Page 23

Features Consulting Matters

21

Cyber Risks – is your business protected? Are you prepared for the mandatory data breach reporting regime that was introduced on 22 February 2018?

Cyber risks represent one of the biggest threats to businesses today. We discuss some of those risks, some basic risk management tips, how you can insure yourself against those exposures and the Government’s response to this increasing threat through the Notifiable Data Breaches scheme. Cyber incidents are becoming more and more common and Australia is increasingly being targeted and is now the fifth most targeted country for cyber-attacks globally according to a recent Symantec Internet Security Threat Report. These attacks are not only targeted at what most would consider the normal targets (large corporations) but 40 per cent of all cybercrime is directed at small to medium enterprises (SMEs) according to the Government’s Computer Emergency Response Team. SMEs are often the least prepared to counter that threat.

Cyber incidents are becoming more and more common and Australia is increasingly being targeted and is now the fifth most targeted country for cyber-attacks globally according to a recent Symantec Internet Security Threat Report. Risk management strategies include:

interruption policies or business pack policies due to a lack of insured damage;

• Ensure all computers and portable devices have passwords and that they are regularly changed, (ensuring that passwords have a combination of upper case, lower case, numbers and symbols).

-C  yber extortion costs such as the hiring of negotiation experts, covering extortion demands and prevention of future attacks; and

• Keep your operating systems up to date.

-E  lectronic data replacement.

Cyber threats are commonly divided into three categories:

• Restrict and control administrative privileges.

Third Party losses include:

• Computer as a target - the target of the crime is the computer itself. These threats include computer viruses, denial of service attacks and malware.

• Always lock computers when leaving them. • Remove ex-employees’ access to your system.

•D  amages payable to your clients resulting from data breaches;

• Computer as a tool - the target of the crime is the person controlling the computer. These threats include fraud and identity theft, phishing scams and other spam emails. Cyber criminals rely on the vulnerabilities of employees and business owners to work their way into your system and compromise your security. • Cyber Extortion – your system is locked and can only be unlocked by payment of a ransom.

Your Cyber risk management plan should also include Cyber insurance as not all risks can be eliminated. Cyber insurance provides a variety of covers and should provide an incident response solution to help you work through your breach response.

•D  efence costs to fund the legal costs of defending claims; and •R  egulatory breach protection to cover legal expenses and the costs of civil fines and penalties. Cyber Incident Response:

Cyber insurance policies will cover a variety of your exposures such as:

Policies should also provide cover to assist you to properly respond to a Cyber incident:

First Party Losses (losses that you would directly incur) which include:

•C  risis management consultants – IT, legal, public relations;

- Business Interruption losses which are not covered under traditional business

2018 March Consulting Matters  

Consult Australia's official quarterly publication focuses on the issues which are prevalent in the consulting industry through articles and...

2018 March Consulting Matters  

Consult Australia's official quarterly publication focuses on the issues which are prevalent in the consulting industry through articles and...

Advertisement