Cyber Insurance – A Director’s Duty of Care
What cyber insurance does your organisation have in the event of a cyber breach? Does it have limitations, or specific exclusions? Is it a full cyber insurance policy, or an “add on” policy? – These are just some of the questions you should be asking yourself if you are a director of either a public or private organisation. Under the Corporations Act it is no longer good enough to relinquish responsibility of cyber compliance to the IT department or a third party provider.
Under this Act directors must have a particular regard around their duty of care, due diligence and continuous disclosure obligations when running a company. It is therefore their duty to be involved in managing and understanding the real risk associated with cyber security, and also ensuring that a strong compliance regime is in place which addresses cyber security within the business.
Failure to comply with these duties can expose directors to claims from shareholders and investigations from regulators.
Privacy Act 1988
Directors must also remember that under the Privacy Act 1988, all organisations with revenue greater than $3m and even those with less revenue but who collect e.g. health information, sell and/or purchase personal information for a benefit, have obligations under the Privacy Act 1988. In recent years this Act was updated, requiring organisations to “take reasonable steps in protecting personal information it holds from:
(a) Misuse, interference and loss; and
(b) From unauthorized access, modification and disclosure.”
The Consequence of a Privacy Act Breach
Fines of up to $340,000 for individuals and $1.7m for organisations may apply for breaches of the Privacy Act.
With cyber crime now one of the top crimes of the 21st century, directors of companies need to ensure they implement cyber risk management strategies and have correct cyber insurance policies in place in the event of a cyber breach. The alternative could be very costly!
How We Can Help
For a cyber insurance quote either fill in our Cyber Insurance Quote Form, or call Leed Risk Services on 1300 881 464.