Prepare in advance for cyber attacks, was the strong message from an Emergence Insurance cyber threats webinar presented to more than 850 brokers and their clients.
Fowlstone Communications owner Geoff Fowlstone, who is part of Emergence’s cyber incident response team, said: “Every consumer is empowered with enough weaponry to unleash oblivion on your brand. All it takes is a mobile phone. Social media proliferates quickly, so there’s no time to plan once a breach occurs.”
He said all organisations needed to plan in advance, test their plans, and respond quickly. “It can take time to be aware of a breach, so you’re already behind the eight ball with impacted stakeholders.”
Fowlstone said one Emergence client whose website was hacked had gone from 50 social media mentions across two months to 1,000 in one day when it notified its clients of the potential for their personal information to have been breached.
Emergence Head of Sales Gerry Power said the “explosion of data breaches” reported in the Office of the Australian Information Commissioner’s first full quarter report under the notifiable data breaches (NDB) scheme was likely the tip of the iceberg. “The report includes only those breaches that companies have chosen to report. It’s likely rampant breaches are still being hidden in the business community,” despite notification now being mandatory, he said.
However, as awareness of the NDB scheme grew, more notifications were likely because directors would become aware of their own liability for failure to implement risk management to protect stakeholders’ personal information.
Vigilance was essential. “Humans have the skill to keep finding new ways to make mistakes. But you can control that with proper policies and procedures in place,” Power said.
Power reinforced Fowlstone’s message. “We ask about preparation when underwriting risks. The better prepared you are, the better the outcomes. Plan for an attack and consider who needs to be part of your incident response team.”