• New Mandatory Data Breach Notification Rules in Australia

    Posted on 04 December, 2017

    In February 2018, a new mandatory data breach notifications scheme will come into effect in Australia, with a number of companies being required to notify customers, as well as the Australian Privacy Commissioner of any data breaches.

    new data breach notification laws

    This new policy makes holding the appropriate cyber attack insurance more important than ever, especially considering new research has shown that small businesses are just as exposed as larger corporations to cyber attacks.

    For instance, in 2016 alone, the Australian Cyber Security Centre (ACSC) reported that approximately 90 per cent of small Australian organisations experienced a cyber threat or data breach, with 58 per cent of these attacks proving successful. These results have increased significantly when compared to data from previous years.

    The Cost of Cyber Security Breaches in Australia

    Regardless of how secure your network is, small businesses do have the risk of falling victim to a ransomware attack or a data breach. This can impact your business in a variety of ways and can come with a number of associated costs, including:

    • IT forensic costs
    • Customer notification costs
    • Increased costs of working
    • Legal defence costs
    • The costs associated with a loss of customers, due to lack of trust

    Data breaches can also have a negative effect on your business’s image and reputation, which can influence your future earning potential.

    Large-Scale Data Breaches in Australia

    In the last year, Australia, and the world has been hit with a series of major ransomware attacks, which have affected both big and small businesses alike.

    The latest cyber attack to hit Australian shores has seen 50,000 Australian personal records, including full names, passwords, IDs, contact details, credit card details, and even confidential salary information become vulnerable.

    In what appears to be one of the country’s largest data breaches, second only to the leak of information on 550,000 blood donors last year, a whopping 48, 270 Australian employees from several government agencies, banks and utility organisations have had their personal information left accessible as a result of a misconfigured Amazon S3 bucket.

    Thanks to this third party misconfiguration, the likes of AMP, UGL and even the Department of Finance have been affected. The identity of the responsible third party is unknown, but the breach was reported to the ACSC, allowing all of those involved to start working on a fix.

    “Once the Australian Cyber Security Centre (ACSC) became aware of the situation, they immediately contacted the external contractor and worked with them to secure the information and remove the vulnerability,” a spokesperson for the ACSC’s parent agency said.

    “Now that the information has been secured, the ACSC and affected government agencies have been working with the external contractor to put in place effective response and support arrangements.”

    This is just one example of the vulnerabilities and risks that are faced by countless Australian businesses. It is hoped that the new mandatory data breach notification laws will help the relevant Australian authorities crack down on cyber threats to businesses, while also minimising the effect of such breaches.

    However, holding an appropriate cyber attack insurance policy is an absolute must for any business, as the costs of a successful cyber attack can be crippling. To learn more about how you can protect your businesses finances through the appropriate insurance schemes, contact Donnellys today!

  • Leave a Reply

    Recent Post