I’d check the last annual report from the ACSC linked below it includes the
incidence and average cost of security incidence in general. Phishing and
associated ransomware is the most common incident.
Last year I did a piece of work that found the following.
In terms of the costs of cybersecurity breaches, there are quite different
estimates. IBM estimates the cost of an Australian data breach at $2.15 million
USD in a 2020 study although public entities experience losses of $1.08 million
USD on average as citizen’s will continue to work with the government after a
security event as there is no alternative.
The Verizon Data Breach Investigations Report 2020 found that the average loss
related to incidents was $32,200 per incident.
I recommended external parties havet $5,000,000 for Cybersecurity insurance per
incident and it should cover the following as a minimum.
Coverage
Cyber security coverage typically provides the following key first party and
third party coverages:
First Party
* Direct access to incident response specialists in the event of an actual
or suspected cyber breach
* Coverage for loss of profit due to business interruption that results
from network or system downtime
* Coverage for costs incurred in rectifying computer system damage and
recovering lost data
* Notification and monitoring costs for impacted customers
* Insurable fines and penalties resulting from a regulatory investigation
* Coverage for payment card industry (PCI) data security standards
assessments
Third Party
* Compensation and defence costs which arise from claims brought by
impacted customers or employees for breach of confidentiality obligations
* Third party privacy and breach management costs, including notification
expenses, credit monitoring costs and call centre services
Can’t provide exact figures due to commercial in confidence but it does depend
on your organisations risk appetite
https://www.cyber.gov.au/acsc/view-all-content/reports-and-statistics/acsc-annual-cyber-threat-report-2020-21
From: lg-it-bounce@xxxxxxxxxxxxx <lg-it-bounce@xxxxxxxxxxxxx> On Behalf Of
Price Nick
Sent: Thursday, 30 June 2022 9:57 AM
To: lg-it@xxxxxxxxxxxxx
Subject: lg-it Ransomware Insurance Question
[SCC External Email: Use caution with links and attachments]
Hi Everyone,
Council currently has an offer from its insurance company to increase its
ransomware insurance cover.
Does anyone have any advice about the average dollar amounts for ransomware
demands or their councils cover amounts so we can make an informed decision.
Thanks in advance
Nick Price
Information Technology Manager
PH: (02) 6959 5533 I Fax: (02) 6959 1884 I Email:
nick.price@xxxxxxxxxxxxxxxxxxxxx<mailto:nick.price@xxxxxxxxxxxxxxxxxxxxx>
[A picture containing table, food, plate, photo Description automatically
generated]
[cid:image003.png@01D88C68.6E515120]
[cid:image004.png@01D88C68.6E515120]<https://www.facebook.com/NarranderaShire/?ref=bookmarks>
[cid:image005.png@01D88C68.6E515120]
<https://www.instagram.com/narranderashirecouncil/>
[cid:image006.png@01D88C68.6E515120]
<https://www.linkedin.com/company/narrandera-shire-council/>
[cid:image007.jpg@01D88C68.6E515120]
<http://www.narrandera.nsw.gov.au/cp_themes/default/home.asp>
Stamp image courtesy of the Australian Postal Corporation.
© Australian Postal Corporation 2020
Narrandera Shire Council acknowledges the traditional owners of the lands of
Narrandera Shire, the Wiradjuri people.
This e-mail, together with any attachments, is for the exclusive and
confidential use of the addressee(s). Any other distribution, use of, or
reproduction without prior written consent is strictly prohibited. The opinions
expressed in this message are the personal views of the sender and do not
necessarily represent the corporate opinions or policies of Narrandera Shire
Council. If this e-mail has been sent to you in error, please delete the e-mail
completely and immediately from your system. Narrandera Shire Council does not
warrant or guarantee this message to be free of errors, interference or
viruses. Please note: information provided to Council in correspondence may be
made publicly available, in accordance with the Government Information Public
Access Act (GIPA Act) 2009.
[Sunshine Coast Council]<http://www.sunshinecoast.qld.gov.au/>
[Sunshine Coast Council is on
Facebook]<https://www.sunshinecoast.qld.gov.au/Council/Contact-Council> __ __
To find out more about the Sunshine Coast Council, visit us online at
www.sunshinecoast.qld.gov.au.<http://www.sunshinecoast.qld.gov.au/> If
correspondence includes personal information, please refer to Council's Privacy
Policy<https://www.sunshinecoast.qld.gov.au/Terms-of-Use> .
This email and any attachments are confidential and only for the use of the
addressee. If you have received this email in error you are requested to notify
the sender by return email or contact council on 07 5475 7272, and are
prohibited from forwarding, printing, copying or using it in anyway, in whole
or part. Please note that some council staff utilise mobile devices, which may
result in information being transmitted overseas prior to delivery of any
communication to the device. In sending an email to council, you are agreeing
that the content of your email may be transmitted overseas.
Any views expressed in this email are the author's, except where the email
makes it clear otherwise. The unauthorised publication of an email and any
attachments generated for the official functions of council is strictly
prohibited. Please note that council is subject to the Right to Information Act
2009 (Qld) and Information Privacy Act 2009 (Qld).