As the danger of cyber incidents has increased and the government moves to strengthen data breach penalties, there is validity in examining current cyber insurance limitations, according to Mr. Nathan Mauriello, senior client executive – Professional and Executive Risks at the brokerage firm Honan.
Mr. Mauriello notes that Attorney-General Mark Dreyfus has submitted a Bill to alter Australian privacy laws in response to a string of well reported data breaches affecting consumers in a blog post on Honan's website. The idea intends to make sure businesses keep stringent data security procedures by including greater fines for major or frequent data breaches.
The highest penalty for significant or persistent privacy violations under the existing Privacy Act (1988) is just A$2.2 million ($1.5 million) for businesses with more than A3 million in annual revenue. Penalties would rise under the proposed Bill to the greater of the following:
$50 million, three times the amount of any gain attributable to the improper use of information, or 30% of a company's domestic sales during the applicable period.
The proposed Bill would provide the Australian Information Commissioner (AIC) more authority to address privacy violations in addition to stiffer fines.
According to an analysis of the cyber insurance limits bought by Honan's clients, the typical cyber limit for businesses with less than $10 million in annual revenue is about A$2.5 million. The typical cap is closer to A$4m for businesses with annual revenues over A$100m.
According to Mr. Maureillo, for businesses with current cyber insurance, the majority of plans will cover regulatory fines and penalties as well as third-party claims resulting from a cyber-attack. The proposed maximum penalties for major or persistent breaches is one thing we know, he continued. "While there are many factors to take into account when determining the greatest anticipated loss a corporation could experience due to a data breach, one thing we know. At the moment, insurers typically sub-limit or cap fines, so a $50 million ceiling could not be practical or reachable for many businesses.
Honan has spoken with a number of clients regarding the appropriateness of increased limits in light of the proposed revisions and thinks that all businesses should take this into consideration in advance of their upcoming insurance renewal.
