Class-action lawsuits related to cyber breaches could become a reality in the Australian market, and one leader says the best way to avoid potential damage comes via mitigation.
Nigel Thomas, divisional chief executive at Austbrokers Network at AUB Group, said that whilst the legal fraternity will ultimately decide whether cyber class actions progress in Australia, if the US experience is anything to go by, it could be the logical next step in the market and mitigation is key to avoiding litigation.
“My personal opinion would be that we are going to find that this [class action] does take place in the event that these things [cyber breaches] occur,” Thomas told Insurance Business. “The focus for us, I think, is saying that, whether the class actions happen or not as a result, what we are really focused on is as that risk advisor making sure that the right policy, the right mitigations and the right structures are in place for the clients. That is where our attention is really focused.”
In the US, lawsuits have already made their way through the courts related to cyber breaches, with several firms already agreeing multi-million dollar settlements. With the current shareholder class-action climate in Australia approaching record highs thanks to an influx in litigation funders, Australia could head down a similar path.
Thomas noted that for businesses it is important to consider what the most damaging aspect of a cyber breach could be for their organisation. Whilst class actions related to Australian cyber breaches are – so far – a hypothetical, the fall-out from a cyber incident is well known and will become even more so thanks to mandatory breach notification.
“These are the things that businesses need to think about – where is the damage going to come?” Thomas said. “You might find that your breach notification results in a pretty poor public image, and therefore you have loss of customers – and that is where you have to say the insurance is the last line of defence. You have to be upfront saying, ‘What systems and processes and procedures do we have in place in the business, and how are we working with our advisors to mitigate the risk in the first place?’”