Lawcovernotes December 2017

Cyber policies do not just respond to ransomware. They will, subject to terms, also provide cover where there has been an attack on the insured’s network that results in an infringement of a right to privacy, for example through exposure of personal or sensitive information. This element of the cover is increasingly important ahead of the mandatory scheme for notification of certain data breaches that comes into effect on 22 February 2018 under the Privacy Act 1988 (Cth). Again, breach counsel will advise and represent insureds in relation to their regulatory obligations to the Office of the Australian Information Commissioner and to mitigate exposure to possible claims. The policy may fund legal representation expenses in the event of a regulatory investigation. Once breach counsel and the cyber panel have dealt with the immediate threat and resolved any privacy related issues, the policy also contains cover for business interruption losses (subject to waiting periods). The cover extends to reimbursement of lost income and the costs associated with maintaining operations while a network is unavailable. Cyber insurance is just one part of a broader cyber risk mitigation strategy Just as a home and contents insurer requires locks on doors and windows, cyber insurers may require that insureds maintain up to date antivirus protection and undertake scheduled and frequent backups. The insurer will also partner with their insureds to provide alerts on new malware variants and ongoing education of computer users to prevent cyber events. Most often, ransomware attacks or unauthorised access to confidential information is as a result of a user ‘clicking’ on an attachment purporting to be part of a legitimate message, as was the case with Bad Rabbit and its association with a software update. In many cases such malware is designed to be destructive and without a specific target. The legal profession is increasingly reliant on internet-based platforms. The profession largely communicates by email. E-Courts, E-filing and electronic conveyancing are already an everyday reality. Many government departments and regulators are moving to paperless environments. Cyber insurance, and the associated benefits of immediate assistance where other protections are breached, is integral to a lawyer’s insurance portfolio and risk management strategy. Keith Bethlehem Partner, CBP Lawyers Keith Bethlehem leads the Cyber Risks Insurance team at Colin Biggers & Paisley. Keith has worked with a number of insurers to both develop cyber risks insurance products and set up the associated expert breach response panels. Keith has established working relationships with relevant experts including IT security analysts, forensic IT and accounting practitioners and crisis management professionals. Keith and his cyber response team act as first responders on four separate cyber insurance facilities, including the new cyber risk policy purchased by Lawcover that will be effective from 1 January 2018. 7.