Australia among regional leaders for cyber penalties

Australia among regional leaders for cyber penalties | Insurance Business

Australia among regional leaders for cyber penalties

Australia is one of the strictest countries in the Asia-Pacific region when it comes to data breach penalties, a new report has found.

The Data Risk Management Barometer, commissioned by tech firm Dell EMC, has revealed that Australia has one of the harshest set of penalties for data breach, with maximum penalties set at $1.8 million.

“Based on research available publicly, Singapore appears to have the highest amount of financial penalty that can be imposed on corporations, closely followed by Australia,” the report states.

The report notes that enforcements within the Asia-Pacific region are “hugely varied” with fines rising to close to $1 million in places like Singapore and Australia, but nations like Japan languish behind with fines of as little as $12,000.

“As more organisations across the region become digitally-driven, this will increasingly become a higher priority,” the report continues.

Global cyber legislation is set to undergo a major shakeup with the launch of the European Union’s General Data Protection Regulation (GDPR) on May 25 which will have extra-territorial applicability and sees all businesses that deal with the information of EU residents subject to a fine of up to 4% of annual global turnover or €20 million ($32 million), whichever is greater, should they suffer a breach.

Australian legislation has just undergone its own an overhaul, with mandatory breach notification launched last month. With this in mind, Sarah Stephens, head of cyber, content and new technology risks at JLT, said that while increased legislation does have its positives, there can also be some negatives.

“One of the things we have seen around the world is that notifying consumers about data breaches over and over again does create a degree of breach fatigue so it can lessen the impact where there has been an incident where consumers do need to protect themselves,” Stephens told Insurance Business.

“From that perspective, for Australian businesses this is an added level of disclosure requirement so most might not see it as a good thing but in some cases it could be the right thing to do for their customers.”

 

Related stories: