Data breaches and cyber incidents are common and increasing.

Their success is often attributed to human error or the exploitation of misconfigured systems.

The results can be costly.

Some of these costs can be for damages awarded to the individual(s) involved, but other expenses can quickly add up.

This could include defence costs, investigative costs, notification and response costs, regulatory penalties and more.

While the thought of a cyber-related incident can be scary, by implementing some simple strategies you can help avoid one.

Develop a robust incident response plan

Data breaches cannot be handled well on the fly.

Advanced planning can help avert serious reputational or financial harm.

A well thought out and practised incident response plan should guide the management of a breach, from the initial suspicion that something is amiss to detection, responding to the breach and recovery.

The plan should aim to reduce the potential damage of an incident and include strategies to recover as quickly as possible.

Provide training and processes

Preparation is key to avoiding a potential cyber incident.

Train your employees to be aware of the information they need to protect.

Educate them about best practices, principles and standards relating to privacy and confidentiality.

Implement clear policies and guidelines for your staff to follow in the event of a cyber incident.

Limit access to your clients’ data to those who really need it.

Cyber incidents don’t only happen from the outside; employees can accidentally or maliciously cause an incident.

By limiting access, you reduce the number of employees who could make an error, which means fewer systems for you to monitor.

Review supplier contracts

More ‘hands’ on your data means more potential risk.

Audit your supplier and vendor contracts to ensure they are using secure systems and identify any potential risks to the handling of your clients’ data.

Consider cyber insurance

Cyber insurance can help in the event of a cyber-related incident.

BMS Risk Solutions Pty Ltd, APA’s trusted insurance partner, offers a comprehensive cyber liability insurance policy for Australian physiotherapy businesses.

The cover is designed to help physiotherapists manage the risk of personally identifiable data of clients, employees and others.

The policy includes cover for:

• ransomware


• regulatory defence costs and penalties resulting from a violation of a privacy law


• costs involved in notifying individuals affected by the breach


• payment of damages to a third party, including coverage for your legal expenses.

Call 1800 931 068 to find out how BMS can help you and your business or click here to apply for cyber insurance.