Major privacy changes set to leave businesses flat-footed

Sweeping changes to Australian privacy laws are set to impact businesses across the country but almost two-thirds are unaware of the forthcoming overhaul, says a new report.

On 12 March 2014, major amendments to the Privacy Act will greatly increase the exposure of many companies to major fines for data breaches.

The Cyber Insurance Research Paper released last week, a collaboration between AIG and the Centre of Internet Safety (CIS), also highlighted the fact 65% of SMEs do not encrypt or safeguard sensitive or confidential information.

CIS Co-Director Nigel Phair says: “Organisations are facing more and more technology threats, whether from external cyber criminals or disgruntled internal staff or contractors. Managing the risk associated with digital information assets is a difficult task,” he says.

“Businesses know to lock up their doors and protect their physical assets, but the widespread lack of digital protection is leaving them vulnerable to theft and exploitation from cyber criminals.”

Phair says changes to privacy laws mean organisations need to reappraise their data protection measures.

“A common misconception amongst businesses that don’t consider themselves to be online organisations is that they are immune to cyber attacks,” he says.

“However these businesses are likely to have files and records stored on computers connected to the internet, and are therefore responsible for the protection of that information.”

AIG’s Australasian professional indemnity manager Matthew Clarke says standard business insurance policies only cover tangible assets with electronic data while cyber insurance coverage will also protect recovery of lost data, business interruption costs and even legal fees, among other losses.

Cyber insurance offers coverage for liability that arises from unauthorised use of, or unauthorised access to, electronic data or software within an organisation’s computer network or business,” Clarke says.

“It can also provide coverage for liability claims arising from network outages, the spreading of a virus or malicious code, computer theft or extortion.”