Social
Attorney-General, Mark Dreyfus has introduced a bill to amend Australian privacy rules following a series of highly publicised data breaches impacting consumers. The proposal includes increased penalties for serious or repeated data breaches, and it aims to ensure companies uphold strong data security measures.
Under the current Privacy Act (1988), the maximum fine for serious or repeated breaches of privacy is just $2.2M for companies that exceed $3M in revenue. Under the proposed bill, penalties would increase to the higher of the following:
In addition to increased penalties, the proposed bill would hand the Australian Information Commissioner (AIC) greater powers to resolve privacy breaches.
For companies with existing cyber insurance, pleasingly, most policies will respond to third-party claims arising from a cyber-attack, as well as fines and penalties from regulators.
Based on a review of the cyber insurance limits purchased by our clients, the average cyber limit for companies under $100M in revenue is approximately $2.5M. For companies over $100M in revenue, the average limit is closer to $4M.
Whilst there are various factors to consider when estimating the maximum foreseeable loss a business could face due to a data breach, one thing we know is the proposed maximum fine for serious or repeated breaches. Currently, fines are generally sub-limited or capped by insurers and a $50M limit may not be feasible or attainable for all companies. Having said this, there is certainly merit in reviewing your current limits as the risk of cyber incidents has increased.
In light of the proposed changes, we have held discussions with several clients about the appropriateness of higher limits and believe this is something all companies should consider in preparation for their next insurance renewal.
We will continue to provide updates on the proposed changes as the situation evolves. If you’d like to discuss the adequacy of your current limit, or if you are considering Cyber insurance for your business, please reach out at any time.
Senior Client Executive – Professional and Executive Risks
