Like you, many consumers are concerned about how their personal information and valuable data is being used in this tech savvy age. As a result, Parliament has passed a new bill for mandatory data breach notification laws.
This bill is an important step to highlight the importance of consumer data protection although there have been some fears in the business community about the consequences and potential costs associated with these new laws.
Any business that suffers an eligible data breach will now have to report the matter to the Privacy Commissioner and any party whose data has been compromised must be notified by the business. An eligible breach can include unauthorised access, disclosure or loss of personal information held by a business which is likely to result in serious harm to the individual or customer which that data relates to.
“Cyber exposure is the fastest growing risk for SME businesses and Deloitte expect there will be 10 million cyber attacks in Australia in 2017,” says Adroit Professional Risk specialist, Anthony DiFlore.
Experts estimate a data breach could potentially cost businesses between $150 to $350 per record. If 1,000 records were breached for example, then the cost could skyrocket anywhere from $150,000 to $350,000.
The large costs associated with a data breach can potentially include:
- legal fees to manage an investigation by the Privacy Commissioner
- fines imposed by the Privacy Commissioner of up to $340,000 against directors and executives personally or $1,700,000 against the company.
- costs of forensic experts to find how the breach occurred.
- costs to fix IT systems and upgrade security.
- ransom payments made to cyber criminals to unencrypt data.
- loss of clients, new contracts and revenue due to adverse media.
- public relations costs.
- civil proceedings from those affected, including legal costs and damages.
- financial fraud and any ongoing credit monitoring costs.
The list goes on. Those affected by the legislation included any business with over $3 million in turnover, smaller firms that handle sensitive client information like healthcare professionals and most government agencies.
A business that is not prepared and uninsured for a data breach is risking significant financial loss should one occur.
To ensure your business is protected, download our full Cyber Security Essentials kit here, or get in touch with Adroit Professional Risk, our cyber and privacy experts, on 1300 6923 7648.