The definition of a cyberattack is an offensive manoeuvre employed by individuals or groups that target computer information, infrastructure, computer networks and/or personal computer devices by malicious acts.
Should you be worried? Yes. Cybercrime is the fastest-growing crime in the world.
Accountants and financial planners are prime targets due to the sensitive and personal information they hold on their clients in their systems.
Yet still so many business owners say: “It won’t happen to me.”
Here are a couple of examples of recent paid cyberattack claims involving accountants.
Accountant
The insured used a third-party cloud-based software provider to hold confidential client information. The cloud provider advised the insured that their account had been accessed by an unauthorised identity who had deleted data relating to 5000 clients. As a result of the hack, the client was unable to operate as usual due to the missing data and limited access to their software.
Outcome
The insurance company appointed information technology forensic consultants to assist the client in investigating whether their systems had also been compromised. As the incident occurred prior to the new privacy regime taking effect, the insured did not have to report the privacy breach, however, in order to be transparent with its clients and the authorities, the insured advised the Privacy Commissioner of the potential breach. The insured was able to claim for business interruption costs, forensics and legal costs. Payment: $124,000.
Accountant
The insured noticed some documents on their server had been deleted. Further investigations were undertaken and it was discovered a hacker had been accessing the insured’s system for the past two months.
Outcome
The insured notified the insurance company, which hired an IT forensic consultant to review the insured’s systems. It was discovered 800 client files had been accessed, which included private details such as driver’s licences and passport numbers. The insurance company appointed a specialist firm to monitor whether any client identities were stolen or sold, as well as a law firm to advise on the data breach issues and draft a notification letter to all affected parties. It was determined the insured had to report the incident to the Privacy Commissioner and the appropriate steps were taken to secure the information they held. Remediation costs were also covered to rectify any issues with the insured’s system. Payment: $90,000.
These claims were paid because in each case the insured had a full cyber-insurance policy, not just an extension under a professional indemnity policy.
A cyber-insurance policy will not prevent a cyberattack, but it will help to get your business up and running again as quickly as possible following an attack.
A cyber-insurance policy has three components:
- First party – covers you for your own costs to repair and restore your own IT system.
- Third party – provides cover to third parties in the event your systems were breached and private data is available in the public domain.
- 24-hour/seven-days-a-week global rapid assistance.
In addition, fines and penalties can result from a security breach under the mandatory reporting laws and businesses can suffer loss of income following a breach.