As the incidence of cyber attacks increases, so to does the regulation of data breaches in Australia.
The Notifiable Data Breaches (NDB) scheme (effective 22 February 2018) requires businesses to report unauthorised access to, disclosure of, or loss of information likely to result in harm. The legislation also requires a regulated business to investigate a suspected data breach within 30 days. Non-compliance could result in hefty fines.
Are your employees trained to recognise malware breaches?
A modelling agency with $7.5 million in revenue suffered a major cyber-crime loss after malware infected two of its computers. Disguised as a genuine update for the business’s bank card reader, the malware requested the employees enter the banking pin code to enable the update to take place.
About two days after the employees entered the pin codes, it was discovered they were used to authorise payments to fraudsters from the business's bank account. In total, $1.3 million was withdrawn from the business's accounts.
While the bank recovered approximately $500,000 of the stolen funds, the business was left $815,000 out of pocket.
Are your retail terminals adequately protected?
A retailer suffered a payment card data breach after hackers placed malware on the payment systems at 15 of its stores.
The attack was uncovered after card brands notified the retailer of a potential breach. Over 30,000 payment cards were compromised, costing the retailer $345,000.
Following the breach, the retailer instigated a Payment Card Industry forensic investigation. Given the number of locations impavcted, the investigation reached $95,000.
The retailer was also liable for $31,900 in legal fees.
Does your policy provide cover for a broad range of electronic crimes?
A small, independent hotel operation was the victim of a cyber-attack as a result of an employee clicking a link in an e-mail.
The hotel's email and accounts systems froze and they received a message demanding the payment of a ransom.
It took the hotel's IT team more than two weeks to clear their network of the virus, with damages costing upwards of $15,000.
Are your electronic systems protected from hackers?
Soon after an interior design firm installed a new VOIP (web hosted) telephone system, hackers cracked the password to the phone network and programmed the system to repeatedly make calls to a premium rate number owned by them.
One month later, the firm received a $25,000 bill from their network provider.
Despite confirming that were the victims of hacking, the network provider insisted on payment of the outstanding bill as their insurance policy did not cover this type of incident.