Cyber Insurance: Treat Personal Information like the Crown Jewels and respect them as priceless assets.
A recent article referring to assets of the British Monarchy as King Charles III takes up his new rein, suggested that the Crown Jewels were priceless; but if a value were to be placed on them it would be upwards of $5 Billion. In ways that’s irrelevant as the Crown Jewels will never be sold nor be subject to an insurance valuation for cover. But this does make you wonder why some items are insurable whilst others are not; or at times why some premiums are low and some seem to rocket sky high.
Certainly, recent weather events in Australia have seen property and vehicle premiums increase significantly in high-risk areas, but why then are Cyber Insurance premiums for businesses near doubling year over year? The answer lies in a few criteria worth exploring further.
What is Cyber Risk and Ransomware?
In essence, all businesses today store data on their customers, their sales orders, their products and services, their research and developments, their suppliers, their trade secrets, their staff and contractor details and the list go on. Some of this data is valuable only to the business, but some of this data is priceless if it gets into the wrong hands. Either way, the risk associated with the loss of such data through the work of criminals is Cyber Risk. And when criminals use malicious software to extract data or block access to an organisation’s computer systems until a sum of money is paid, this is known as Ransomware.
Is all Data Valuable?
One might suggest that the value of data sits in the eye of the beholder. However, for a manufacturer for example, design plans in how they differentiate product development over their competition might just be some of their most valuable data but for a Utility Provider or a Bank or a Stockbroker or a Health Provider, data that specifically identifies an individual including personal information such as bank accounts, date of birth, health records, supply address, tax file numbers and more would certainly be seen as the crown jewels of their businesses. And it is such crown jewels that focuses the attention of criminals and ransomware.
What is Personal Information?
In short, personal information is any information that can be used to identify an individual and includes details like your name, address, date of birth, passport number, bank accounts, tax file number.
So Why is Personal Information so valuable like the Crown Jewels?
Hackers have targeted personal information and financial data for a long time as this data is easy to sell. Health care data has become a big attraction for data thieves in recent years.
Why are Cyber Insurance Premiums Soaring?
We asked this question to Tony Venning, Director, General Insurance at Bentleys Insure.
Tony says “In response to the exponential rise in damaging attacks by hackers, the costs of taking out cyber cover has doubled over the past few years. However, businesses who take corrective precautions including the deployment of strong security systems, well-defined policies and undertake the correct measures on how they manage, store, and process their data, such measures will help to bring premiums down”.
Tony says “It comes down to protecting the crown jewels of the business” …and this is not just common sense nor for the purposes of reducing insurance premiums but it is legislated law in Australia under the Privacy Act 1988 where all businesses with an annual turnover of A$3M must protect Personal Information from data breaches (including ransomware attacks) or misuse of such data other than for the purposes for which the data was captured with the client’s consent. The fines for non-reporting of data breaches or for non-remediation after a cyber event are large and there are efforts by the Australian Regulators to see these fines increased to new levels as seen with recent GDPR-related breaches in Europe and CCPA-related breaches in California.
It is estimated that 38 per cent of cyber insurance incident claims in Australia involve ransomware payments in return for Personal Information and this in turn has escalated premiums. The Australian Cyber Security Centre (ACSC) handled over 67,000 cybercrime reported incidents last year representing a 13 per cent increase from the previous year, although the true number of attacks is understood to be much higher.
How do I Protect Data; especially Personal Information?
Sadly, there isn’t a one solution fix to protecting all your data but certainly a good starting point is to know what data you hold and where it is kept. For many organisations that’s an almost impossible task as their computer systems and applications are vast, varying from in-house systems to cloud systems to data stored locally or on servers located all around the world.
However, there are solutions that scan and map the location of personal information across your data landscape, indicating presence of personally identifiable data elements contained within structured data systems (like business accounting packages, customer sales systems) and within unstructured data systems (like contracts and emails and video files).
Knowing the volume and where this data resides, allows the appropriate additional security measures to be put in place. This is a very strong starting point to securing the crown jewels and ultimately to assist in measures to reduce cyber insurance premiums.
For further information on Cyber Insurance Premiums for your business, contact Tony Venning, Director, General Insurance, Bentleys Insure (Qld) at email@example.com
For further information on how to map your data systems and secure Personal Information for Privacy Right Compliance (including assessments of compliance and automation of Privacy Requests) please contact DataBench at firstname.lastname@example.org or visit www.databench.com.au and click on ‘Get In Touch’.