Did you know that the recent Privacy Act Amendments (under the Notifiable Data Breach Scheme) mean that Federal agencies, companies and not-for-profits with an annual turnover of $3 million or more must notify the Office of the Australian Information Commissioner about cyber breaches, and alert affected individuals?
In this digital age, all businesses are vulnerable to a cyber-attack. This could be via a website, server, emails or third-party providers.
Even if your system is “secure” do you use contractors that can log into your system? Are their computers “secure”?
What are your procedures on opening emails with attachments? What measures do you have in place for transferring money to third parties and internally? Do you have a robust risk management system in place for all your IT systems – telephones, laptops, multi-function printers, working from home, servers (“the cloud”) etc? Do you test your systems to ensure backups are available and haven’t been corrupted?
What would you do if you couldn’t access your computer system – could you still operate? Would your customers be able to communicate with you? Could you continue to make sales or deliver services? What damage would be caused to your reputation?
The Notifiable Data Breaches Scheme
Who needs to comply with NDB?
- Australian Government Agencies
- All businesses and not-for-profit organisations with an annual turnover of $3M or more
- Some small business operators including:
o All private sector health service providers;
o Those that trade in personal information;
o Tax File Number (TFN) recipients;
o Those that hold personal information in relation to certain activities, such as providing services to the Commonwealth under a contract.
Some statistics…
Australia’s NDB scheme has already forced the disclosure of around 950 data breaches in its first year of operation. In fact, quarterly reporting by the Office of the Australian Information Commissioner (OAIC) reported 812 breaches to the end of 2018 – an average rate of around 2.66 breaches per day!
These numbers are rather alarming given that as the NDB is a new scheme, and thus many smaller organisations are likely to be yet unaware of reporting responsibilities. Experts warn that many companies still lack the internal capabilities to comply with breach-reporting requirements or even evaluating the extent of any incident.
A survey released by McAfee found 45% of Small to Medium organisations had been the target of an electronic attack in the prior year and 46% had suffered a data or security breach perpetrated by disgruntled and current employees.
The risk of fire to Australian organisations is 1 in 200, while hacking is 1 in 5 – would you operate without insurance for your property or stock?
Indeed, nowadays you can insure against almost anything, including:
- Technology Professional Services;
- Multimedia Liability;
- Security and Privacy Liability;
- Customer Support and Reputational Expenses;
- Data Recovery and Business Interruption;
- Privacy, Regulatory, Defence and Penalties; and
- Cyber Extortion.
What Now?
There are clearly no guarantees that your systems can be made impenetrable. However, being able to demonstrate a responsible IT security posture and how you go about protecting the safety of the data you hold, certainly goes a long way. It may even help keep your insurance premiums at bay!
Our role is to help you with solution to ensure that even if your systems happen to become compromised, your organisation can keep functioning with as little disruption as possible, while minimising the potential for data loss. Let us show you how.
