Close
decorative

VMIA’s Cyber Insurance policy covers your organisation for expenses related to your data breach responses. Your department, agency (or hospital) and its directors, officers and employees are all covered.

Many organisations handle personal and corporate data daily, whether it’s employee profiles, credit card information, sensitive demographic information or budget and funding information. In an ever-increasing legal and regulatory environment, our Cyber Insurance policy provides a risk transfer solution if your data is put at risk because of a cyber incident.  

What’s covered?

VMIA’s Cyber Insurance covers first party expenses (incurred by your organisation in the event of a cyber incident) and third party expenses (amounts your organisation is legally liable to pay to third parties, as a result of a cyber incident).

Protection for your organisation includes:

  • forensic team expenses
  • call centre expenses
  • public relations and crisis management expenses
  • cyber extortion loss, including negotiation, security consultants and extortion payment to end the threat
  • restoring, recreating or recollecting corrupted, damaged or deleted data
  • operational costs and additional costs incurred due to a computer security failure
  • notification costs involved with notifying affected persons of a data breach and/or the Privacy Commissioner
  • data administration investigation costs, fines and penalties.

Protection for claims made by third parties includes:

  • theft, loss or unauthorised disclosure of personally identifiable or third party corporate information
  • computer security failure resulting in corruption, alteration or destruction of data, or failure to prevent the transmission of a virus or malicious code
  • failure to comply with a privacy policy
  • cover for PCI fines and costs.

This is a brief overview of policy features only. For full details, please refer to the policy wording in the attached policy document below.

Reporting an incident

A Cyber Incident Response Service (CIRS) is now available to all Victorian Government organisations. It is a confidential service provided by Enterprise Solutions within the Department of Premier and Cabinet.

Enterprise Solutions will also analyse information received as part of this service to keep other Victorian Government organisations up-to-date about current threats and opportunities to further protect their clients and services. This will be done at an aggregate level with no specific organisations identified.

What incidents should be reported?

  • suspected or confirmed malware or ransomware phishing emails that reach government employees
  • suspected or confirmed data breach; theft, loss or unauthorised disclosure of personal data
  • denial-of-service (DoS/DDoS) activity on a government system
  • website defacement
  • unauthorised use of government branding in phishing emails
  • other forms of malicious cyber activity.

To report an incident, contact the Cyber Incident Response Service:

Phone 1300 CSU VIC / 1300 278 842
Email cybersecurity@dpc.vic.gov.au

Cyber Insurance Claims

VMIA has partnered with Beazley Group, a global group of insurance professionals, to manage claims. As soon as you suspect any theft, loss, unauthorised disclosure of, or unauthorised access to, information within your organisation, you should immediately notify Beazley and copy VMIA. The sooner we know about an incident, the more we can do to help.

VMIA

Phone 03 9270 6900
Email claims@vmia.vic.gov.au

Beazley

Phone 1800 254 492
Email  vmiaclaims@beazley.com

Please include the following in your notification:

  1. a short description of the incident
  2. the date the incident occurred (if known)
  3. the date your organisation discovered the incident
  4. whether you have already engaged DPC’s Cyber Incident Response Service; and
  5. contact information for the designated breach coordinator.

Please do not include any personally identifiable information or protected health information.

At this stage in your investigation, please try to preserve all evidence and secure your IT systems. A VMIA or Beazley Claims Manager will respond to the notice (generally within 24 hours) and schedule a phone call to discuss the incident and preliminary investigation. We recommend that key stakeholders within your organisation (those who will be involved in investigating the incident) be included in this phone call, but at a minimum, your designated incident response coordinator.

Beazley or VMIA’s claims team will be in contact within 24 hours of receipt of your notification to advise next steps.

Policy documents 

More information

For more information about your insurance policies, email us at contact@vmia.vic.gov.au

Page last updated: 3 August 2018