KBI
  /  Cyber Blog   /  FY21 Q3 & Q4: Cyber Insurance Snapshot
OAIC Notifiable Data Breaches Report January - June 2021

FY21 Q3 & Q4: Cyber Insurance Snapshot

The Office of The Australian Information Commissioner (OAIC) has expressed concerns about ransomware and impersonation fraud following the release of their January–June 2021 Notifiable Data Breaches Report.

The report looked at notifiable data breaches reported to the OAIC in FY21 Q3 & Q4. We’ve explained the report’s findings below, along with what they could mean for your business and the future of cyber insurance. 

At a glance: The OAIC January–June 2021 Notifiable Data Breaches Report

OAIC Notifiable Data Breaches Report January - June 2021
Top 5 Industry Sectors to notify data breaches
OAIC Notifiable Data Breaches Report January - June 2021
Sources of data breaches
OAIC Notifiable Data Breaches Report January - June 2021
Cyber Incidient Breakdown
OAIC Notifiable Data Breaches Report January - June 2021

Q3/Q4 had 446 reported breaches — down 16% from Q1/Q2.

Malicious or criminal attacks caused 65% of reported breaches. Of these, 66% were cyber incidents.

Human error was the second-highest cause of data breaches. It accounted for 30% of breaches reported.

Health service providers reported the highest number of breaches (19%), followed by the finance & superannuation industry (13%.)

The overall reduction in breaches included a 34% drop in human-error breaches and a 5% drop in breaches caused by a malicious or criminal attack.

However, two types of malicious or criminal attack related breaches are on the rise. Ransomware incidents increased by 24%, from 37 to 46. Breaches caused by social engineering or impersonation fraud increased slightly, from 34 to 35.

Following the report, the OAIC issued a press release highlighting ransomware attacks and impersonation fraud as causes for concern.

The OAIC urges Australian businesses to maintain adequate privacy procedures

Throughout the report, the OAIC reinforced their expectation that businesses:

Protect themselves adequately from privacy threats.

Have systems in place to quickly identify breaches.

Have appropriate incident response plans.

This expectation extends to the threat of ransomware attacks and impersonation fraud. The Australian Information Commissioner and Privacy Commissioner Angelene Falk says:

We expect entities to have appropriate internal practices, procedures and systems in place to assess and respond to data breaches involving ransomware.
Entities should continually review and enhance their security posture to minimise the growing risk of impersonation fraud.

OAIC recommendations for preventing and responding to ransomware and identity fraud risks included: 

Multi-factor authentication.

Automatic account holder notification for failed logins and personal information updates.

Appropriate audit and access logs.

An appropriate incident response plan.

Possible early-stage forensic analysis from a cyber security expert following a ransomware attack.

KBI recommends businesses seek cyber insurance

When commenting on the report, Commissioner Faulk acknowledged the rise of the dark web and the increasing ease with which cybercriminals can bypass entities’ impersonation fraud protection measures.

This is part of the reason that KBI’s lead cyber insurance broker Tyler Speers recommends pairing robust privacy protection measures with an equally robust cyber insurance policy: 

Strong cyber security policies and procedures can reduce your business’ risk of a cyber attack. But, they cannot remove that risk altogether. Cyber attacks can and do have significant financial repercussions for the businesses targeted. If your business is targeted, a cyber insurance policy can help cover costs associated with privacy lawsuits, regulatory defence, extortion demands, notification, and data recovery. It will also give you access to an emergency incident response team to put the situation in the hands of the experts.

Given the growing risk of ransomware and impersonation fraud, Speers recommends that all businesses who hold personal data seek cyber insurance. He also suggests that businesses with an existing policy have a proactive conversation about risks and cover requirements with their broker.

KBI predicts changes to the cyber insurance market in FY22

Increases in the number of ransomware and impersonation attacks could result in tighter underwriting criteria for cyber insurance policies in FY22, as well as harsher terms for cover. “We are already beginning to see policies that limit cover for ransomware payments,” says Speers.

Government legislation in response to the growing threat of ransomware attacks is also a possibility. In June, Tim Watts, a federal Labour MP, introduced the private member’s Ransomware Payments Bill 2021. If passed, this bill would require businesses to report ransomware demands to the Australian Cyber Security Center.

Key takeaways

Ransomware and impersonation fraud is a growing threat

Businesses should look to improve privacy protection measures and have a plan in place for cyber attacks.

Businesses should speak to their broker about the financial risks associated with a cyber attack and the possibility of transferring those risks to insurance.

To talk to a broker, or find out more about cyber insurance, visit our cyber insurance page.

Have any questions?

Talk to one of our Brokers today!

About KBI

We are a specialist insurance brokerage with an emphasis on adding value to our clients by helping them make an informed decision. Our approach combines that of an insurance broker and consultant, where we focus on providing expert advice to our clients while customising their insurance program and risk management solutions.

Since starting in 2013, KBI is constantly growing and becoming a leader in the Australian market. Our primary point of difference is that we don’t try to be all things to all people.  We work in niche areas, where we can tailor an offering, advice and broker support to meet the specific area’s needs.

Newsletter Sign Up

Want to keep up to date with all our latest Insurance news and information? Enter your email to be added to our mailing list.