The Reality of Cyber Attacks with Schalk Van Der Merwe

Schalk Van Der Merwe is a Director of Omnisure Insurance and the winner of Elite Broker by Insurance Business in 2018. As an expert of insurance, Schalk explains the reality of cyber attacks, why we need to think about these sort of attacks, and how we can protect ourselves and our businesses. 

• Omnisure offers a broad spectrum of insurance and risk service:
• General Insurance broking
• Professional Risk
• Workers Compensation
• Credit & Financial Risk
• Claims Management
• Risk Advisory
• Employees benefits

What makes Omnisure different?

Our attention to detail. Our business model is not transactional and is based on a deeper understanding of a particular business' exposures and designing a tailored solution to meet those exposures. Given our broad client base and experience across many industries we also find we are well versed in the unique exposures any given industry faces. We have:

• Customised policies that are not publicly available and with greater coverage at a competitive price
• Real time comparisons to quickly assess cover, benefits and prices of policies from a range of insurer
• A claims champion where we can draw on our relationships with decision makers to escalate any claims issues
• Choice of policies because our partnerships with over 150 insurers enable us to find the right product for you
• Professional, qualified brokers that stay up to date using the latest tools and resources

Cyber insurance is a suite of covers built into one annual policy to comprehensively protect a business' online and network exposures.

The most common coverage features are:

• Business interruption expenses – covers loss of income and related expenses in order to continue trading following a data breach,
• Credit monitoring for affected customers,
• Fines and penalties incurred following a data breach which results in a regulatory claim,
• Legal cost of defending claims,
• Blackmail and extortion – protection against ransom costs should a criminal gain access to sensitive information and threaten to release it,
• Theft and fraud – cover for the loss or destruction of data following a data breach,
• Forensic investigation and recovery – covers the investigation costs to determine the level of exposure and replace/restore lost data,
• Incident response and public relations – covers the immediate expenses necessary to notify the public of a breach and handle the ongoing advertising campaign,
• Notification costs of notifying your clients of a data breach,
• Legal expenses should your business become liable to pay damages (e.g. where a client's reputation or intellectual property was damaged by your failure to secure their data).

Don’t equate small with safe….

Essentially, all businesses regardless of industry should consider cyber insurance. 

Businesses that are at particular risk:  

• Any business who utilises the internet or devices that have sensitive information stored, including client information. (This will make up 99% of all Australian businesses, however accountants, lawyers, bookkeepers and the financial services industries are particularly targeted).
• Any business who takes payments electronically, regardless of whether this is undertaken through a third party gateway - check your contract, they take no responsibility for your clients data!

We get this question a lot from clients, it’s a tough one to answer as there is no revenue band or business size where cyber insurance then becomes relevant. Every business has an exposure and unfortunately given the recent statistics it seems as though its just a matter of when not if anymore.

Cyber attacks are becoming more and more prevalent, with research showing an excess of 20% of Australian businesses have suffered some sort of cyber event or cyber crime in the last five years.

The average cost of a cyber attack in Australia is $276,000, which most small businesses don’t have  lying around. However, the damage to the reputation and the ongoing stress of dealing with a large scale data breach or cyber attack can be more costly.

Profile: Property developer

Background: Following the sale of two properties, our client was required to make a payment of $400,000 to their property consultant. On the day the payment was due, our client received an email from the consultant advising that their banking details had changed. Our client requested that this be sent to them in writing on the consultant’s letterhead including the signature of the director of the consultancy company which our client received. Our client was later chased by the actual consultant for the payment at which time it was discovered that the email and letter had been fraudulent. Our client contacted their bank to stop the payment but the money had already been withdrawn and transferred overseas.

Outcome: Our client made a claim on their Cyber Policy which triggered the optional Social Engineering cover. It appointed an IT forensic consultant who identified that the hacker had infiltrated the consultant's system and intercepted correspondence between our client and the consultancy firm. Our client was reimbursed for the outstanding funds (capped at the Social Engineering sub limit of $250,000).

Payment: $250,000.

• Employee training. 70%+ of cyber attacks or events occur as the direct result of human error (Yes that person in the office that always gets tricked by the fake power bill)
• Install, use and regularly update antivirus and antispyware software on every computer used in your business.
• Regularly change passwords and limit access to data, information and authority to install software.

Its not as expensive as you think! $100,000 of coverage depending on your industry / revenue starts at $200 (excluding charges).