It’s “only a matter of time” before Australian businesses follow the US trend and face class actions lawsuits as a result of data breaches, AUB Group has told clients.

It says companies face class actions, reputational damage, client exodus and increased costs if they suffer data breaches under privacy laws that took effect in February.

The Notifiable Data Breaches (NDB) scheme makes it compulsory for businesses with at least $3 million annual turnover to report breaches to affected individuals.

“The US is already seeing class-action lawsuits as a result of data breaches, so it could be only a matter of time before Australian courts start seeing a similar pattern,” Austbrokers Divisional CEO Nigel Thomas said.

“Organisations that fail to keep data secure and don’t take the prescribed steps under the NDB legislation can be fined up to $2.1 million, before an affected individual even considers taking legal action. The civil penalties could end up costing the business much more.”

About 80% of listed companies expect cyber risk to rise over the next year, but only 45% are confident of detecting, responding and managing an intrusion.

“Rejecting cyber insurance is as risky as refusing to insure business premises against fire,” Mr Thomas said. “Businesses hope they won’t have to deal with a data breach such as a cyber attack and smart organisations will take all possible steps to prevent a successful attack.

“However, if the worst-case scenario happens, the right cyber-insurance policy can help businesses recoup losses associated with… an attack, including legal action.”