Commissioner’s Office (ICO) fined Sony  £250,000 in early 2013.
 
 

3. Customer notification expenses risk – legal, postage and advertising expenses if there is a mandatory legal or regulatory requirement to notify individuals of a cyber security or privacy breach.

Example:
The 2013 ‘Cost of Data Breach Study: Global Analysis’ released by Ponemon Institute in May 2013, estimated the average notification cost only of a data breach in Australia as USD 219.
 

4. Cyber risk associated with Multi-media liability – investigation, defence cost and civil damages arising from defamation, breach of privacy, negligence in publication of any content in electronic or print media, as well as infringement of the intellectual property of a third party.

Example:
The Australian Competition & Consumer Forum (ACCC) website states that a owner of Facebook and Twitter pages will become the publisher of third party content once it becomes aware of the content and decides not to remove it. Companies can be liable for misleading and deceptive conduct via social media publications, including (depending on the circumstances) for statements not made directly by the company.
 
 

5. Loss of third party data – liability for damage to or corruption / loss of third-party data or information, payment of compensation to customers for denial of access, failure software, data errors and system security failure.

Example:
Islington Town Hall in the UK agreed to pay compensation (2013) totaling £43,000  to residents whose personal details, including mental health problems and sexual orientation, were accidentally published by the council on a website.
 

Disclaimer:.

“The information provided is general advice only and does not take account of your personal circumstances or needs. Please refer to our financial services guide which contains details of our services and how we are remunerated.”

______________________________________________________________________________________

A cyber attack can cripple a business of any size. By planning in advance and purchasing a cyber insurance policy, businesses can minimize their risks, costs, and the impact of a cyber attack on their reputation and brand.

To learn how a Cyber/Data Breach Insurance policy can help you be prepared for a cyber attack, network security, or data breach event, please complete the box below. Or call Cyber Data-Risk Managers Pty Ltd 02 8987 1913.

What Your Business Should Know About “Australian Privacy Act 1988”?

Australian Privacy Act, 1988 is getting updated.  Does your business know enough about the amendments to the Act and how they affect your business?

Q: Do you know that Privacy Act, 1988 will be updated in 2014?

The updates to existing Privacy Act, 1988 (Cth) will come into effect on 12 March, 2014.

Amendments to the the Australian Privacy Act 1988 (Cth) do away with the existing National Privacy Principles (NPP), which currently apply to the private sector in Australia, and the Information Privacy Principles (IPP), that currently apply to the public sector in Australia. Instead a set of uniform principles called the Australian Privacy Principles (“APPs“) shall apply to both public sector and private sector entities in Australia.

Q: Do you know if your business is covered by the Privacy Act, 1988 (Cth)?

The Australian Privacy Act, 1988 applies to organisations  in Australia with a turnover of $3 million or more. The Privacy Act, 1988 in the case of organisations, which have a turnover of less than $3 million applies to certain types of small businesses  only, for example where the small business:

  • provides personal information in exchange for any benefit, service or advantage
  • is related to a business that has an annual turnover of greater than $3 million;
  • provides someone else with a benefit, service or advantage to collect personal information;
  • provides health services and holds health information other than employee records; or
  • is a contracted service provider for a Commonwealth contract.

Note: Small businesses in Australia that aren’t covered by the  Privacy Act, 1988(Cth), can choose to “opt-in” if they so wish.

Q: Do you know that as per changes in the Privacy Act, 1988 (Cth)   your business could face fines for breaching personal information privacy?

Businesses  could face fines of up to $1.7 million & Individuals  could face fines for up to $340,000 under the new Privacy Act for serious and repeated interferences with privacy on confirmation of incidents of data breach.

Q: Do you know that your business has obligations for protecting personal information under the Australian Privacy Act, 1988?

A business must protect the identity of any person whose information they hold.

According to Australian Information Commissioner (OAIC) publication ‘Data breach notification — A guide to handling personal information security breaches, April 2012’ referred to as ‘OAIC guide’:

“Agencies and organisations have obligations under the Privacy Act 1988 (Cth) to put in place reasonable security safeguards and to take reasonable steps to protect the personal information that they hold from loss and from unauthorised access, use, modification or disclosure, or other misuse”.

Q: Are these DEFINITIONS related to the Privacy Act,1988(Cth)  understood by your business?

Personal Information

According OAIC website, personal information means “information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion”.

Personally Identifiable Information

According to Wikipedia definitionPersonal Information may be further qualified as “Personally identifiable information” (PII) i.e. the information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context.

Data Breach

Data breach means when personal information held by an agency or organisation is lost or subjected to unauthorised access, use, modification, disclosure, or other misuse (OAIC Guide).

Contrary to the general belief, data breach is not breach of data held by an agency, but is the breach of personal information the entity holds. Privacy is the intrusion on someone’s seclusion or infringement of their right to anonymity.

Q: Does your business hold personal information that may be covered by the Australian Privacy Act, 1988?

All such data below may be classified as personal information of a person and covered by the Privacy Act, 1988. Does your business hold any of this data for consumers, employees, third party, suppliers, customers, etc?

  • name or address
  • bank account details and credit card information
  • photos, images, videos or audio footage
  • tax file no.
  • information about likes/dislikes
  • racial or ethnic origin
  • health or medical information
  • political opinions
  • places of work
  • memberships
  • beliefs (including religious or philosophical)
  • sexual preferences or practices
  • criminal record
  • biometric or genetic information

Q: How does a data breach occur that may be seen as a breach of Australian Privacy Act, 1988?

According to OAIC guide, Data breaches can occur through a number of ways. Some examples include:

  • lost or stolen laptops, removable storage devices or paper records containing personal information.
  • hard disk drives and other digital storage media (integrated in other devices, for example, multifunction printers, or otherwise) being disposed of or returned to equipment lessors without the contents first being erased.
  • databases containing personal information being ‘hacked’ into or otherwise illegally accessed by individuals outside of the agency or organisation.
  • employees accessing or disclosing personal information outside the requirements or authorisation of their employment.
  • paper records stolen/found from insecure recycling or garbage bins.
  • an agency or organisation mistakenly providing personal information to the wrong person, for example by sending details out to the wrong address.
  • an individual deceiving an agency or organisation into improperly releasing the personal information of another person.

 

Disclaimer:

The information provided is general advice only and does not take account of your personal circumstances or needs. Please refer to our financial services guide which contains details of our services and how we are remunerated.

_____________________________________________________________________________________

A cyber attack can cripple a business of any size. By planning in advance and purchasing a cyber liability insurance/data breach insurance policy, businesses can minimize their risks, costs, and the impact of a cyber attack on their reputation and brand.

To learn how a Cyber/Data Breach Insurance policy can help you be prepared for a cyber attack, network security, or data breach event, please complete the box below. Or  call Cyber Data -Risk Managers Pty Ltd 02 8987 1913.

Australian Websites Hacked: Insurance Case Study

HACKING a form of cyber attack is an increasing risk faced by Small and Medium Businesses (SMBs). Hackers attacked a number of Australian websites recently. SMBs websites that were hacked lost all their content and had only visible message posted by the hackers : “Stop spying on Indonesia.” Considering the time, effort and money involved in creating and maintaining websites, many such SMBs would consider such a hacking incident nothing short of a crisis. The common reaction to the hack attack may be ‘why them’ ?

The truth is that it that hackers can target anyone. In the above hacking incident, hackers claimed links to the international activist group “Anonymous”.  Apparently  they enjoyed the chaos such a hack attack would cause for the SMBs such as dry cleaners, plumbers, schools and small private practices which owned the hacked sites.

A mere few days prior to the hack attack, the Internet security company McAfee had highlighted in a study that SMBs were operating under a false sense of security about their exposure to cyber risk. SMBs with fewer than 100 employees are actually more vulnerable to a hack attack due to the fact that their defenses are often not as strong as larger businesses. Unfortunately, SMBs are also likely to suffer more financially from a hack attack and face a difficult process of recovering from an attack. 

Most  hacked SMBs are not only faced with the cost of re-building their website and other forms of online presence such as an e-commerce store, fund-raising platform, donor sign-up page, etc. – they also are confronted with the loss of revenue and the harm to their reputation which frequently accompany website downtime after a hacking incident.
While it cannot be ascertained if SMBs who owned the individual websites that were hacked had hacking insurance coverage or cyber insurance as it is commonly referred to, below is an outline of how such a hacking insurance coverage could have come to their rescue in managing the crisis:

Hacking Insurance Coverage that is part of Cyber Insurance Coverage * could help the business owner(s) pay for the cost of:

1: Website Hack:

- reasonable and necessary expenses incurred for returning the contents and platform of the  hacked websites to the same condition they were in prior to being damaged, destroyed, altered, corrupted, copied, stolen or misused

- hiring a public relations firm to assist in re-establishing business reputation after the hack.

- hiring a forensic consultant to establish the identity of the hacker

- hiring a security consultant to review current electronic security and possible security to prevent future hacking incidents

2: Ransomware:

If your website/e-commerce store cannot function due to a cyber attack and the hacker demands ransom, the hacking insurance policy would cover:

- payment of or reimbursement for the ransom paid to the hacker

- hiring a consultant for the handling and negotiation of the ransom demand (conditions apply) with the hacker

3: Loss of Revenue:

-  hacking insurance coverage  usually pays for the loss amount for each consecutive hour that your revenue (including internet revenue) is continuously interrupted or materially impaired after the hack; time retention usually applies in such hacking cases
- payment for the necessary expenses incurred by your business to stop the loss of revenue after the hack

*Disclaimer: Conditions apply for each hacking policy coverage and the information expected from you for filing your claim. Coverage may differ based on specific clauses in individual hacking policies. Please ask your broker to explain any additional benefits and exclusions pertaining to your policy.

“The information provided is general advice only and does not take account of your personal circumstances or needs. Please refer to our financial services guide which contains details of our services and how we are remunerated.”

___________________________________________________________________________________________

A hack attack can cripple a business of any size. By planning in advance and purchasing a hacking insurance policy, businesses can minimize their risks, costs, and the impact of a hack attack on their reputation and brand.

To learn how the hacking Insurance policy  commonly referred to as cyber Insurance policy can help you be prepared for a hacking incident, cyber attack, network security, or data breach event.

Request a Quote by  completing the box below or call Cyber Data- Risk Managers Pty Ltd on 02 8987 1913

Evaluating Cyber Liability Insurance Policies

Cyber liability insurance or  also known as data breach insurance have been purchased by businesses to help with response costs. Now, it seems they’re purchasing it out of fear of a lawsuit. With many data breach lawsuits making recent headlines, it’s no surprise. Finding the right policy, though, is an important step in being fully protected.

Once you are ready to shop for cyber liability insurance its important to carefully evaluate the purchase of a the cyber liability insurance policy from a variety of angles. The types of coverage offered by cyber liability insurance policies vary dramatically by insurance carrier, so its good to start by talking with a knowledgeable insurance broker who has experience with cyber liability insurance policies.

When evaluating and considering the purchase of a cyber liability insurance policy, there are several important steps prior to actually investing in the policy:

Determine how much insurance you need and how much risk you can afford to retain. Once the amount of insurance you need is determined, figure out how much you can afford to pay out of pocket before any cyber liability insurance claims may be paid. This will help you determine your retention or deductible.

Review the types of coverage provided. While cyber liability insurance policies are not standard policies, and vary widely, coverage typically falls into three categories: liability, breach response costs, and fines and penalties. Some things to consider are: Does the insurance carrier have experience with your industry? Is there any special cyber liability coverage applicable to your specific industry or business?

Know what triggers the policy. Will your cyber liability insurance coverage be triggered for a stolen or lost unencrypted laptop or USB flash drive? Loss related to the failure to secure data? Loss related to a breach caused by a negligent employee? Data held in the cloud? What happens if you experience a data breach in which public data is exposed?

What types of data are covered? Some carriers specify the types of data covered, while others do not. Some things to consider: How is sensitive data defined in the specific cyber liability policy? Are paper records included?

What response costs and services are covered in the event of a breach? Most carriers offer coverage for breach response costs and breach services. You will want to check to see if the following are covered (at least) in the cyber liability insurance policy on offer: crisis management and breach notifications, credit monitoring, loss of business income, privacy regulatory defense and penalties, computer forensics investigation, and the hiring of a privacy lawyer.

Find out if you can select your own vendors or counsel. Often, businesses prefer to select their own vendor or counsel, especially if they have a pre-existing relationship with these professionals. Find out upfront whether or not you have a choice or must use the vendors and/or counsel selected by the insurer as part of the cyber liability insurance coverage.

Cyber risk is now considered one of the top emerging risks a business faces and data breaches will continue to happen. Cyber liability insurance offers a great solution to responding to a breach and helps offer peace of mind if a lawsuit were to happen.

 

Disclaimer: Conditions apply for each policy and the information expected from you for a policy to trigger. Coverage may differ based on specific clauses in individual policies. Please ask your broker to explain any additional benefits and exclusions pertaining to your policy.

“The information provided is general advice only and does not take account of your personal circumstances or needs. Please refer to our financial services guide which contains details of our services and how we are remunerated.”
_____________________________________________________________________________________

A cyber attack/data breach can cripple a business of any size. By planning in advance and purchasing a cyber liability insurance policy, businesses can minimize their risks, costs, and the impact of a cyber attack on their reputation and brand.

To learn how a Cyber/Data Breach Insurance policy can help you be prepared for a cyber attack, network security situation, or data breach event, please complete the box below. Or call  Cyber Data- Risk Managers Pty Ltd 02 8987 1913.

 

 

Strategies for Dealing With Data Breaches

Data Breaches can happen to any businesses of all sizes and therefore the question that must be asked is when one will happen, rather than if one will happen.

Most businesses today realize that, while a data breach can’t be predicted, it should be expected. The focus should shift to how to best handle data breaches that do occur.

Good planning will make the difference between a living nightmare for the whole organization or a prepared organisation that is ready to mitigate harm. The cost of poor planning, meanwhile, can be huge financial losses or even bankruptcy for small and midsized businesses.

This was the case for Impairment Resources LLC , a US medical records firm. The firm filed for bankruptcy in March after a break-in on New Year’s Eve 2011 that led to the compromise of roughly 14,000 files. The cost of dealing with the data breach was prohibitive for the firm, leading to its demise.

Creating a data breach incident response plan, and incorporating it into the organization’s business continuity plan, simply makes business sense. Here are seven things your business can do once your endpoint has been compromised:

- Stay calm. Don’t rush out the minute you learn about your data breach and announce it to the world. You will want to take a deep breath and organize your response team. Involve designated key employees, a privacy attorney, a computer forensics expert, and your cyber insurance agent as part of total data breach response strategy.

- Call your insurance agent. While traditional business insurance policies do not cover data breaches, a cyber insurance policy will. Your cyber insurance carrier would help coordinate your incident response team.

- Get a computer forensics investigator involved. Before you send out your notification letters, you will want to know whether any sensitive personally identifiable information (PII) was accessed/stolen. Knowing this will trigger whether or not you need to report your data breach and determine if notification letters need to be sent.

- Speak with/hire a data privacy lawyer. If you believe that your data breach has exposed sensitive PII, you will want to hire a data privacy attorney to help coordinate your breach from start to finish.

- Send out notifications to potential breach victims. Each state where you do business and where your customers reside will have its own requirements for reporting breaches. Follow state notification laws and adhere to specified time frames for sending out notification letters.

- Offer an identity-theft/credit-monitoring service. While not a requirement, it’s become an industry standard to offer some type of identity-theft/credit-monitoring service to each potential victim.

- Tighten your endpoints and fix data leakage. While no security system is 100 percent foolproof, installing firewalls, updating antivirus systems, investing in an IPS or IDS system, and updating software and patches can help your business minimize the risks of an additional data breach.

How your business responds to a data breach can either harm or enhance your reputation. Take the time to think about the steps involved and to create a data breach incident response plan before a data breach happens.

Disclaimer: Conditions apply for each policy and the information expected from you for a policy to trigger. Coverage may differ based on specific clauses in individual policies. Please ask your broker to explain any additional benefits and exclusions pertaining to your policy.

“The information provided is general advice only and does not take account of your personal circumstances or needs. Please refer to our financial services guide which contains details of our services and how we are remunerated.”
_____________________________________________________________________________________

A cyber attack can cripple a business of any size. By planning in advance and purchasing a cyber liability or data breach insurance policy, businesses can minimize their risks, costs, and the impact of a cyber attack on their reputation and brand.

To learn how a Cyber Liability/Data Breach Insurance policy can help you be prepared for a cyber attack, network security situation, or data breach event, please complete the box below. Or call Cyber Data-Risk Managers Pty Ltd. 02 8987 1913.

Get ready to shop for Cyber liability Insurance

Cyber liability insurance policies (also known as “data breach” insurance)  and their  coverage vary dramatically by insurance carriers. For businesses, choosing the right cyber liability insurance policy can be a challenge. Working with a knowledgeable insurance broker who has experience with cyber liability insurance policies can reduce the challenges.

Before you start shopping, though, there are a few things you need to do to get ready:

1) Assess your cyber hygiene

Before applying for cyber liability  insurance, businesses should have policies and procedures in place that show they are protecting and securing their data as well as enforcing their security and privacy policies. While cyber liability insurance can help businesses mitigate risks, it cannot replace good cyber hygiene.

2) Evaluate your needs and priorities

Has your business assessed its risks for a data breach? Depending on your industry, your risk for a data breach may be considered anywhere from minimal to very high.

Has your business conducted a risk assessment? Evaluate, identify and mitigate any gaps in your privacy and security programs prior to applying for a cyber liability insurance policy. The risk assessment can help you assess your needs for cyber liability policy coverage matched to your business vulnerabilities.

3) Predict your data breach

Once you have assessed your risks, you will want to think of as many possible data breach scenarios as you can that could happen to your business. The purpose of this exercise is to arm you with potential data breach scenarios and prepare you to go on a search, with a knowledgeable insurance broker, for a cyber liability policy that fits your needs. While this may seem like a time-consuming process, it could help ensure that you’re covered in the event one of these scenarios happens. The whole purpose of purchasing cyber liability insurance, after all, is to ensure that you are protected from potential risk.

After these three steps, you are ready to compare different cyber liability insurance policies.

*Disclaimer: Conditions apply for each policy and the information expected from you for a policy to trigger. Coverage may differ based on specific clauses in individual policies. Please ask your broker to explain the additional benefits and exclusions pertaining to your policy.

“The information provided is general advice only and does not take account of your personal circumstances or needs. Please refer to our financial services guide which contains details of our services and how we are remunerated.”
_____________________________________________________________________________________

A cyber attack or a data breach event can cripple a business of any size. By planning in advance and purchasing a cyber liability insurance or data breach insurance policy, businesses can minimize their risks, costs, and the impact of a cyber attack on their reputation and brand.

To learn how a Cyber Liability Insurance/Data Breach Insurance policy can help you be prepared for a cyber attack, network security incident, or data breach event, please complete the box below. Or call Cyber Data-Risk Managers Pty Ltd 02 8987 1913.