Brought to you by:

Data breach legislation ‘will change cyber landscape’

The Australian cyber-insurance landscape will alter dramatically when mandatory data breach notification rules are introduced, Aon says.

The global broker held its Cyber Risk Symposium in Melbourne, Sydney and Brisbane last week, bringing together technology, legal and risk thought leaders.

Speakers included Greg Austin from the Australian Centre for Cyber Security; Scott Thiel, partner at law firm DLA Piper; Tim Fitzgerald, VP and Chief Security Officer at security solutions provider Symantec; and Kevin Kalinich, Aon’s Global Cyber Risk Practice Leader.

Aon National Practice Leader for Cyber Risk Fergus Brooks told insuranceNEWS.com.au there was standing room only for the seminars in Sydney and Melbourne.

“The key message was about opening up opportunity, not selling fear,” he said. “We wanted to show people how to enable their business to grow.”

Mr Brooks says in the US about 20% of businesses have cyber cover or are considering it, but the equivalent figure here is 2%.

This is partly because 47 US states have mandatory breach notification laws – something still absent in Australia.

“At the moment you don’t have to tell anyone [if a breach occurs],” Mr Brooks said. “And you’re not going to get a class action if nobody knows their details have been lost.

“We don’t know whether the legislation will come this year or next, but it will certainly change the mindset and the landscape.

“In Australia there tends to be a ‘she’ll be right’ mentality. A lot of companies say they’ve never been hacked, or their firewalls are perfect. But you can never say never.

“Notification will mean users are aware, and companies will get sued. Increasing awareness will result in an increasing spend on technology and insurance.”