Did you know an old photocopier could cost your business $1.7 million?
That's the reality some businesses are facing as the federal government forges ahead with the Privacy Amendment (Notifiable Data Breaches) Bill.
The legislation requires Australian organisations with more than $3 million a year in turnover to notify customers and the Privacy Commissioner of eligible data breaches they experience within 30 days of becoming aware them.
Understanding the bill
What does the bill have to do with photocopiers?
Well, most cutting-edge copiers nowadays have a hard drive containing sensitive information, including all of the documents your business has printed over the years.
If you throw away or sell the copier without adequately wiping the hard drive, this data could fall into the wrong hands.
Should this happen and you don't inform the people within the 30-day period, your business may be fined $1.7 million. Directors and managers could be personally liable and face penalties of $340,000 – and photocopiers are just the tip of the iceberg.
Cyber criminals are using a mix of sophisticated and more simplistic attacks to compromise data, such as phishing, ransomware, distributed denial of service attacks and insiders.
Tell me more about the legislation
Aside from businesses with more than $3 million annual turnover, the legislation also applies to all health service providers, credit reporting bodies and tax file number recipients.
The federal government believes approximately 6 per cent of organisations will be affected.
Eligible breaches are described as the unauthorised disclosure or loss of, as well as access to, information that a 'reasonable person' believes would likely result in 'serious harm' to the individual whose data has been comprised.
The legislation openly admits that the definition for 'serious harm' is broad. Physical, psychological, emotional, economic and financial harm are all listed as potential risks.
What can I do to protect my business?
Lloyd's figures last year revealed a 168-fold rise in the amount of cyber insurance being purchased in Australia.
It's not difficult to see why demand has risen. New legislation such as the Notifiable Data Breaches bill, and an ever-present threat from cyber criminals, is always on the horizon.
Australian Cyber Security Centre study suggests 9/10 local orgs suffered breach attempts in FY15/16 & 58% had been successfully compromised pic.twitter.com/KK7ycV75We
— FortinetANZ (@FortinetANZ) August 29, 2017
Liam Bache, a broker at MGA Insurance Brokers, says finding the right cyber insurance policy is crucial.
"Building a strong defence requires putting together a program that addresses the exposures for each individual client's circumstances," he explains.
"It's important that the cyber insurance products businesses have work together correctly with existing policies to provide adequate coverage, otherwise you could be left with gaps that create problems in the event of a claim."
The bill will come into effect by February 13 2018, but organisations will want to ensure they have the appropriate coverage in place well ahead of time.
If you'd like to discuss your cyber insurance needs, please contact MGA Insurance Brokers today.