Cyber Risk

Cyber risks are not just limited to e-commerce companies and those transacting online, but also to those who are storing any personal information. Personal information could be that of a client, employee or vendor. If you are reliant on a computer or telephone network, and simply browse the internet during the course of the day, your business has a cyber exposure.


Increasingly sophisticated cyber criminals aim to exploit the vulnerabilities of your systems and networks to gain unauthorised access to data, download malware or attack a computer in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled.

This can mean the loss of data and systems, loss of income associated with your servers or online systems being unavailable. Your business’s reputation may also take a significant hit. As our reliance on technology increases, the incidence and cost associated with cyber and privacy breaches will also continue to grow.


Amendments to the Privacy Act have received Royal assent and will commence in February 2018. What does this mean for your company?

The key change is that companies that have breached a third party’s privacy will be required to notify the Office of the Australian Information Commissioner (OAIC) and the affected party/parties in certain circumstances.

So-called, “Mandatory Breach Reporting” was enacted in a number of foreign jurisdictions some years ago and has led to a significant increase in the relevance of Cyber insurance for corporate entities.

Globally, there have been numerous high-profile cases of data breach leading to substantial costs to companies. An example was the Target US case in which approximately 70 million customers and 40 million credit cards were accessed by hackers.

Hamish Fraser (Partner) and Lisa Vanderwal (Special Counsel) at IT specialist law firm Bird & Bird point out the key aspects of the new disclosure regime are:

  1. Any breaches must be promptly investigated to determine whether they are eligible breaches
  2. Eligible breaches must be notified to the OAIC and affected individuals as soon as possible
  3. The notification statement must set out the:
  • identity and contact details for the entity
  • a description of the eligible data breach
  • the information concerned
  • recommended steps that individuals should take

4. If affected individuals can’t be notified, the company must publish the notification on its website and take reasonable steps to publicise the statement, such as through social media, online and printed adverts.

Our brokers will identify the key risks associated with your business and develop a customised policy, giving you confidence that you have the right cover in place and the necessary protection against the threat of a Cyber attack. 


  • combined third party (Cyber Liability) and first party Cyber Expenses including data asset loss and recovery expenses, business interruption and fines and penalties 
  • rogue employee 
  • data held by a third party provider 
  • hacker, denial of service, ransomware, network and privacy incidents
  • broad business interruption triggers including human error, power failure of systems the Insured controls and programming errors
  • incident response and investigation costs

Contact our experts now:

Deborah Rodger
P +61 2 9346 8037 M +61 423 688 349
Mark Winwood
P +61 2 9346 8090 M +61 423 461 485