Australian companies using the Internet as part of their business operations could be in breach of the law if they fail to have insurance coverage for hack attacks.
According to Deacons lawyer Leif Gamertsfelder business operations that rely on the Internet are exposed to a high level of risk from hackers and shareholders expect e-hacking security insurance.
There are a range of insurance products on the market today that cover hacking related risks including computer systems fraud, virus attacks, business interruption due to denial of service attacks, and public relations crisis management.
"In the US the Internet related insurance business is doubling every six to 12 months; this is a trend we may see repeated in Australia as more corporations realise their standard insurance policies don't extend to e-security risks," Gamertsfelder said.
Type of coverage is determined by exposure but Gamertsfelder said an e-security audit is essential and companies that have effective e-security measures will pay lower rates.
"A company that engages an insurer approved to perform regular security audits and uses insurer-approved products in its network infrastructure will undoubtedly pay much lower premiums than a company that relies on security firms that have little or no industry reputation," he said.
This may have the added benefit, he said, of eliminating e-security "snake-oil merchants".
"A policy that pays for business losses after just four hours following an attack that shuts down a critical system may cost more than a policy that doesn't cover losses until the system has been offline for more than 24 hours," Gamertsfelder added.