When encryption fails or is absent, sensitive data becomes vulnerable to unauthorised access. If a cyber event results in exposure of unencrypted or inadequately encrypted data, this may trigger breach notification obligations under the Privacy Act 1988 and trigger cyber insurance coverage for breach response costs and liability. However, insurers expect proper encryption implementation and management as part of reasonable security measures, particularly for sensitive data. Evidence of inadequate encryption practices may affect claims assessment, especially for data breach incidents.

When encryption fails or is absent, sensitive data becomes vulnerable to unauthorised access. If a cyber event results in exposure of unencrypted or inadequately encrypted data, this may trigger breach notification obligations under the Privacy Act 1988 and trigger cyber insurance coverage for breach response costs and liability. However, insurers expect proper encryption implementation and management as part of reasonable security measures, particularly for sensitive data. Evidence of inadequate encryption practices may affect claims assessment, especially for data breach incidents.