Getting cyber ready ...

Australian businesses are being urged to ensure they have a cyber incident response plan in place. And it doesn’t have to be much more complicated than simply knowing who to call in the event of falling victim to a cyber-attack.

“Time is of the essence when it comes to a potential cyber incident, and therefore of paramount importance is having cyber incident response experts on speed dial. In our experience, very few organisations have all the required expertise in-house to effectively respond to a cyber-incident,” said Sean Hayes, Head of Crawford TPA in Australia.

“We have moved to the point now that most businesses have cyber insurance. But the next must-have purchase, if the worst happens, is expert-led incident response services. What we are saying is that businesses should be doing their research now on who they want holding their hand in that situation. The last thing you want is to be figuring that part out during an incident or after an attack.”

Hayes noted that while data and privacy related cyber incidents had become high profile in Australia over the past 12 months due to the Optus and Medibank incidents, this is only one style of cyber security incident.

“Arguably of even higher concern is the type of cyber security incident that prevents or materially interrupts the delivery of vital services or completely stops manufacturing of essential goods.

“The vast majority of businesses, regardless of location or size, rely upon either one or a network of computers. The rise in the automation of production and manufacturing processes, cloud computing, virtual working and paperless environments create this additional aspect to cyber risk for any business where operational capabilities can be brought to a standstill. This can be crippling from both a revenue and reputation perspective without creating a security or privacy data breach exposure,” Hayes explained.

The Australian cyber incident response landscape is rapidly evolving, according to Hayes. 

“Unlike the rest of the world, Australia is in this interesting place because largely it’s big name law firms that are dominating the market and providing the full incident response tools. What that means is that businesses are calling a law firm as soon as the attack happens, and the client is then paying legal rates for many elements of the cyber security response that are not actually legal work.

“At Crawford, we’ve got a cyber product which we call ‘claims led, lawyer supported’ and that essentially means we are attaching the right task to the right role, or set of expertise, so the cost isn’t any higher than it ought to be,” Hayes said.

Over the past two years, Crawford has brought together a highly regarded and vetted panel of cyber experts covering each specific element that makes up its cyber incident response toolkit.

“Within our own ranks we offer claims management, forensic accounting, incident project management, and legal expertise, and then clients can take comfort knowing we have done all the hard work in sourcing the best experts for other components, such as forensic IT analysis and dark web monitoring. Essentially, with one phone call to Crawford, you will have access to all the right experts and you can be assured that costs will be controlled.”

As part of Crawford’s cyber product offering, Hayes works closely with Nik Stanisic, Partner at HBA Legal, Crawford’s Australian law firm.

Stanisic noted that legal professional privilege can only be offered up by legal practitioners.

“Because HBA Legal is fully owned by Crawford, when Crawford is briefed in on cyber matters from the outset and engaged by the client, we are uniquely positioned to offer up that legal professional privilege just like other law firms,” said Stanisic.

“Responding to a cyber security incident requires understanding the evolving regulatory requirement, engagement with all key stakeholders, the strategic management of the loss and mitigation actions, support of decision making and communicating those decisions to insurers to aid Policy consideration, expectation management, reserving, quantification and negotiation of settlement – all of which should be undertaken in a timely and effective manner, but not all of which require the skills, or the cost, of a lawyer.

“Of course, there are things involved in cyber situations that absolutely you want legal eyes on, and we have that element covered too thanks to our cyber team at HBA Legal,” Stanisic explained.

Crawford Australia President Tim Jarman said the mitigation of risk, impact and exposure following a cyber security incident is of utmost importance to all parties and therefore having the right incident response company on one’s side is crucial.

“Particularly as we enter a period of inflation, the insured’s primary focus will be on recovering the business, aligned to the specialist advice and services received. However, insurers understandably want a level of certainty around their exposure while supporting the insured’s needs, aligned to the cover held.

“We have developed what I believe is one of the strongest cyber risk products on the market - while HBA sits as part of the Crawford team and offering to clients, its solicitors support Crawford to drive to the necessary claims outcomes in the most cost effective way. The law firm does not drive the cyber claim or the response, rather it weighs in with legal advice when necessary,” Jarman concluded.

Key Crawford contacts:

• Sean Hayes, Head of Crawford TPA: [email protected]
• Lucas Bressanutti, Financial & Forensic Accountant (Crawford Forensic Accounting Services): [email protected]
• Nik Stanisic, Partner, HBA Legal: [email protected]
• Paul Handy, Global Head of Cyber: [email protected]