Businesses need to work harder at cyber-crime prevention.

With the cost of cybercrime in Australia now estimated at $4.5 billion annually, at an average cost per data breach of $2.16 million, it’s well overdue for business and other organisations to address their exposure to cyber risk, according to Jennifer Richards, Managing Director at Aon Financial Specialties. However, many seem slow to understand the mounting imperative to take action.

This is despite the area being of increasing focus for commercial and risk management attention due to factors such as the rise of cloud computing and the growth of social media in an environment where, due to recent changes to the Privacy Act, organisations have an increased obligation to protect the personal information they hold.

The Privacy Act has been back on the government agenda with the Privacy Amendment (Privacy Alerts) Bill having its first reading recently. If passed, the bill will require businesses to notify customers of serious data breaches. Combined with recent amendments that include greater accountability for organisations and significant penalties for privacy breaches, cyber security is having an increasing impact on businesses.

“Network Security and Privacy (NSP) risks are both an emerging and constantly evolving issue and organisations need to ensure they have adequate measures in place to address them,” said Ms Richards.

“Those measures range from systems and processes on the IT front in relation to harvesting, storing and disseminating information, through to controls around personnel access and all points between.”

Significantly, those controls should also extend to appropriate insurance cover – a measure that many organisations mistakenly believe they have under control through more general policies. However, such policies are often inadequate to cover the likely cost of even a more “standard” NSP breach, let alone cyber-attack or hacktivism.

“Specialist cyber insurance policies can cover expenses such as immediate crisis management, forensic analysis, the reparation of computer systems and any loss of income resulting from the incident.

“Third party costs such as customer compensation and any legal expenses can also be covered by cyber insurance and potentially save companies millions should they be subject to a breach or attack,” Ms Richards says.

A run of recent cyber breaches and attacks appears to have focused much public and media attention on the issue. However, according to Ms Richards, this has not necessarily translated to organisations taking appropriate steps to ensure they are not the next in the headlines.

“The Target privacy breach in late 2013 resulted in 40 million payment card records being stolen along with 70 million other customer records. Target is now facing dozens of lawsuits over this breach which obviously translates to enormous cost as well as significant damage to its reputation.”

Ms Richards went on to point out that the risks extend beyond commercial and reputational facets, with the potential to affect integral infrastructure such as the market economy and our healthcare system.

“At last week’s ASIC (Australian Securities and Investment Commission’s) annual forum, chairman Greg Medcraft described cybercrime as the next “black swan event” and implored businesses to put risk management systems in place to ensure adequate levels of resilience should a network breach take place,” she said.

“It’s against this backdrop that any organisation concerned with collecting, storing or using personal data should be examining their risk and ensuring that it’s systematically addressed –which means reconsidering both the appropriateness of your existing Risk Management infrastructure and insurance program ,” said Ms Richards.

Aon has identified some gaps in cover under current conventional insurances that could be leaving Australian businesses vulnerable to being liable in the event of an NSP incident:

“As NSP risk advances as an issue and the regulatory landscape continues to adjust, Australian businesses need to check their current insurance cover and ensure they are not vulnerable to significant damages should they fall victim to cybercrime,” Ms Richards concluded.

The post Cyber risk costing billions per year – but Australian organisations remain underprepared appeared first on AdviserVoice.