fy21 q3 q4 cyber insurance snapshot

At a glance: The OAIC January–June 2021 Notifiable Data Breaches Report

 

fy21 q3 q4 cyber insurance snapshot 2

 

Top 5 Industry Sectors to notify data breaches

fy21 q3 q4 cyber insurance snapshot 3

 

Sources of data breaches

fy21 q3 q4 cyber insurance snapshot 4

 

Cyber Incident Breakdown

fy21 q3 q4 cyber insurance snapshot 5

 

  • Q3/Q4 had 446 reported breaches — down 16% from Q1/Q2.
  • Malicious or criminal attacks caused 65% of reported breaches. Of these, 66% were cyber incidents.
  • Human error was the second-highest cause of data breaches. It accounted for 30% of breaches reported.
  • Health service providers reported the highest number of breaches (19%), followed by the finance & superannuation industry (13%.)
  • The overall reduction in breaches included a 34% drop in human-error breaches and a 5% drop in breaches caused by a malicious or criminal attack.
  • However, two types of malicious or criminal attack related breaches are on the rise. Ransomware incidents increased by 24%, from 37 to 46. Breaches caused by social engineering or impersonation fraud increased slightly, from 34 to 35.
  • Following the report, the OAIC issued a press release highlighting ransomware attacks and impersonation fraud as causes for concern.

 

The OAIC urges Australian businesses to maintain adequate privacy procedures

 

Throughout the report and subsequent press release, the OAIC reinforced the expectation that businesses:

 

  • Protect themselves adequately from privacy threats.
  • Have systems in place to quickly identify breaches.
  • Have appropriate incident response plans.

This expectation extends to the threat of ransomware attacks and impersonation fraud. The Australian Information Commissioner and Privacy Commissioner Angelene Falk says:

 

We expect entities to have appropriate internal practices, procedures and systems in place to assess and respond to data breaches involving ransomware.

Entities should continually review and enhance their security posture to minimise the growing risk of impersonation fraud.

OAIC recommendations for preventing and responding to ransomware and identity fraud risks included:

 

  • Multi-factor authentication.
  • Automatic account holder notification for failed logins and personal information updates.
  • Appropriate audit and access logs.
  • An appropriate incident response plan.
  • Possible early-stage forensic analysis from a cyber security expert following a ransomware attack.

 

KBI recommends businesses seek cyber insurance

 

When commenting on the report, Commissioner Faulk acknowledged the rise of the dark web and the increasing ease with which cybercriminals can bypass entities’ impersonation fraud protection measures.

 

This is part of the reason that KBI’s lead cyber insurance broker Tyler Speers recommends pairing robust privacy protection measures with an equally robust cyber insurance policy:

Strong cyber security policies and procedures can reduce your business’ risk of a cyber attack. But, they cannot remove that risk altogether. Cyber attacks can and do have significant financial repercussions for the businesses targeted. If your business is targeted, a cyber insurance policy can help cover costs associated with privacy lawsuits, regulatory defence, extortion demands, notification, and data recovery. It will also give you access to an emergency incident response team to put the situation in the hands of the experts.

 

Given the growing risk of ransomware and impersonation fraud, Speers recommends that all businesses who hold personal data seek cyber insurance. He also suggests that businesses with an existing policy have a proactive conversation about risks and cover requirements with their broker.

 

 

KBI predicts changes to the cyber insurance market in FY22

 

Increases in the number of ransomware and impersonation attacks could result in tighter underwriting criteria for cyber insurance policies in FY22, as well as harsher terms for cover. “We are already beginning to see policies that limit cover for ransomware payments,” says Speers.Government legislation in response to the growing threat of ransomware attacks is also a possibility. In June, Tim Watts, a federal Labour MP, introduced the private member’s Ransomware Payments Bill 2021. If passed, this bill would require businesses to report ransomware demands to the Australian Cyber Security Center.

 

Key takeaways

 

  • Ransomware and impersonation fraud is a growing threat
  • Businesses should look to improve privacy protection measures and have a plan in place for cyber attacks.
  • Businesses should speak to their broker about the financial risks associated with a cyber attack and the possibility of transferring those risks to insurance.
To talk to a broker, or find out more about cyber insurance, visit our cyber insurance page.

 

 

Secure Your Association’s Future with Tailored Insurance Solutions from KBI

Protect your association’s future by partnering with a specialised insurance broker, KBI. With KBI’s Association Insurance Program, you gain comprehensive coverage designed to address your association’s unique risks. Don’t leave your success to chance—contact us today to discuss your insurance needs.

 

Let KBI be your trusted partner in protecting your association’s interests and ensuring long-term resilience. Together, we can navigate the complexities of risk management and insurance and secure a brighter future for your association.

Next

LOGO 1

We are a specialist insurance brokerage with an emphasis on adding value to our clients by helping them make an informed decision. Our approach combines that of an insurance broker and consultant, where we focus on providing expert advice to our clients while customising their insurance program and risk management solutions.

 

Since starting in 2013, KBI is constantly growing and becoming a leader in the Australian market. Our primary point of difference is that we don’t try to be all things to all people. We work in niche areas, where we can tailor an offering, advice and broker support to meet the specific area’s needs.

SHARE THIS ARTICLE

latest news

Related Articles

Association Insurance

Why Do Associations Need a Tailored Insurance Program?

author: KBI | March 22, 2024

why do associations need a tailored insurance program

Associations play a key role in many industries. They represent the shared interests of professionals, businesses, and communities. Associations operate in dynamic […] {{ post.title }}>Read More

Why Do Associations Need a Tailored Insurance Program? Read Article

Cyber Blog

Strengthening Your Business with Comprehensive Cyber Insurance Solutions

author: KBI | August 15, 2023

strengthening your business with comprehensive cyber insurance solutions 1

In this article, we provide some key insight into the current cyber insurance landscape including how insurers are responding to increasing risks […] {{ post.title }}>Read More

Strengthening Your Business with Comprehensive Cyber Insurance Solutions Read Article

Business Insurance

Safeguarding Business Continuity: Learning from the Optus Outage

author: KBI | November 16, 2023

safeguarding business continuity learning from the optus outage

In an era where connectivity is the lifeblood of businesses, the recent Optus outage in Australia served as a stark reminder of […] {{ post.title }}>Read More

Safeguarding Business Continuity: Learning from the Optus Outage Read Article
view all articles