Professional Risks

Cyber Insurance

Australia is fast becoming a focus for cyber criminals and this is creating a multitude of exposures to Australian businesses which remain unaddressed by conventional insurance policies.

There has also been a recent shift in privacy legislation with the introduction of The Privacy Amendment (Notifiable Data Breaches) Act 2017 on 22 February 2018 which makes it mandatory for all qualifying business to notify a cyber breach to all effected parties as well as the Australian Privacy Commissioner.

A ‘breach’ involves an unauthorised access or disclosure or loss of personal information which is likely to result in ‘serious harm to any of the individuals to whom the information relates’ to any organisation that is subject to the Privacy Act 1988.

This legislation is applicable to:

- Companies with a turnover exceeding $3M

- Companies with a turnover below $3M if they:

• provide a health service and hold any health information (except in an employee record) including hospitals and medical practitioners as well as gyms, weight-loss agencies, child care centres and alternative medicine practices;

• disclose personal information about another individual to anyone else for a benefit, service or advantage;

• provide a benefit, service or advantage to collect personal information about another individual from anyone else;

• are a contracted service provider for a Commonwealth contract;

• are any credit reporting body; and

• are related to a business that is covered by the Privacy Act i.e. a subsidiary of an organisation the fits one of the above criteria.

Determining whether these exceptions apply can be difficult, and the Office of the Australian Information Commissioner (OAIC) has pushed for a broad interpretation of these categories.

A new piece of European Legislation, known as the GDPR (General Data Protection Regulation) and which came into force on 25^th May 2018, has a broad scope and will apply to many Australian business that:

• are data processers and controllers based in the EU;

• organisations which offer goods or services to people in the EU; or

• organisations which monitor the behaviour of individuals in the EU.

Therefore, Australian businesses must carefully consider whether they meet the above criteria, despite an absence of holding physical operations in the EU. The OAIC has stated its commitment to an internationally coordinated approach to privacy regulation. It is therefore likely to cooperate with and assist the EU Commission and supervisory authorities to enforce the GDPR outside of the EU and in Australia. 

What a Cyber policy covers

1^st Party Loss 

• Loss of Business Income
  
• Data Restoration
  
• Breach Response Costs
  
• Notification Costs
  
• Defence Costs
  
• Cyber Extortion
  
• Regulatory fines and Penalties
  
• Cyber Crime / Social Engineering
  
• PCI Fines, Penalties & Assessments
  
• Cyber Reputational Harm
  

3^rd Party Loss

• Security and Privacy Liability
  

While there are a number of internal steps a company can take to ensure they are ready for such an occurrence, a Cyber Insurance policy can demonstrate complete readiness.

Directors' and Officers' (D&O) Liability Insurance

Directors or officers of a corporation are exposed to personal financial liability in relation to any claim brought against them in their capacity as a director or officer of a corporation. These duties are significant and may arise from statute or common law.

Sources of legal action against directors and officers include:

• Regulatory Bodies

• Shareholders

• Employees

• Customers

• Suppliers

D&O insurance provides protection to past, present and future directors and officers for claims against them for wrongful acts in their capacity as directors or officers of a corporation.

Often the most significant cost of a D&O claim is the defence costs, however, it also covers damages and third party legal costs.

Employment Practices Liability (EPL)

EPL insurance provides protection to a corporation and its management for claims alleging an employment practices breach.

An employment practices breach includes:

• Discrimination

• Wrongful Dismissal

• Workplace Harassment

• Wrongful Demotion/Failure to Promote

• Wrongful Refusal to Employ

• Misleading Representation or Advertising Relating to Employment

• Employment-Related Defamation

EPL insurance provides covers for defence costs, damages and third party legal costs.

Information Technology (IT) Liability Insurance

Due to the nature of information technology services there can be some grey area as to whether a claim should fall under a Public & Products Liability policy, providing coverage for third party claims relating to bodily injury and property damage, or a Professional Indemnity Policy which covers third party claims for financial loss due to professional negligence.

The IT Liability Insurance product has been developed to address this uncertainty as it provides cover for both civil liability arising from the conduct of the Insured’s professional business practice, and third party loss caused by bodily injury or Property damage, the IT Liability policy will provide coverage for damages, third party legal costs & defence costs.

IT Liability Solutions for the ICT Industry

GSA understands your industry and works with you to understand your insurance risks:

• Be part of an organisation that has arranged insurance programs for the specialised ICT industry for many years...You will finally be dealing with professionals who understand what you do.

• Receive Quarterly Reviews of your insurance program...You will not have to worry about your Broker becoming complacent.

• Access to three risk evaluations each year by a specialist IT lawyer...Your agreements will be reviewed by a lawyer who specialises in what you do.

• GSA is recognised within the insurance industry for the quality of its underwriting submissions...You will be proposed to the insurance industry correctly.

• GSA has an enviable reputation for always working in our clients’ interests to deliver surprising and eye-opening insurance options...Your assets and potential liabilities will be fully protected.

• Receive a tailored “Written Service Commitment Statement” detailing the services we will provide...You will receive value for money and get the services you need.

• Finally, you will receive a Free Quarterly newsletter... Advice to assist you protect your business at no cost.

To arrange an obligation free quotation, please complete the application form and return to davidf@gsaib.com.au

Click below to download the form.

Investment Managers (IMI) Insurance

An Investment Managers Insurance policy protects investment fund managers against exposures faced by them relating to the raising of capital from investors. Importantly, an IMI insurance policy complies with the insurance requirements of the Managed Investments Act 1998 (Cth).

IMI policies combine Professional Indemnity insurance, Directors & Officers Liability insurance and Crime Insurance in the one policy for investment fund managers which overcomes arguments over whether the claim arises out of a breach of the fund manager’s professional duty or their duty to exercise due care and diligence in the management of the company.

Life Sciences

The life sciences industry is fast paced and highly innovative. These companies look for business partners that can keep up, and their insurance provider (Broker and Insurance Company) is no exception. GSA has access to insurers that are the insurer of choice for pharmaceutical organisations, medical device companies, healthcare product service organisations and more.

Life Sciences Industry Solutions

The offering from one of the insurers in this space is an enterprise-wide solution with specialised products for General Liability, Products and Human Clinical Trials Liability and Errors & Omissions. These products are precisely crafted for life sciences companies:

• The hybrid General Liability policy offers a dual trigger—an occurrence trigger for Premises/Operations and a claims-made trigger for Products Hazard Liability. Traditional stand-alone policies are also available.

• Errors & Omissions insurance helps protect businesses from lawsuits that allege financial losses due to failure of products or services to perform to specifications. It can be customised to respond to losses resulting from the need to stop using a product due to the risk of future bodily injury or property damage.

To arrange an obligation free quotation, please complete the application form and return to davidf@gsaib.com.au

Click below to download the form.

Management Liability Insurance

The intention of a Management Liability policy is to protect the individuals and the company in relation to the exposures associated with managing a company. The key elements of cover are as follows:

• Directors and Officers Liability

• Company Reimbursement

• Employment Practices Liability

• Crime

• Statutory Liability

• Trustees Liability

• Internet Liability

• Kidnap, Ransom & Extortion

Medical Malpractice (Med Mal) Insurance

Medical malpractice insurance provides cover for claims arising out a breach of professional duty in the conduct of a medical practice/profession.

Medical Malpractice insurance will typically cover damages, third party legal costs and defence costs relating to legal liability for third party bodily injury, death, mental illness or disease caused by a breach of professional duty.

Professional Indemnity (PI) Insurance

Individuals who provide professional services have legal obligations to clients and other third parties in conducting their business and may have a personal exposure.

Professional Indemnity (PI) insurance provides cover for claims made against professionals alleging a breach of professional duty.

Policies can cover individuals or a corporation and its directors and employees.

A PI policy typically covers damages, third party legal costs and defence costs.

PI insurance should be considered by any individual who is providing advice and/or services of a skilful nature according to an established discipline.

Prospectus Liability (IPO) Insurance

Prospectus liability insurance is essentially a specific D&O policy which provides protection to the corporation and its directors and officers against exposures relating to the listing of a corporation on a stock exchange.

The process of listing a corporation creates unique exposures to directors and officers. An IPO insurance policy provides protection to cater specifically to those issues.

Policies can be purchased on a multi year basis thereby offering long term protection to the directors and officers.

Social Engineering

Social Engineering Fraud (SEF) is one of the fastest growing uninsured commercial exposures facing businesses today. A good example of SEF is whereby an innocent employee is induced by way of a fraudulent email from someone pertaining to be a vendor, client or employee of the organisation (which is actually sent by a fraudster) instructing them to transfer funds to a bank account linked to the fraudster. 

This is a very simple example, however, the claims examples that we have seen from the past 12-months vary greatly in their level of sophistication.

How social engineering can occur:

Start - Attacker spoofs your domain to impersonate a senior member of your staff.

The Phish - Emails are sent to vulnerable members of your team requesting different things to happen. Send money, supply sensitive documents or login credentials.

The Response - Vulnerable staff act quickly to action requests from senior staff. The most common occurs between CEO and finance team.

The Result - Funds are lost. Senior positions put at risk. Legal action can occur. Data breach laws lead to large fines. 

Speak to GSA if you would like to find out more about how a Social Engineering Fraud policy could protect you and your business.