The Office of the Australian Information Commissioner (OAIC) announced last week that it had received 63 notifications since the Notifiable Data Breaches (NDB) scheme came into effect in late February, compared to the 114 breach notifications received over the 2016-17 financial year.
As the consequences for businesses that suffer a breach or fall victim to cyber crime increase, from the monetary consequences – failure to comply with the NDB scheme, for example, can attract a penalty of up to $2.1 million – to the hits to a company’s reputation and its effect on revenue – think the current PR disaster for Facebook – Australian insurtech startup Edmund has launched to provide cyber security insurance to small to medium enterprises (SMEs) with up to $20 million in annual revenue.
Founded by Richard Smith and Christopher Lynam, the platform takes business owners through a 10 minute process to understand their business and the scope of the personally identifiable information (PII) it deals with before determining their premium.
With its underwriting algorithm developed in conjunction with reinsurance company Munich Re and the insurance underwritten by the Munich Re syndicate at Lloyd’s, Edmund will protect customers across a variety of claims, including third party liability, event recovery costs, threat of extortion costs, business interruption loss, and defence costs.
Edmund will also connect customers who have suffered a breach or been the victim of a threat of extortion to KPMG for emergency response.
Depending on the issue, KPMG will provide customers with a legal team to provide advice in relation to potential legal issues, including the NDB scheme and whether the Privacy Commissioner must be notified; a forensic and cyber team to focus on the immediate needs to contain a cyber breach of cyber threat of extortion to minimise the impact on the business; and a communications and PR team team to help shape the message around the issue and get back to business.
With this in mind, Smith said Edmund was built to give SMEs a simple way to protect their business and its reputation. According to the Australian Cyber Security Centre’s 2017 Threat Report, there were 47,000 reported cyber security incidents in Australia in 2016-17, up 15 percent on the year before; it is predicted that 60 percent of attacks this year will be against SMEs.
“We continue to see growth in threats such as ransomware and malware attacks in Australia and there are a number of security measures businesses should have in place to protect themselves,” Smith said.
“Cyber insurance provides complementary protection, for example in the event of a ransomware attack; businesses can be covered for the costs to recover from the ransomware event, loss of profit, and litigation associated with the loss of personal or commercial information.”
Edmund will also look to protect businesses against the rise in social engineering fraud attacks, or business email compromise; in other words, when a criminal pretends to be a customer, supplier, or senior staffer within a business and tricks staff into transferring money into their bank account.
Other players offering cyber insurance often do not cover such losses as they don’t deem them an instance of cyber crime, given the staffer rather than a hacker facilitated the act of transferring funds.
It comes as cybersecurity solutions company Trend Micro also today launched Writing Style DNA to combat social engineering attacks by flagging emails that it believes are impersonating a company’s senior staff or officials.
Leveraging machine learning, the system looks at over 7,000 writing characteristics to determine a user’s writing style; a suspect email will be compared to the trained model and a warning sent to the ‘implied’ sender, the recipient, and the organisation’s IT department.
According to Trend Micro, global losses through such scams are predicted to reach $9 billion across 2018, with an average loss of $132,000 per incident.
Image: Richard Smith and Christopher Lynam. Source: Supplied.