ASIC’s latest report notifies its regulated population of the importance of being prepared for cyber-attacks, being the use of electronic technology to commit (or attempt to commit):
- an attack on the integrity of a firm’s computer system/server; or
- traditional crimes including fraud, identity theft and forgery.The report stresses the importance for businesses not to only have a ‘prevention plan’ in place but take the plan a step further and implement a full cyber resilience plan including measures to:
- While cyber-attacks are common in the US (with President Obama declaring at the State of the Union address in January 2015 that cyber security is a government priority), it is a relatively new area of risk for Australian businesses. Given the rate of increase of such attacks over the last two years, it is likely that cyber-attacks will become more prevalent in Australia over time.
- prevent the cyber-attack;
- prepare for the cyber-attack;
- responding to the cyber-attack; and
- recovering from the flow on effects of such attack.
As such, ASIC has released a series of ‘Health Checks’ that can be found within Report 429 and further recommends that its regulated population consider obtaining tailored cyber insurance liability cover.
Often these attacks involve the hacker requesting a ransom being paid in exchange for the release of the information, which will hurt the working capital of a business. Given the rapid change in technology such attacks are likely to become more dynamic and varied over time.
By obtaining tailored cyber insurance liability cover, businesses will be in a better position to recover from the consequential losses that may flow from cyber-attacks as outlined at stage (4) above including the costs associated with:
- third party claims for data/privacy breach, infringement/breach of intellectual property;
- costs associated with ransoms/extortion threats; and
- loss of trade due to dealing with such threats.
For a full copy of ASIC Report 429, click here.