Factsheet

 DATA BREACH & CYBER CRIME innovative insurance solutions for your dental practice DATA BREACH & CYBER CRIME INSURANCE Cyber-­‐attacks on healthcare organisations are up 600% in 2014. In today’s modern business world virtually all data and personal or corporate information is managed and stored electronically. Whether it be profiles of employees, credit card information, sensitive demographic information about patients, internal information on budgets, or personal health information; businesses of any size face very real liability issues if this data is stolen, manipulated or was to fall into the wrong hands and enter the public domain. More and more stories are emerging about lost or stolen personal information and records. Many of these problems have occuredd from compromised credit card records, stolen computer equipment containing sensitive company or customer / patient information or employees who have downloaded copies of confidential records prior to leaving the company. Some organisations also face ransom and extortion demands after having their systems locked down via service denial attacks. The potential risk of a data breach for any practice, large or small is ever increasing. Smaller organisations are perceived to be an easier target for cybercrimes and hacking, as their IT security measures are likely to be less robust. While the recovery of data and replacement of equipment is a costly exercise in itself, such an event can lead to the organisation facing regulatory investigation, civil fines and penalties as well as litigation. A health records sells for $20 on the black market – a credit card record only fetches $1. A health record contains a significant amount of personal information, making this type of data very attractive to cyber criminals who can potentially sell this information for illegal purposes, for example: identity or financial theft for the purpose of accessing government benefits and drugs. The ‘acquisition’ cost to the criminal is minimal, but the potential ‘income’ from a single healthcare practices’ database (to the criminal) could be millions -­‐ with very little chance of ever being caught or prosecuted. 60% of SME’s have closed within 1 year of a data breach, due to financial and reputational loss. The recent updates to the Australian Privacy Principles (APPs) make it clear that data and personal information that is collected and held by any business must be protected. The legislation has seen the introduction of huge financial penalties and increased legislative powers to investigate any potential breach and enforce expensive monitoring costs and impose fines. The Office of the Australian Information Commissioner has made it clear in a recent press release that businesses are ‘not off the hook’ if the business suffers a cyber-­‐attack or ‘hack’ which leads to a breach of the Australian Privacy Principles. (APPs) Article -­‐ Cyber-­‐attacks do not mean businesses are ‘off the hook’ Traditional liability insurance policies such as Management Liability or Professional Indemnity policies fall short of indemnifying many of the technological cybercrime risks being faced by businesses today. As such, a standalone cybercrime policy is the best way to combat this risk and potential liability. This is not a DIY insurance risk. Not all policies are alike. Practices should source a policy and indemnity level that addresses and reflects the full range of issues that relate to cybercrime rather than opting for ‘the something is better than nothing’ approach. It is also essential that the policy covers both third party and first party losses. Ensure you engage a qualified specialist Insurance Broker, who is familiar with your business environment and Cyber Crime Insurance. A data breach could have catastrophic and far reaching impacts for both the effected business and victims. A quality Data Breach and Cyber Crime policy will tackle many of the risks listed below and offer maximum protection by addressing each liability or circumstance. DATA BREACH & CYBER CRIME INSURANCE o
o
o
o
o Media Content that results in an infringement; Personal Data Liability – A breach concerning personal information. plagiarism, piracy or misappropriation or theft of ideas; libel or slander committed without malice; or an intrusion, invasion Corporate Data Liability – A breach of corporate information. Outsourcing -­‐ Breach of data protection by an outsourced provider where the policy holder is legally liable. o Cyber Extortion -­‐ extortion loss incurred as a result of a security threat o Network Interruption Insurance -­‐ Loss of Net Data Security – Damage resulting from any breach of duty that ends in: income (net profit or loss before income taxes) that would have been earned; if not for a security failure / breach. o malicious contamination o denial of access attacks o theft of an access code to computer system o destruction/corruption, modification, damage or deletion of data o physical theft of hardware o Data disclosure due to a breach of data security o Defence Costs in respect of any litigation brought by a data protection authority o Data Administrative Investigations – costs and expenses for legal advice and representation in connection with a formal investigation by data protection or other authority o Fines – Insurable fines and penalties imposed by a government authority, data protection or regulatory authority for a breach of data protection laws or regulations o Notification and Monitoring Costs – costs and expenses of the insured if legally required and/or voluntary disclosure to data subjects is required o Reputational Repair of the Company and Individual -­‐ Reimbursement of costs incurred in relation to reputational damage due to a claim covered by this policy If you would like further information on the Dentist Plus Cyber and Computer Crime Policy, please call: 1800 177 163. You can also email us at: [email protected] IMPORTANT INFROMATION: This document is only designed to explain the basics of coverage & does not contain all the terms & conditions of the policy. For full details on coverage, excesses & exclusions, please read the Product Disclosure Statement. For a copy of the Product Disclosure Statement please visit our website www.dentistplus.com.au innovative insurance solutions for your dental practice Insurance Marketing Group of Australia Pty Ltd – Dentist Plus 11a 44 Station Rd Yeerongpilly Q 4105 Po Box 6013 Fairfield Q 4103 Ph: 1800 177 163 Fax: 07) 3426 0444 [email protected] www.dentistplus.com.au AFSL: 234421