Cyber Insurance

In October 2016, the Australian Red Cross Blood Service (Blood Service) found themselves facing a “massive” cyber security incident involving the accidental publishing of Personally Identifiable Information (PII) on a public website. Following this crisis, the Blood Service has emerged as a shining example of how a cyber security incident should be managed, utilising the services of many professionals to help them resolve the incident quickly. Their response led to this high praise from Timothy Pilgrim, Australian Privacy Commissioner:

... the Commissioner commends the Blood Service for its response following the incident. The Blood Service responded quickly and effectively when it was notified of the data breach, and worked swiftly to implement steps to mitigate against future data breaches of this nature. The Commissioner acknowledges the substantial work done by the Blood Service to communicate with the community in a transparent manner, assist individuals concerned about the incident, and to further protect donor information since this incident. The Commissioner believes the community can have confidence in the Blood Service’s commitment to the security of their personal information.
— Donateblood.com.au Data Breach Investigation Report

This ability to respond quickly comes with preparation, planning and support from others. Cyber Insurance provides one way of accessing critical support when recovering from a cyber security incident. Having Cyber Insurance won’t reduce your chances of an attack, but it can be a vital part of your recovery plan. Combining insurance with appropriate prevention, detection and response activities can give your business a solid layer of protection from the fallout of cyber security incidents.

In this pathway, we’ll explain what cyber insurance is and what to look out for when considering or buying a policy. The information contained in this pathway is of a general nature and is designed to arm you with questions to ask yourself and your insurance broker prior to purchasing any cyber insurance policy. It will also provide helpful explanations and hints on things to look out for and enhance your understanding of what you are buying. It is not designed to direct or advise you to purchase any specific policy. For that, we recommend you consult your insurance broker for personalised advice relevant to your specific business before purchasing cover.

Adam Selwood