• Human Error Remains a Key Cause of Data Breaches

    Posted on 27 November, 2018

    If criminals in balaclavas and clichéd Hollywood computer hackers are among your greatest concerns for the cyber safety of your business, then you may want to start looking elsewhere for the cause of a large proportion of Australia’s data breaches.

    According to Smart company, who reported on the latest Notifiable Data Breach reports, covering all breaches from April 1 to June 30th 2018, 36 % of all reported data breaches were put down to human error.

    Smart Company’s Dominic Powell went on to state; “Australia’s mandatory Notifiable Data Breach legislation was introduced last year and enacted earlier in 2018. Companies with more than $3 million in annual revenue are now required to report any and all data breaches to the Privacy Commissioner and their customers, or face penalties of up to $1.7 million.”

    While malicious or criminal attacks are still the largest source of notifiable data breaches (NDBs), accounting for 57%, human error is second with cyber incidents exploiting human vulnerabilities, for example, encouraging people to click on phishing emails or disclose passwords.

    Gerry Power, Head of Sales at Emergence, stated that: “The continued propensity for human error to cause NDBs is a disturbing insight because it shows businesses are not educating staff enough on how to identify phishing emails or handle personal information appropriately.”

    Gerry went on to state that the healthcare industry continued to be the worst-performing sector, recording 18% of data breaches and human error was responsible for more than half those. “That gives an insight into why some cyber insurers will not write the healthcare industry for data breaches,”.

    The finance sector was the second-worst performing industry for the second consecutive quarter, with 14% of breaches.

     

    —  A cyber policy is part of every successful business’s risk management framework. Cyber insurance is not the first line of defence; it is designed to protect a business when its IT security, policies, and procedures fail to stop an attack.  —


    How to protect yourself against cyber-crime-

    Protection methods include:

    • Strong passwords, long enough to prevent brute force attacks
    • Two-factor authentication
    • Not sharing passwords across multiple devices
    • Regular testing and auditing of company policies and procedures.

     

    Underreporting of Cyber-Crimes-

    Organisations which don’t report that they’ve been the victim of cybercrime are putting others at risk of further attacks and are hampering the authorities’ ability to fight against hackers, the OAIC has warned.

     

    From early 2018, all small businesses in Australia will be required to report all instances of personal data breaches to affected stakeholders and government authorities.

     

    In a statement by the information commissioner, Timothy Pilgrim, it was said that the Notifiable Data Breaches (NDB) scheme ‘enshrines an expectation from individuals to be informed if they’re at serious risk of harm’. It won’t always know what to do for as longa s you are there it won’t always be there for as long as you are there for as long as

    Emergence’s Gerry Power said OAIC’s latest report found the human error was responsible for 37% of NDBs. “As humans, we keep finding new ways to make mistakes,” he said. “But, with sound risk management in place, many breaches can be prevented. Employees are the last line of defence, they must be educated to identify such things as dodgy emails and suspicious invoices.”

     

    Donnellys can protect you from…

    Cyber Insurance Cover can PROTECT YOU in the following ways:

    • Losses to your business
    • Loss to others
    • Cyber event response costs
    • Contingent business interruption
    • Point of Sale intrusions
    • Web app attacks
    • Insider and privilege misuse
    • Physical theft and loss
    • Payment card skimmers
    • Crimeware
    • Denial of service
    • Cyber espionage
    • Miscellaneous errors – Human error
    • Cyber extortion

     

    When you are hit with a cyber attack you need immediate expert support to help you assess, manage and respond to the threats to your business, customers and other parties. Cyber cover can give you this support and protection.

    Gaps in traditional policies:

    Traditional insurance Potential shortfall
    General liability covers Unlikely that policies will provide cover for data breaches
    Property Covers Typically require physical loss or damage and may specifically exclude electronic data
    Directors and officers/management liability Would usually only respond to actions brought against D&O’s for a wrongful act
    Professional indemnity/Errors & Omissions Cover is not usually afforded for information/data breaches (unless part of professional services
    Cyber Extensions Most cyber extensions are only as effective as the underlying policy cover.

     

    To find out more about the market-leading and competitively priced Cyber event cover for SME businesses call one of Donnellys Business insurance broking consultants on (08) 8236 7789

     

  • Leave a Reply

    Recent Post