Human Error Remains Key Cause Of Notifiable Data Breaches

Human Error Data Breach

Human error remains a key cause of notifiable data breaches, according to the latest quarterly report from the Office of the Australian Information Commissioner (OAIC).

While malicious or criminal attacks are still the largest source of notifiable data breaches (NDBs), accounting for 57%, human error is second with cyber incidents exploiting human vulnerabilities, for example, encouraging people to click on phishing emails or disclose passwords.

Gerry Power, Head of Sales at Cyber Insurer Emergence, said: “The continued propensity for human error to cause NDBs is a disturbing insight because it shows businesses are not educating staff enough on how to identify phishing emails or handle personal information appropriately.”

Source Emergence

Human Error and Data Breaches

Human error accounted for 37% of data breaches in the latest report. Emailing personal information to the wrong recipients was the most common human error data breach (12%). Second highest was failing to use the BCC function when sending group emails, which impacted on an average of 494 people each breach.

Gerry said the healthcare industry continued to be the worst-performing sector, recording 18% of data breaches and human error was responsible for more than half those. “That gives an insight into why some cyber insurers will not write the healthcare industry for data breaches,” he said.

The finance sector was the second-worst performing industry for the second consecutive quarter, with 14% of breaches.

The legal, accounting and management services sector was a close third. Gerry said Emergence’s claims data backed that up. “The accounting profession is a honeypot of data for cyber criminals,” he said.

Notifiable Data Breache Scheme

The NDB scheme was introduced on 22 February 2018 and, since then, OAIC has had 550 notifications, including 245 in the July-September quarter. That compares to only 114 notifications in the 12 months before the scheme’s launch.

As knowledge of the NDB scheme increases in the business community, the number of known data breaches will continue to rise.

Education is the key to reducing the human error element of NDBs.

Emergence conducts in-house education sessions, online seminars, and a social media program to educate brokers and their clients about the need for diligence and risk management to avoid data breaches and cyber attacks.

The increasing rate of notifications highlights the need for cyber insurance. Emergence’s cyber policy gives insureds 24/7 access to an Australian-based incident response team of experts who understand the importance of immediately mitigating potential threats to insureds’ businesses.

Emergence’s policy includes cover for reporting data breaches to OAIC, regulatory investigations, and costs of communicating data breaches to affected individuals.

“A cyber policy is part of every successful business’s risk management framework. Cyber insurance is not the first line of defence; it is designed to protect a business when its IT security, policies, and procedures fail to stop an attack,” Gerry said.

Organisations can reduce the potential for NDBs through risk management practices such as:
• Employee training, including strong password protection strategies and raising awareness about the importance of protecting personal information
• Restricting administration privileges
• Conducting daily backups
• Continuously patching operating systems and software
• Implementing multi-factor authentication.

Emergence is a pioneer of cyber cover in Australia and provides protection for SMEs through to ASX-listed entities.

Compare Cyber Insurance

Cyber Insurance Comparison

 

Please note Cyberliabilitycomparison.com.au Insurance News is an information service sometimes provided by third parties Insure 247 Australia doesn’t warrants the accuracy of any information contained there in, readers should make their own enquiry’s before relying on information in the stories Terms of Service

 

Please note that any advice given has been provided without taking into account your objectives, financial situation or needs. It is also based on information we have obtained from you. You must ensure the information is accurate and complete. Otherwise, this advice may be based on the inaccurate or incomplete information. You should consider whether the advice is appropriate in light of your objectives, financial situation and needs

Data breach notification statistics ‘frightening’ Insurer

Notifiable data breaches

Data breach notification statistics ‘frightening’ according to Emergence

The Office of the Australian Information Commissioner (OAIC) has released its first quarterly report into notifiable data breaches, which shows 63 reported breaches since the scheme began on 22 February 2018.

That means in only its first 38 days, the scheme is averaging more than two notifications every business day.

Gerry Power, National Head of Sales for cyber insurance specialist underwriting agency Emergence, says the statistics are “frightening”.

OAIC’s figures show health service providers made the most notifications, at 15; followed by legal, accounting and management services, 10; finance, including superannuation, eight; education, six; and charities, four.

The figures are consistent with Emergence claims data that show the accounting industry is a major target for cyber theft.

Human Error a threat

Human error was responsible for 32 of the notifiable data breaches (NDB) reported; malicious or criminal attacks, 28; and two were system errors.

Gerry said the high rate of NDBs in only 38 days of the scheme’s operation highlighted the need for cyber insurance.

Emergence’s cyber policy gives insureds 24/7 access to an incident response team of experts who understand the importance of immediately mitigating potential threats to insureds’ businesses.

The Emergence solution also manages reporting data breaches to OAIC, any subsequent regulatory investigations, and costs associated with communicating data breaches to affected individuals.

A cyber insurance policy is part of every successful business’s risk management framework. Cyber insurance is not the first line of defence; it is designed to protect a business when its IT security, policies and procedures fail to stop an attack.

Emergence is a pioneer of cyber cover in Australia and provides protection for SMEs through to ASX-listed entities. It is a cyber specialist, focusing all its efforts on risk management and fine tuning its policy to provide top-level protection.

Gerry warned the NDB scheme meant companies could not keep silent on data breaches and hope for the best because notification to OAIC was now mandatory. Your clients need to understand the risks and they need protection.

Emergence’s Cyber Event Protection package gives your clients financial support and incident response expertise to recover from adverse events, including ransomware attacks, point-of-sale intrusions, denial-of-service attacks and cyber espionage.

 

Compare Cyber Insurance

Cyber Insurance Comparison

 

Please note Cyberliabilitycomparison.com.au Insurance News is an information service sometimes provided by third parties Insure 247 Australia doesn’t warrants the accuracy of any information contained there in, readers should make their own enquiry’s before relying on information in the stories Terms of Service

 

Please note that any advice given has been provided without taking into account your objectives, financial situation or needs. It is also based on information we have obtained from you. You must ensure the information is accurate and complete. Otherwise, this advice may be based on the inaccurate or incomplete information. You should consider whether the advice is appropriate in light of your objectives, financial situation and needs

Five tips to protect against ransomware attacks

Ransomware attacks are one of the most common forms of cyber attack in Australia. How can you protect your business?

Ransomware hackers steal businesses’ files and demand ransom payments to get them back. The attacks can be devastating financially for companies that are not prepared.

For example, the WannaCry attack hit 200,000 victims in 150 countries.

If you run a business, follow these five tips to safeguard yourself and your business against such attacks.

1. Update your software

Pay close attention to the software you use. Emergence Insurance recommends you alway accepting options to update or patch your operating system and other key applications immediately updates are available. Updates are often designed to strengthen cyber security.

2. Install antivirus software

Regular software updates alone do not ensure your systems are protected. Viruses are still a threat because they constantly evolve. Guard against them by running a reputable antivirus tool and remember to update your software immediately when updates are available.

3. Use common sense on the internet

Be smart about not exposing yourself to cyber attacks. Think before you click on unfamiliar links and don’t open strange email attachments. Delete all emails that look suspicious.

4. Backup your files often 

Create backups of all your files often. It’s a simple, effective way to ensure that if ransomware thieves steal your files and hold them hostage, the thieves have no leverage against you.

5. Develop a cyber security plan

Develop a long-term plan to strengthen your business’s cyber security. It should include educating your employees; upgrading hardware and software; building a business continuity plan; and buying cyber insurance protection to safeguard your business financially in the event of a cyber attack.

 

Source

Emergence Insurance

Emergence Insurance is here to protect all businesses – large and small – against cyber risks. In fact, that’s all we do, so we’re the specialists in the field.

 

Please note Cyberliabilitycomparison.com.au Insurance News is an information service sometimes provided by third parties Insure 247 Australia doesn’t warrants the accuracy of any information contained there in, readers should make their own enquiry’s before relying on information in the stories Terms of Service

Compare Australian Cyber Insurers

Please note that any advice given has been provided without taking into account your objectives, financial situation or needs. It is also based on information we have obtained from you. You must ensure the information is accurate and complete. Otherwise, this advice may be based on inaccurate or incomplete information. You should consider whether the advice is appropriate in light of your objectives, financial situation and needs

Small Businesses Are Not Immune To Cyberthreats

Small Businesses Cyber Threat

Small business is not immune to cyberthreats

You might think that if you run a small business, you’re mostly safe from cybercrime or ransomware attacks. After all, why would a hacker bother to target you when there are bigger fish to fry?

These days, though, no one is safe. Cyber attacks are increasing among companies of all sizes. This doesn’t mean it’s time for your staff to panic. It is, however, worth taking a moment to think about your company’s security measures and consider your insurance needs.

 

Small businesses are vulnerable these days

If you still think cyber security is only a concern for larger corporations, you need to update your thinking. The latest data shows that small businesses are just as vulnerable to data breach incidents as larger ones.

The Australian Cyber Security Centre (ACSC) recently reported on this problem, noting that because so many are unprepared for the possibility of cybercrime against their small business, an attack can be particularly devastating. This has been a more serious issue in just the last couple of years.

The ACSC reported that about 90 percent of small organisations experienced a cyber threat or data breach in 2016 of which 58 percent were successful. This is a sharp increase from prior years’ data.

 

Knowing the risks you’re up against

Once you’re aware that small companies do indeed face cyberattacks, the next element to consider is how costly the cyber risks you’re facing might be. The damage can be significant if your SME is ever attacked.

 

There can be a variety of costs that can impact a business due to a cyber attack, including:

  • IT forensic costs
  • Customer notification costs
  • Increased costs of working
  • Legal defense costs

Some customers might abandon your business if they’re worried about security, and others might demand concessions from you that cost money. All this will impact the brand reputation of the company, which is difficult to recover from after an attack.

 

Getting protection against potential losses

Cyber exposures are significant for a business, and it’s only natural to think critically about protecting your company against hackers.

A new mandatory data breach reporting scheme takes effect in Australia in Feb 2018 which will require certain companies to notify customers and the Australian Privacy Commissioner of data breaches. As a result, not just big corporations but also mid-market and smaller companies will want to buy cyber coverage to assist in managing this new regulatory requirement. Companies are becoming increasingly aware of the need to protect themselves. This is why the cyber insurance market is expected to grow dramatically.

In addition, businesses should consider how a cyber insurance policy can complement the business risk management initiatives. As part of a cyber insurance policy, insurers provide an incident response solution to assist business to recover quickly from a cyber attack.

Source: Emergence

 

Please note Cyberinsurancecomparison.com.au Insurance News is an information service sometimes provided by third parties Insure 247 Australia doesn’t warrants the accuracy of any information contained there in, readers should make their own enquiry’s before relying on information in the stories Terms of Service

Please note that any advice given has been provided without taking into account your objectives, financial situation or needs. It is also based on information we have obtained from you. You must ensure the information is accurate and complete. Otherwise, this advice may be based on the inaccurate or incomplete information. You should consider whether the advice is appropriate in light of your objectives, financial situation and needs

Cyber Insurance Comparison

Kochie’s Business Builders Explains Cyber Insurance

Kochie's Business Builders

Kochie’s Business Builders Explains Cyber Insurance

To help explain cyber insurance, Steadfast have partnered with Kochie’s Business Builders to produce this short explainer video.

30% of small businesses in Australia experiencing a cybercrime incident

Most cyber attacks are caused by human error the average cost of business was a huge $276,000 in 2015 with over 30% of small businesses in Australia experiencing a cybercrime incident

Why do I need it?

If your business has a website or electronic records, you’re vulnerable to cyber hackers. In fact, it’s likely that your business will suffer a cyber attack at some stage. A cyber attack could cost your business more than money. It could also threaten your intellectual property and put customers’ personal information at risk – which could damage your reputation.
Kochie's Business Builders
What usually isn’t covered?

Exclusions and the excess you need to pay can vary greatly depending on your insurer. Policies generally won’t include cover for:

  • Damage to computer hardware
  • Criminal actions committed by you or your business
  • A cyber attack based on facts of which you were aware
  • Criminals using the internet to steal money from you

Compare Cyber Insurance Quotes from leading Australian Insurers like AIG, Allianz, Brooklyn Underwriting, CGU, Chubb, Dual, Emergence and Zurich.

 

Compare Cyber Insurance

1300-Insure

Please note Cyberliabilitycomparison.com.au Insurance News is an information service sometimes provided by third parties Insure 247 Australia doesn’t warrants the accuracy of any information contained there in, readers should make their own enquiry’s before relying on information in the stories Terms of Service

Compare Australian Cyber Insurers

Please note that any advice given has been provided without taking into account your objectives, financial situation or needs. It is also based on information we have obtained from you. You must ensure the information is accurate and complete. Otherwise, this advice may be based on the inaccurate or incomplete information. You should consider whether the advice is appropriate in light of your objectives, financial situation and needs

How can I protect myself against the WanaCry Ransomware?

Ransomware

WanaCry Ransomware

To best avoid infection of this sort we advise that the following steps are taken to maximise your system protection.

How can I protect myself against the WanaCry Ransomware?

You can protect yourself against the ransomware in the following ways:

  • Ensure you have a valid corporate Antivirus subscription
  • Ensure your Antivirus is up to date
  • Ensure that port 445 is closed on your network
  • Ensure you are up to date with all Microsoft updates on your server and workstations
  • Back up your data with an external hard drive or to the cloud

Please contact your local IT Support if you are unsure if you are protected, or may have the ransomware on your computer.

Need Cyber Insurance?

Compare Cyber Insurance

1300-Insure

Please note Cyberliabilitycomparison.com.au Insurance News is an information service sometimes provided by third parties Insure 247 Australia doesn’t warrant the accuracy of any information contained therein, readers should make their own enquiry’s before relying on information in the stories Terms of Service

Compare Australian Cyber Insurers

Please note that any advice given has been provided without taking into account your objectives, financial situation or needs. It is also based on information we have obtained from you. You must ensure the information is accurate and complete. Otherwise, this advice may be based on inaccurate or incomplete information. You should consider whether the advice is appropriate in light of your objectives, financial situation and needs

Latest Trends in Cybersecurity

Cybersecurity

Trends in Cybersecurity

The release of the latest Cisco security report shows that the cost of data breaches amounted to more than 20% of revenue on top of a substantial loss of customers and opportunities for more than a third of the organisations breached in 2016.

Some of the report’s major findings included

  • Ransomware is dominating the malware market although it is not a new threat it has evolved to become the most profitable malware type
  • Adobe Flash vulnerabilities continue to pose a prominent threat
  • There is a false sense of security about secure connections

Recommendations from Cisco researchers include:

  • Instituting and testing an incident response plan that will enable a swift return to normal business operations following a ransomware attack
  • Not blindly trusting HTTPS connections and SSL certificates
  • Moving quickly to patch published vulnerabilities in software and systems, including routers and switches that are the components of critical Internet infrastructure
  • Educating users about the threat of malicious browser infections
  • Understanding what actionable threat intelligence really is

Full Cybersecurity Report Click Here

Need Cyber Insurance?

Compare Cyber Insurance

1300-Insure

Please note Cyberliabilitycomparison.com.au Insurance News is an information service sometimes provided by third parties Insure 247 Australia doesn’t warrants the accuracy of any information contained there in, readers should make their own enquiry’s before relying on information in the stories Terms of Service

Compare Australian Cyber Insurers

Please note that any advice given has been provided without taking into account your objectives, financial situation or needs. It is also based on information we have obtained from you. You must ensure the information is accurate and complete. Otherwise, this advice may be based on the inaccurate or incomplete information. You should consider whether the advice is appropriate in light of your objectives, financial situation and needs

Could a cyber risks cause disruptions to critical business infrastructure

Cyber Risks

Cyber Risks to critical business infrastructure

When a scheduled flight of a wide-body airliner is cancelled it can cost the airline up to $43,000. So you can imagine what kind of day executives at LOT, the Polish national airline, were having last year when 20 flights were cancelled after computers that issue its flight plans were breached.

“The aviation industry’s growing reliance on data networks, and onboard computer and navigation networks, is rendering it increasingly vulnerable to cyber risks,” says Erlend Munthe-Kaas of Bloomberg Intelligence. “Airlines rely on computers for almost every aspect of operations. As a result, cyber incidents can have devastating consequences, including business interruption and loss of reputation.”

“There’s beginning to be a shift beginning to educate businesses to see the wider, deeper cyber risks picture that in many cases has gone unacknowledged.”

Think of it as cyber creep. The risks aren’t just about protecting your customer’s data, although that remains important. They are insinuating themselves into every nook of your business, creating the possibility of mass disruption to operations and critical infrastructure. As the world becomes more connected, and businesses rely more on machine-to-machine communication and automated manufacturing, the cyber risks pile up. One day, production might grind to a halt. Critical transactions might not take place. Shipments could be steered to incorrect destinations. Planes might not take off.

Continue reading Could a cyber risks cause disruptions to critical business infrastructure

Australian cyber threat to the private sector

Cyber Threat

The Cyber Threat to Australian Business may be larger than first thought with many Australian businesses refusing to report breaches due to concerns the disclosure may adversely affect their reputation or create legal or commercial liabilities.

In the second of the Australian Cyber Security Centres cyber threat report

Extract from  ACSC Threat Report 2016:

Australian industry is persistently targeted by a broad range of malicious cyber activity, risking the profitability, competitiveness and reputation of Australian businesses. The spectrum of malicious cyber activity ranges from online vandalism and cybercrime through to the theft of commercially sensitive intellectual property and negotiation strategies.

The ongoing theft of intellectual property from Australian companies continues to
pose significant challenges to the future competitiveness of Australia’s economy. In
particular, cyber espionage impedes Australia’s competitive advantage in exclusive
and profitable areas of research and development – including intellectual property
generated within our universities, public and private research firms and government
sectors – and provides this advantage to foreign competitors.

The ACSC’s visibility of cyber security incidents affecting industry and critical infrastructure networks is heavily reliant on voluntary self-reporting.
Some companies may be hesitant to report incidents to the government due to concerns the disclosure may adversely affect their reputation or create legal or commercial liabilities. For example, in some cases victim organisations have sought legal advice before reporting an incident.

Many cyber security incidents across the private sector are undetected or unreported. Increased reporting of cyber security incidents by the private sector would subsequently increase the ACSC’s knowledge of cyber adversaries who target Australian industry and critical infrastructure, and the methods they employ. This knowledge would further enable the development of cyber security advice and mitigation strategies.

The ACSC is making a dedicated effort to engage industry on cyber threats and associated mitigation strategies through a process of sustained engagement. However, the private sector’s ability and willingness to recognise the extent of the cyber threat and to implement mitigation strategies varies considerably across and within sectors. Generally, companies that have been extensively targeted or compromised are more likely to view the business risks associated with the cyber threat as sufficient to warrant investment in cyber security.

Those without direct experience of being targeted or a victim may not be aware of the potential economic harm malicious cyber activity can cause their businesses, do not
understand the value of the data they hold, and cannot conceive why they would be targeted.

 

Australian Cyber Threat

Between July 2015 and June 2016, CERT Australia responded to 14,804 cyber security incidents affecting Australian businesses

Between July 2015 and June 2016, CERT Australia responded to 14,804 cyber security incidents affecting Australian businesses, 418 of which involved systems of national interest (SNI) and critical infrastructure (CI).

CERT Australia relies heavily on the voluntary self-reporting of cyber security incidents from a wide variety of sources throughout Australia and internationally and therefore does not have a complete view of incidents impacting Australian industry.

Sources: www.acsc.gov.au

Need Cyber Insurance?

Compare Cyber Insurance

1300-Insure

Please note Cyberliabilitycomparison.com.au Insurance News is an information service sometimes provided by third parties Insure 247 Australia doesn’t warrants the accuracy of any information contained there in, readers should make their own enquiry’s before relying on information in the stories Terms of Service

Compare Australian Cyber Insurers

Please note that any advice given has been provided without taking into account your objectives, financial situation or needs. It is also based on information we have obtained from you. You must ensure the information is accurate and complete. Otherwise, this advice may be based on inaccurate or incomplete information. You should consider whether the advice is appropriate in light of your objectives, financial situation and needs

 

If Hackers Steal Data Who Pays

It’s Just Hackers

In 2014 Hackers stole data from Yahoo that resulted in the details of 500 million users personal details including names and emails, as well as “unencrypted security questions and answers” be taken.

The breach damaged the trust in the brand, required Yahoo to publicly disclose the cyber-breach and advise all its users to change their passwords.

However, not all users changed their password and some are still reporting loss of data

The Cost of a Cyber Breach*

The costs of a data leak or data loss are rapidly accruing, with the total average cost per data breach within Australia now sitting at $AUD2.82 million, according to a 2015 study from IBM and Ponemon Institute. Moreover, the average cost per lost or stolen record has reached $AUD144, while the average number of breached records per incident is just under 20,000.

 

But I don’t have that many clients

The high-profile breaches recently included MySpace (359 million), LinkedIn (164 million) and Adobe (152 million), however, the hacking of a Gold Coast doctor in 2012 cost $4000 dollars.

Report a cyber incident

The Australian Signals Directorate (ASD) provides government with a greater understanding of cyber threats, and the coordination of whole-of-government operational responses to cyber incidents. The Cyber Security Incident Reporting (CSIR) scheme assists ASD with this role.

The Australian Government Information Security Manual (ISM) states agencies must report cyber security incidents to ASD. Cyber security incident reports are the basis for identifying and responding to cyber security incidents across government.

Reporting cyber security incidents helps ASD to develop a threat environment picture for government systems, and assist other agencies who may also be at risk. Cyber security incident reports are also used for developing new policies, procedures, techniques and training measures to help prevent future incidents.

The types of cyber security incidents agencies should report to ASD include:

  • suspicious or seemingly targeted emails with attachments or links
  • any compromise or corruption of information
  • unauthorised access or intrusion into an ICT system
  • data spills
  • theft or loss of electronic devices that have processed or stored Australian government information
  • intentional or accidental introduction of viruses to a network
  • denial of service attacks
  • suspicious or unauthorised network activity.

To report a cyber incident:

Sources: http://www.asd.gov.au/infosec/reportincident.htm *http://www.cso.com.au/

Need Cyber Insurance?

Compare Cyber Insurance

1300-Insure

Please note Cyberliabilitycomparison.com.au Insurance News is an information service sometimes provided by third parties Insure 247 Australia doesn’t warrants the accuracy of any information contained there in, readers should make their own enquiry’s before relying on information in the stories Terms of Service

Compare Australian Cyber Insurers

Please note that any advice given has been provided without taking into account your objectives, financial situation or needs. It is also based on information we have obtained from you. You must ensure the information is accurate and complete. Otherwise, this advice may be based on inaccurate or incomplete information. You should consider whether the advice is appropriate in light of your objectives, financial situation and needs