Level 10, Grand Annexe 84 Boulcott Street Wellington 04 974-6860
Cyber Insurance

Cyber crime is costing NZ SMEs more than they know.


Connectivity. It’s fundamental to running almost any kind of business in New Zealand today. We live undoubtedly in the cyber age – a culture where computers, computer networks, information technology, the Internet, the Cloud, and now virtual reality, are commonplace in our offices, homes, and even our pockets.

We all hear about it in the mainstream media when yet another large global corporate or organisation is hit by online hackers. But when do you recall hearing of a local business being the target of a phishing or ransomware attack? It’s happening right now, everyday in New Zealand – it’s the hidden cost of cyber crime.


Here are some real stories of local cyber crime claims:

 

Ransomware – Cost $78,000

Law firm with turnover of $2M and eight staff. Their server and client records were locked by ransomware software. The files were released after paying a ransom of $50,000 to the hackers. $20,000 was paid out for the claim for loss of income, the ransom demand, including consultant’s costs to advise on handling and negotiating the ransom, and costs to restore the network, as the hackers still refused to release the files despite payment of the ransom.

Employee Error – Cost $150,000

An online retailer emailed a group of customers to promote a sale with a special discount offer. The retailer intended to attach a copy of the flyer detailing the discounts, but instead attached a spreadsheet that contained a customer list including their names, addresses and credit card information. The retailer had customers in the US and was required to notify all affected customers of the error and offer credit monitoring. Several affected individuals also filed suits against the retailer. The error resulted in credit monitoring costs of $50,000 and legal fees, plus nuisance settlements of $100,000.

Data Breach – Cost over $2,100,000

A leading supplier of Managed Services (including IT platform hosting), providing infrastructure and support services to numerous clients, had an extensive mainframe that was partitioned and configured to specific client requirements. An attacker implanted malicious software tools on the company’s mainframe and used ‘masking techniques’ to conceal their IP address and steal customer data. $1,200,000 of the total cost was for data recovery and business income loss.

Malware – Total paid $35,625

A professional services firm, operating a network of 22 computers, had real-time anti-virus software installed on all its servers and desktops. Satisfactory risk management and preventative measures were all in place. But a virus infection was discovered on some computers, which spread through the network. Initial attempts to eradicate the virus by their IT provider were unsuccessful, necessitating the wiping of and reinstalling of every networked computer. The costs included forensic examination, data restoration and lost revenue.

What can we learn?

  1. Don’t be over confident with online security
  2. One opened email could shut down your business
  3. Human error can still thwart the best IT protection
  4. Faster Internet also means faster virus downloading
  5. Data is of great value in the wrong hands
  6. You can insure against the cost of Cyber Crime and Privacy Protection breaches.


Business owners and directors have statutory and governance responsibilities to protect the company data they have, including the personal details of their employees, customers and suppliers. Compromised IT systems can also cause significant reputational damage.

0

Directors & Officers Liability Insurance

Directors and management now personally liable for health and safety.

Recently New Zealand’s workplace health and safety underwent its most significant reforms for 20 years. This work saw the establishment of WorkSafe New Zealand and the introduction of the new Health and Safety at Work Act 2015, which came into effect on 4 April 2016. WorkSafe has a pretty big goal – to deliver a 25% reduction in serious injuries and workplace deaths by 2020.

The new legislation now firmly makes health and safety a core function of every business. And the Act has significant implications for directors and officers of all businesses and companies operating in New Zealand. They’re now personally liable for their health and safety actions, putting their personal assets at much greater risk than before.

There’s some new terminology to be aware of too. A ‘PCBU’ is a person conducting a business or undertaking, for example a company, employer, committee, sole trader – everyone who carries out work has a duty of care for health and safety. An ‘Officer’ is a person who holds a senior leadership position with the ability to significantly influence the PCBU’s management. Each officer has an individual due diligence duty and is personally responsible for ensuring compliance with the Act. A ‘Workplace’ is wherever business is conducted in New Zealand, including whilst out in a vehicle or working from home.

New fines under the Act range from $100k for a category 3 ‘failure to comply’ violation by a PCBU or Officer, up to $600k plus 5 years jail or both, for a category 1 ‘reckless conduct’ violation. For a corporation, fines range from $500k (category 3) to $3M (category 1). In addition to these fines, there are other punitive orders that the Courts can make.

You CAN protect yourself from some risk.

Though fines and penalties under the new Act remain uninsurable. You can still consider cover for some liability including – Defence Costs and Reparations, Officer’s Personal Defence Costs, and Company Reimbursements.

We’re here to help. We can…

  1. Advise you on what the Act means for you and your business
  2. Give you some straightforward, practical steps to ensure good governance around workplace health and safety
  3. Introduce you to other specialists in our business network that can help with health and safety
  4. Recommend an insurance package that gives you extra cover and the confidence that you’ve taken steps to protect yourself against significant personal loss.
0