As the principal of a Strata Management business, you likely spend most days ensuring the needs of your strata clients are met. But when was the last time you stopped for a second to reconsider the needs of your own business, and any emerging risk exposures that could pose a serious threat to your operations?
Cybercrime has been a hot topic in the news recently, making headlines around the world.
Whether you are a multinational company or not, being hacked and having sensitive data stolen is a risk that could seriously impede your ability to operate as a business, whilst also exposing your assets through litigation.
Further to Privacy Act changes in 2014, the introduction of the Notifiable Data Breach (NDB) Scheme on the 22nd of February 2018 now sees even higher fines imposed on individuals and businesses if they fail to report serious data breaches to both the Office of the Australian Information Commissioner (OAIC), and to all individuals whose information may have been breached.
The risk to strata managers
Cybercrime is becoming increasingly common among smaller businesses because they present a much easier target for cybercriminals. In 2016, roughly 1 in 5 SME’s were targeted by a cyber-attack (i).
As an SME business that stores significant amounts of client data, this risk applies to you!
Take this incident for example…
You sit down to work one morning, and find that you cannot access any of your client data. Your computer system has been hacked into by cybercriminals, and your client records have been stolen, encrypted, and held to ransom. In other words - you are unable to access any of the data you need to run your business.
The cybercriminals demand you pay a ransom of $10,000 to get your data back, and you pay because you can’t operate without it.
After your data has been unlocked for 24 hours, the cybercriminals breach your system once more, encrypting your data again, and request another $10,000.
Like most victims of crime, you notify the police, but what comes next?
Fines and Penalties - the cost to your business
Amendments to the Privacy Act in 2014 saw the introduction of the Australian Privacy Principles (APP’s) which governed the way companies handled personal information, and introduced significant fines and penalties for the mishandling or loss of personal information.
Adding to this, on the 22nd of February 2018, the OAIC introduced a new addition to the Privacy Act – Part 111C: The Notifiable Data Breaches (NDB) Scheme.
This new legislation means it is now mandatory for you to notify the OAIC and your clients in the event of a data breach. It also sees fines and penalties increase if you fail to comply.
Your business can be fined;
- up to $1.8 million for breaching the Privacy Act
Directors can be fined;
- up to $360,000 for individuals (ii)
The wider impact and costs to your business:
- Business interruption – loss of client records could see you unable to provide a service to your many Strata clients. This may significantly affect your bottom line, and even see clients switch to competitors.
- Ransom payments & cyber extortion costs – you may be forced to pay cybercriminals in order to regain access to your data.
- Third party legal action resulting from failure to secure your data – clients may experience financial loss or emotional trauma as a result of a data breach.
- Reputational damage – clients may leave as a result of a data breach. Retaining clients and attracting new ones after a breach could also be very difficult if the market lacks trust in your ability to keep personal information secure.
- Fines and penalties resulting from a Privacy Act breach – Amendments to the Privacy Act in 2014 saw the introduction of the Australian Privacy Principles (APP’s) which governed the way companies handled personal information, and introduced significant fines and penalties for the mishandling or loss of personal information.
What is your plan to finance fines that could exceed $360,000 for directors, and up to $1.8 million for businesses?
Over 70% of businesses that suffer a major data loss shut down within 24 months (iii).
While you likely have a Business Insurance policy and Public Liability Insurance – neither of these will protect you from the cost of incurring personal fines and penalties or litigation if your client records are breached by cybercriminals.
We consider Cyber Liability an essential Insurance policy, and urge you to ask your Whitbread broker about this further, to help generate greater certainty for the future of your business.
A Cyber Insurance policy can cover:
- Data security - Expenses related to cyber extortion or terrorism such as theft of hardware, destruction of data stored on any computer system or theft of access codes from premises, computer system or by employees.
- Privacy breach - Costs associated with a privacy breach including consumer notification and costs of providing credit monitoring services to affected customers.
- Reputational repair - Reimbursement of costs incurred in relation to reputational damage, libel, slander, defamation and invasion of privacy.
- Network Interruption - Cover for net income that would have been earned and ongoing normal operating expenses e.g. payroll, as a result of security failure.
- Fines & penalties - Costs incurred due to fines or penalties imposed by government or regulatory authorities for a breach of data protection laws.
- Legal defence costs - Costs for legal advice and representation in connection with formal investigations by authorities.
With premiums starting from around $1,000 for a $250,000 cover limit, do not hold off until your insurance renewal date before getting your Cyber Insurance policy.
If you would like to discuss your Cyber Liability Insurance requirements in greater detail, or enquire about a quotation, please contact Whitbread Insurance Brokers.
This article is not intended to be personal advice and you should not rely on it as a substitute for any form of personal advice. Please contact Whitbread Associates Pty Ltd ABN 69 005 490 228 Licence Number: 229092 trading as Whitbread Insurance Brokers for further information or refer to our website.