As the principal of a Strata Management business, you likely spend most days ensuring the needs of your strata clients are met. But when was the last time you stopped for a second to reconsider the needs of your own business, and any emerging risk exposures that could pose a serious threat to your operations?
Cyber crime threats
Cyber crime has been a hot topic in the news recently, making headlines around the world.
Whether you are a multinational company or not, being hacked and having sensitive data stolen is a risk that could seriously impede your ability to operate as a business, whilst also exposing your assets through litigation.
Further to Privacy Act changes in 2014, the introduction of the Notifiable Data Breach (NDB) Scheme on February 22, 2018 now sees even higher fines imposed on individuals and businesses if they fail to report serious data breaches to both the Office of the Australian Information Commissioner (OAIC), and to all individuals whose information may have been breached.
The risk to strata managers
Cyber crime is becoming increasingly common among smaller businesses because they present a much easier target for cyber criminals. In 2016, roughly 1 in 5 SME’s were targeted by a cyber-attack (i).
As an SME business that stores significant amounts of client data, this risk applies to you!
TAKE THIS INCIDENT FOR EXAMPLE…
You sit down to work one morning, and find that you cannot access any of your client data. Your computer system has been hacked into by cyber criminals, and your client records have been stolen, encrypted, and held to ransom. In other words – you are unable to access any of the data you need to run your business.
The cyber criminals demand you pay a ransom of $10,000 to get your data back, and you pay because you can’t operate without it.
After your data has been unlocked for 24 hours, the cyber criminals breach your system once more, encrypting your data again, and request another $10,000.
Like most victims of crime, you notify the police, but what comes next?
Fines and Penalties – the cost to your business
Amendments to the Privacy Act in 2014 saw the introduction of the Australian Privacy Principles (APP’s) which governed the way companies handled personal information, and introduced significant fines and penalties for the mishandling or loss of personal information.
Adding to this, on February 22, 2018, the OAIC introduced a new addition to the Privacy Act – Part 111C: The Notifiable Data Breaches (NDB) Scheme.
This new legislation means it is now mandatory for you to notify the OAIC and your clients in the event of a data breach. It has also seen an increase in fines and penalties that apply if you fail to comply.
Businesses can be fined;
- up to $2.1 million for breaching the Privacy Act
Directors can be fined;
- up to $360,000 for individuals (ii)
The wider impact to your business:
- Business interruption – loss of client records could see you unable to provide a service to your many Strata clients. This may significantly affect your bottom line, and even see clients switch to competitors.
- Ransom payments & cyber extortion costs – you may be forced to pay cyber criminals in order to regain access to your data.
- Third party legal action resulting from failure to secure your data – clients may experience financial loss or emotional trauma as a result of a data breach.
- Reputational damage – clients may leave as a result of a data breach. Retaining clients and attracting new ones after a breach could also be very difficult if the market lacks trust in your ability to keep personal information secure.
- Fines and penalties resulting from a Privacy Act breach – Amendments to the Privacy Act in 2014 saw the introduction of the Australian Privacy Principles (APP’s) which governed the way companies handled personal information, and introduced significant fines and penalties for the mishandling or loss of personal information.
What is your plan to finance fines that could exceed $360,000 for Directors, and up to $2.1 million for Businesses?
Over 70% of businesses that suffer a major data loss shut down within 24 months (iii).
While you likely have a Business Insurance policy and Public Liability Insurance – neither of these will protect you from the cost of incurring personal fines and penalties or litigation if your client records are breached by cyber criminals.
A Solution
We consider Cyber Liability an essential Insurance policy, and if you do not have this cover, we urge you to ask your Resolute broker as soon as possible. Cyber risks are rapidly on the rise.
A Cyber Insurance policy can cover:
- Data security – Expenses related to cyber extortion or terrorism such as theft of hardware, destruction of data stored on any computer system, or theft of access codes from the premises, computer system or by employees.
- Privacy breach – Costs associated with a privacy breach including consumer notification, and costs of providing credit monitoring services to affected clients.
- Reputational repair – Reimbursement of costs incurred in relation to reputational damage, libel, slander, defamation and invasion of privacy.
- Network Interruption – Cover for net income that would have been earned, and normal operating expenses e.g. payroll as a result of a security failure.
- Fines & penalties – Costs incurred due to fines or penalties imposed by government or regulatory authorities for a breach of data protection laws.
- Legal defence costs – Costs for legal advice and representation in connection with formal investigations by authorities.
With premiums starting from around $1,000 for a $250,000 cover limit, do not hold off until your insurance renewal date before placing your Cyber Insurance policy.
If you would like to discuss your Cyber Liability Insurance requirements in greater detail, or enquire about a quotation, please contact Resolute Property Protect:
Ph: 1300 668 033
E: info@resolutepropertyprotect.com.au