Level 10, Grand Annexe 84 Boulcott Street Wellington 04 974-6860
Cyber Insurance

Cyber crime is costing NZ SMEs more than they know.

Connectivity. It’s fundamental to running almost any kind of business in New Zealand today. We live undoubtedly in the cyber age – a culture where computers, computer networks, information technology, the Internet, the Cloud, and now virtual reality, are commonplace in our offices, homes, and even our pockets.

We all hear about it in the mainstream media when yet another large global corporate or organisation is hit by online hackers. But when do you recall hearing of a local business being the target of a phishing or ransomware attack? It’s happening right now, everyday in New Zealand – it’s the hidden cost of cyber crime.

Here are some real stories of local cyber crime claims:


Ransomware – Cost $78,000

Law firm with turnover of $2M and eight staff. Their server and client records were locked by ransomware software. The files were released after paying a ransom of $50,000 to the hackers. $20,000 was paid out for the claim for loss of income, the ransom demand, including consultant’s costs to advise on handling and negotiating the ransom, and costs to restore the network, as the hackers still refused to release the files despite payment of the ransom.

Employee Error – Cost $150,000

An online retailer emailed a group of customers to promote a sale with a special discount offer. The retailer intended to attach a copy of the flyer detailing the discounts, but instead attached a spreadsheet that contained a customer list including their names, addresses and credit card information. The retailer had customers in the US and was required to notify all affected customers of the error and offer credit monitoring. Several affected individuals also filed suits against the retailer. The error resulted in credit monitoring costs of $50,000 and legal fees, plus nuisance settlements of $100,000.

Data Breach – Cost over $2,100,000

A leading supplier of Managed Services (including IT platform hosting), providing infrastructure and support services to numerous clients, had an extensive mainframe that was partitioned and configured to specific client requirements. An attacker implanted malicious software tools on the company’s mainframe and used ‘masking techniques’ to conceal their IP address and steal customer data. $1,200,000 of the total cost was for data recovery and business income loss.

Malware – Total paid $35,625

A professional services firm, operating a network of 22 computers, had real-time anti-virus software installed on all its servers and desktops. Satisfactory risk management and preventative measures were all in place. But a virus infection was discovered on some computers, which spread through the network. Initial attempts to eradicate the virus by their IT provider were unsuccessful, necessitating the wiping of and reinstalling of every networked computer. The costs included forensic examination, data restoration and lost revenue.

What can we learn?

  1. Don’t be over confident with online security
  2. One opened email could shut down your business
  3. Human error can still thwart the best IT protection
  4. Faster Internet also means faster virus downloading
  5. Data is of great value in the wrong hands
  6. You can insure against the cost of Cyber Crime and Privacy Protection breaches.

Business owners and directors have statutory and governance responsibilities to protect the company data they have, including the personal details of their employees, customers and suppliers. Compromised IT systems can also cause significant reputational damage.


Directors & Officers Liability Insurance

Directors and management now personally liable for health and safety.

Recently New Zealand’s workplace health and safety underwent its most significant reforms for 20 years. This work saw the establishment of WorkSafe New Zealand and the introduction of the new Health and Safety at Work Act 2015, which came into effect on 4 April 2016. WorkSafe has a pretty big goal – to deliver a 25% reduction in serious injuries and workplace deaths by 2020.

The new legislation now firmly makes health and safety a core function of every business. And the Act has significant implications for directors and officers of all businesses and companies operating in New Zealand. They’re now personally liable for their health and safety actions, putting their personal assets at much greater risk than before.

There’s some new terminology to be aware of too. A ‘PCBU’ is a person conducting a business or undertaking, for example a company, employer, committee, sole trader – everyone who carries out work has a duty of care for health and safety. An ‘Officer’ is a person who holds a senior leadership position with the ability to significantly influence the PCBU’s management. Each officer has an individual due diligence duty and is personally responsible for ensuring compliance with the Act. A ‘Workplace’ is wherever business is conducted in New Zealand, including whilst out in a vehicle or working from home.

New fines under the Act range from $100k for a category 3 ‘failure to comply’ violation by a PCBU or Officer, up to $600k plus 5 years jail or both, for a category 1 ‘reckless conduct’ violation. For a corporation, fines range from $500k (category 3) to $3M (category 1). In addition to these fines, there are other punitive orders that the Courts can make.

You CAN protect yourself from some risk.

Though fines and penalties under the new Act remain uninsurable. You can still consider cover for some liability including – Defence Costs and Reparations, Officer’s Personal Defence Costs, and Company Reimbursements.

We’re here to help. We can…

  1. Advise you on what the Act means for you and your business
  2. Give you some straightforward, practical steps to ensure good governance around workplace health and safety
  3. Introduce you to other specialists in our business network that can help with health and safety
  4. Recommend an insurance package that gives you extra cover and the confidence that you’ve taken steps to protect yourself against significant personal loss.

Environmental Liability

Every business should understand and plan for pollution.

Many of us consider pollution risks to be limited to the realms of big business and heavy industries. We’ve all heard the horror stories of expensive clean-ups in the news, like the Rena ship grounding, that cost its Greek owners over $235 Million. But it might be something you should think about again, before dismissing it as not a problem for your business.

 Any time a business or tenant’s operation is required to comply with the Environmental Protection Agency’s HAZNO storage regulations, there is a potential for a major loss should those hazardous substances escape.

Good risk management practices are your first line of defence, but what about oversights or human error?

We know of a large Australian loss where chemicals were stored in accordance with State regulations, which included a substantial bund wall; however, who would have anticipated the bund overflowing from the fireman’s hoses as they desperately tried to extinguish a blaze?

What about asbestos or gradual seepage that’s gone unnoticed for years? Surely you can blame the previous landlord or tenant – isn’t that an adequate defence? Unfortunately not! New Zealand’s Resource Management Act imposes strict liability on pollutants, whereby you are guilty even if there was no intent, and normal proof of negligence is not a requirement. A defence can include your responsible conduct and quick remedies, but at what cost? A simple slow drip down the storm water drain can result in thousands of dollars in clean-up and ecological remedial costs.

Emerging environmental safety hazards to be aware of:

  1. New asbestos handling regulations
  2. Increased fines and penalties under the Resource Management Act (RMA)
  3. Contractual requirements for insurance coverage for the use and storage of hazardous substances
  4. Gaps in traditional liability policies where cover is limited to sudden, rather than gradual events, with no cover for lost income.

New Environmental & Pollution Liability Cover for SMEs

There’s a new product – Environmental & Pollution Liability – designed especially for SMEs offering more cover than ever before:

  1. Gradual event cover (as well as sudden/accidental events)
  2. Asbestos contamination
  3. Specific site cover and mobile contracting options
  4. Transport-related pollution liability
  5. Civil claims (as well as criminal liability)
  6. Environmental damages
  7. Emergency response and clean-up costs
  8. Defence costs included in policy limits
  9. Resultant business interruption.

Cover and claims support is backed by environmental experts who can act swiftly to help you manage a pollution crisis. We think this cover is a must, even if you only store low levels of hazardous substances, or if you own a site where your tenants use hazardous materials.


Flood Protection

The importance of adequate flood cover.

According to Australian Geographic, between 1852 and 2011 the cost of flood damage reached an estimated $4.76 billion. Perhaps even more alarmingly was the impact of the devastating floods that inundated Brisbane and South-East Queensland in December 2010/January 2011. With more than 200,000 people and 28,000 properties affected, over 56,000 insurance claims were ultimately lodged with payouts totalling $2.38 billion. Five years on and many Queenslanders are still recovering, while some who weren’t suitably protected may never recover at all.

More recently, violent storms on 28 January 2016 led to flash flooding in Geelong inundating over 150 local properties and leading to yet another a multi-million dollar clean up bill. Described by the Bureau of Meteorology as a ‘once in 50 year’ event, the reality is floods of this nature are a fact of life across most regions of Australia and can devastate local communities and businesses in many ways, including economically.

Professor Jonathan Nott is a palaeohazards expert at James Cook University in Cairns. In 2012 he told Australian Geographic part of the problem is that we “continue to build in the path of floods,” regardless of history, and allow populations to increase in low-lying floodplains. While we are “very good at dealing with emergencies when they arise,” he said, “we are not so good at mitigating against disaster.”

According to the Insurance Council of Australia: “Inland flood is a significant issue in Australia, historically accounting for nearly one third of insured losses.” The Council also explains that since 2008 insurers have used government flood mapping data to build the ‘National Flood Information Database’, an initiative that now means flood cover is available based on specific addresses, not just postcodes. This has seen flood insurance availability grow from just 3% of policies in 2006 to 93% today.