As an insurance broker who deals with the claims and concerns of clients who have been impacted by bushfire, please make sure you understand your risks, put measures in place to protect yourself, and make sure you have the right insurance in place as a safety net should the worst happen.

“I’ve seen and heard some of the hardest stories,” reflects Allsure Director Melissa Donaldson.

“Even having great insurance doesn’t take all the hurt out of losing belongings, pets, your home or, in the very worst case, your loved ones. For an insurance broker, we see the aftermath of insurable events, and the most frustrating thing is when it could have been prevented (and also when people are underinsured or uninsured – I think that will be one of my next articles!)

“This year has been heartbreaking, with bushfires across Australia including in Victoria and Tasmania where our two offices are. So after reflecting on the bushfire season that was (without jinxing it as certainly there is still risk in many areas), I wanted to share some things from an insurance broker’s perspective that I wish everyone in a risky area knew before it was too late.”

Bushfire insurance can save lives

The 2009 Black Saturday bushfires in Victoria were the most devastating in Australian history; 173 people tragically lost their lives, 414 were injured, more than a million wild and domesticated animals were lost and 450,000 hectares of land were burned.

There was stats from the royal commission into the black Saturday fires of 7 February 2009, that showed that most of those who died did not have insurance. It’s been concluded that having insurance saved lives and not having it cost lives. Put more simply, those without insurance were more likely to stay and defend their properties, those with insurance left in time, knowing they could rebuild.  

Business interruption insurance

In the case of the Bunyip State Park fire in Victoria, over 100 homes and outbuildings have been damaged or destroyed. Additionally, many businesses, roads and schools have closed due to the fire risk. Recovering from a bushfire and all the work and clean up entailed can take a long time – could your business survive if you have to close for months? Or even if one of your key suppliers is severely impacted and unable to service your business? If the answer is not a confident ‘yes’ then you may want to speak to your broker about business interruption insurance.

Don’t gamble with embargoes!

Did you know that if you wait until a disaster like a bushfire is imminent, it may already be well too late to get insurance coverage? Check out our ‘procrastination’ article for more information, but at a high level, you need to know that insurance companies can set a timeframe to prevent you from purchasing insurance when an event is known to be extremely likely or already having an impact.

Removal of debris

Many insurance solutions include cover for the cost of debris clean up after an event. But not all policies are equal. This can be an expensive and time consuming components of disaster recovery, and it’s worth getting your broker to read the fine print so you know what you’re getting. After all, that’s what we’re here for! (And yes, maybe that does make us an insurance nerd, and proud of it.)

Bushfire management & mitigation – make it happen

What if taking just a few steps could reduce or altogether prevent a bushfire from impacting you? Would you give up a couple hours of Netflix a month to have the peace of mind that you’ve done something to reduce your risk?

There’s a huge range of actions you can take – many that cost only time and sweat. As you may know, you could be held legally liable if you don’t reduce the risk of fire in and around your property. PLUS – did you know that insurance companies can reject your claim if you do not take ‘reasonable steps’ to minimise your loss should an incident occur? Keep that risk management hat on – before and after an insurable event.

So find out what ‘best practice’ for bushfire risk management for your situation, whether it’s clearing your gutters regularly or ensuring you have an evacuation plan, know what you need to do.

There’s even some talk of incentivising people with reduced insurance premiums to build homes and businesses to better withstand cyclones and bushfires according to this Queensland article. We will certainly be watching this space and keeping you up to date.

Questions?

Talk to us about your situation. Seriously, we love to help and at the very least you can come away with a free quote and the peace of mind that you’ve had a good conversation about your risks and you’ll know whether you have a competitive solution in place.

Please note: The information provided in this article is only general in nature – before making business decisions you should consider seeking advice specific to your situation.

Another week, another three major cyber attacks hit the news. You may have seen recent reports that Cabrini Hospital in Melbourne, Toyota Australia and the Australian government have all been targeted by sophisticated cyber attacks.  The government and Toyota have claimed that the attacks were unsuccessful and no data was obtained, but Australian security agencies are investigating the ransomware attack on the hospital.

There are so many cyber attacks (one every 39 seconds according to Security Magazine), that it can start to sound like white noise. But the figures below should convince you otherwise. You might think ‘it won’t happen to me, it only happens to big corporates’ but it’s also important to note that 43% of cyber attacks target small businesses!

Cyber security by the numbers (source: Smart Money):

• 516,380 — the number of Australian small businesses that fell victim to cyber crime in 2017, according to Norton.
• $4,677 — the average amount the majority of SMEs would have to pay to free their data from ransomware.
• 25 hours or more — the amount of downtime one in four businesses hit by cyber attacks suffer.
• $1.9 million — the average cost to a medium sized business if hit by a cyber attack.
• One third — the number of SMEs who say they continuously back up their systems’ data.
• One — the number of staff members that hackers need to dupe in order to gain access to your business’ data.

What are the different types of cyber attacks?

First of all, let’s make sure we’re on the same page about what a ‘cyber attack’ is. A cyber attack is considered when an organisation or individual maliciously and deliberately attempts to breach the information system of another individual or organisation. Typically, the cyber attacker is seeking some sort of benefit from disrupting the victim’s network (i.e. a ransom), though some do it as part of protest or ‘hacktivism’.

Some of the most common types of cyber attacks, according to technology giant Cisco, include the following:

Your data breach and privacy obligations

Are you familiar with what your obligations are should your business experience a data or privacy breach? Under the Privacy Act, you have a duty to disclose breaches when a data breach is likely to result in serious harm to individuals whose personal information is involved in the breach.

Examples of a data breach include the following incidents:

• a device containing customers’ personal information is lost or stolen
• a database containing personal information is hacked
• personal information is mistakenly provided to the wrong person.

There are a few exceptions, which may mean notification is not required for certain eligible data breaches.

Agencies and organisations that suspect an eligible data breach may have occurred must undertake a reasonable and expeditious assessment to determine if the data breach is likely to result in serious harm to any individual affected.

When an agency or organisation is aware of reasonable grounds to believe an eligible data breach has occurred, they must promptly notify individuals at likely risk of serious harm. The Commissioner must also be notified as soon as practicable through a statement about the eligible data breach.

The notification to affected individuals and the Commissioner must include the identity and contact details of the organisation, a description of the data breach, the kinds of information concerned, and recommendations about the steps individuals shoudl take in response to the data breach.

As you can imagine, this process can be expensive, time-consuming and damaging to the reputation of your business. Prevention truly is the best medicine! There are many ways to protect the privacy and data on behalf of your business and your clients. You can find more information provided by the Australian government here, including what client information you are required to protect and the steps you must take (such as ensuring you have a privacy policy available) to comply withe the Privacy Act and the Australian Privacy Principles.

The Australian Cyber Security Centre (ACSC) has also developed cyber mitigation strategies that may assist in protecting your systems from cyber threats. However, a lot of the recommendations are fairly sophisticated, and sometimes it’s the basic, simple risk management activities that are what let us down, such as:

• Making sure you have good password management – don’t use the same password for everything, and use a password that isn’t easy to guess
• Provide awareness and education for yourself and your team – make sure you know what the latest scams are and what they look like, reminders NOT to click on attachments unless you are 110% confident that you know the sender and are expecting the information
• Practice locking your computer and phone when you’re away from your desk – the windows + L key is a shortcut to locking your laptop!

There are many simple ways you can protect your business – perhaps the best thing is to set a date and make a plan with your team! Delegate responsibilities and hold each other accountable for good password management and data protection measures.

Where does cyber insurance fit in?

Insurance forms an important part of your risk management framework. It works as your safety net should your business be targeted by a cyber attack or experience a data breach.

Insurance policies differ, but they can include things like:

• Business interruption loss due to a network security failure or attack, human errors, or programming errors
• Data loss and restoration including decontamination and recovery
• Incident response and investigation costs, supported by a 24/7 multilingual incident reporting hotline and on-demand vendors
• Delay, disruption, and acceleration costs from a business interruption event
• Crisis communications and reputational mitigation expenses
• Liability arising from failure to maintain confidentiality of data
• Liability arising from unauthorised use of your network
• Network or data extortion / blackmail (where insurable)
• Online media liability
• Regulatory investigations expenses

(Source: Examples above from Chubb)

Get a cyber insurance quote

Find out more or get a quote specific to your needs and your business – just contact us!

Please note: The information provided in this article is only general in nature – before making business decisions you should consider seeking advice specific to your situation.

Regardless of your individual opinion on the #MeToo movement, it continues to be headlining news and is causing policymakers and business leaders to change the way they view things like bullying, discrimination and harassment. All of these factors can result in an increase in employment and reputational risk, so we thought it was worth examining how these trends could impact our clients, their risk management practices and insurance solutions. 

Read more