In the internet age, more companies are holding personal data for customers, including payment details and private information. As time goes on, there has been a higher responsibility placed on businesses to safeguard that data and protect their customers’ information.
Data breaches have always been a serious issue, but now they have the potential to bankrupt a company. New laws implemented in Australia under the Notifiable Data Breaches (NDM) scheme carry a penalty of up to $1.8 million for failure to comply with regulations and require companies to notify all affected parties if their information has been breached.
The best way for a company to prepare itself for these new regulations is with a detailed data breach response plan and adequate insurance. Prioritising security ahead of time will prepare your company and protect it from the many damaging consequences of a data breach.
What Defines a Data Breach?
A data breach occurs when confidential information is accessed by or leaked to a third party who is not authorised. According to the Office of the Australian Information Commissioner, this officially requires that three criteria be met:
- There is unauthorised access to, or unauthorised disclosure of personal information, or a loss of personal information, that an entity holds
- This is likely to result in serious harm to one or more individuals, and
- The entity has not been able to prevent the likely risk of serious harm with remedial action.
What Causes a Data Breach?
Data breaches can result from an intentional attack on a company’s information system, in which data is stolen, or from a range of accidental oversights. Some examples include:
- Hackers gaining illegal access to personal data
- Employees accessing information outside of their authority
- Recovery of data from property that was incorrectly disposed
- Disclosure of private information to unauthorised people
- Taken from lost or stolen hardware such as laptops or mobile phones
Data Breach Response Plan
Having a data breach response plan is a legal requirement for all businesses in Australia which are covered under the Privacy Act 1988. This includes all businesses with a turnover of more than $3 million, as well as small to medium size businesses operating with sensitive information, such as within the credit reporting, health and medical research industries.
An effective data breach response plan can benefit a company in many ways, including by:
- Positioning it to respond quickly to incidents or cyber attacks
- Helping to minimise harm to the affected persons
- Helping to reduce associated costs of a breach
- Helping reduce damage to the company’s reputation
- Meeting the obligations of the privacy act
Many smaller companies fail to prioritise data security until it’s too late, incorrectly assuming that data breaches only affect larger companies. However as smaller businesses generally have weakened security, they can easily become targets for hackers. When it comes to even a single breach of confidential payment information, the spill-on effects can be disastrous.
Cyber Liability Insurance
The cornerstone of a successful response plan is having adequate insurance to protect your company. IBM’s cost of data breach study found that data breaches cost companies an average of $139 per compromised record, but does not factor in additional costs. These can include penalties and fines from the Government, potential lawsuits from individuals or businesses and the enormous cost to your company’s reputation.
Correctly insuring your liability for a data breach can require several smaller covers, but it’s an important process to get right. A corporate insurance specialist will be able to advise you on the policies best suited to your company. These can include protection for interruption of business, extortion, electronic data replacement and other expenses.
Preparing for a data breach isn’t easy, but with the right plan in place, your company can be protected should the worst occur.