How to keep COVID-19 out of your workplace

Click the link below to read our latest e-newsletter

Below is a link to educate brokers about data matching processes, which is now a requirement by the ATO to insure we are adhering to compliance profiling.

By clicking below you will be redirected to our Winter Newsletter for 2020

Under the Corporations Act, directors are required to have particular regard around their duty of care, due diligence and continuous disclosure obligations when running a company. This applies to directors involved in running a private, as well as a public organisation. Such obligations extend to all aspects of a business, including a business’s IT infrastructure and security.

Directors are no longer able to push the responsibility of cyber compliance on to the IT department or to a third party IT service provider. It is a director’s duty to be involved in managing and understanding the real risk associated with cyber security, along with ensuring a strong compliance regime exists that addresses cyber security within the business. Failure to discharge such duties can expose directors to claims from shareholders, along with investigations from regulators such as the Australian Investment & Security Commission (ASIC) and the Office of the Australian Information Commissioner (OAIC).

Australian Government agencies, not for profit organisations and all businesses with revenue greater than $3m have responsibilities under the Privacy Act 1988. Even those small businesses with less than $3m of revenue but who collect health information, sell and/or purchase personal information for a benefit have obligations under the Act. It is becoming more common for small businesses to ‘Opt In’ to the Privacy Act and therefore send a clear message to their clients that they are committed to strong privacy practices. In recent times the Australian Privacy Principals have been updated through the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cth). Australian Privacy Principal (APP) 11 requires entities governed by the Act to take reasonable steps to protect personal information it holds from:
(a) Misuse, interference and loss; and
(b) From unauthorised access, modification and disclosure.

Significant penalties may apply for breaches of the Privacy Act, including fines of up to $340,000 for individuals and $1.7m for organisations. With this in mind, directors of companies need to start understanding the following about their business.

  • Who is responsible for cyber security within the organisation? Is there a dedicated Information Security Officer? Do the Board of Directors have oversight around cyber security? For SME businesses, does the director(s) understand how IT is managed within the business? If it is
    outsourced, do they understand the terms and conditions in place with the outsource providers?
  • Does the company have policies in place that identify external and internal threats to the organisation? How does the organisation deal with mobile device security and off site access to systems?
  • Does the company have an incident response plan in place and how effective is this plan? Does it specifically deal with IT downtime caused by malicious threats and accidental human errors? Has the plan been tried and tested and is it distributed to key members within the organisation?
  • What insurance does the organisation carry to deal with cyber breaches? What are the limits? Are there specific exclusions which may remove cover for the organisation in certain ways? Is it a full
    cyber policy, or an add on policy? Does it provide access to a strong incident response team who can support an organisation when an incident occurs?

With obligations on directors increasing at a rapid rate, cyber risk management should now be at the forefront of all directors’ minds.

A message from our Managing Director, Tony McCormick.

The recent Cyber Attacks on the Australian Government Offices and Business is yet another reminder of how financially devastating these matters can be.

Many of these are not specifically targeting businesses, just mass attempts to get in to computer systems.

In March this year, we had a very small Cyber Incursion, by way of Business Email Compromise.

Quickly found and having our IT Managed Service Provider, working in partnership with our Insurer’s Cyber Security Firm, the problem was fixed very promptly.

As at yesterday we have costs of $56,632.13 and we still have some more costs to come.

All paid by our Insurer.  A quality Cyber Insurance Policy and Response Program.  The word quality is very important here.

The costs from our IT MSP (like many others, these costs are not covered in our regular Agreement), Cyber Security Firm, Specialist Vendor to establish and report on what the attackers looked at, notification to the OAIC (Office of the Australian Information Commissioner ) and we are still to finalise the last two aspects before this will be complete.

This was a very small attack but as you can see, costs have added up quickly and it will probably be four to five months of time to put this behind us.

As the Manager of our Cyber Insurance Placement Team said yesterday, “Scary times mate, any client that doesn’t have cyber insurance is risking their livelihood now!”

Please put in place as a matter of urgency, a high quality Cyber Insurance Policy/Program, that includes a very prompt, proven and effective Cyber Response arrangement.

Contact one of our Professional Account Managers to discuss.


A.P (Tony) McCormick and The MHI team.

By clicking the button below you will be redirected to our Autumn Newsletter for 2020


An update on how McCormick Harris Insurance Group are operating during this global crisis, and what that means for our staff and clients.

Given the recent events and the various announcements in regards to COVID-19, we want to ensure our staff and customers that your safety and well-being is our highest priority, and we are taking a number of preventative measures to ensure the health and safety of all.

At this point in time, we will continue to open our offices until otherwise advised. We have put precautionary measures in place to ensure a safe environment for all our staff, however as of the 23rd March 2020 our staff will be working split shifts at work and home.

This is a logical and appropriate response to the developing situation. This will help minimise groups working together whilst at the same time looking after our client’s needs.  

Email and mobile contacts will always remain the same as always, and are found under the Menu, Offices tab, selecting your Location. Click here to be directed to the Offices tab.

As we are still partially open, the following guidelines have been put in place for all offices Australia-wide:

1. Staff will be required to work from home and seek medical advice if feeling unwell. 

2. At this point in time, no face-to-face Insurance Review meetings will take place unless absolutely necessary. We would prefer to hold these meetings via phone or video-link. This is to ensure the safety of not only our staff but clients too. 

3. Cleaning processes have been upgraded, including wiping down surfaces regularly and having a supply of anti-bacterial soap and hand sanitizer throughout all offices. 

4. All staff who have recently returned from overseas will remain at home in self-isolation.

5. We ask that clients please refrain from coming into the office during this time, and encourage you to utilise other methods of making payment for your policies. The options include BPay, Cheque via post or you can also pay our invoice at your local Post Office, in the same manner you would pay for your utility bills.

6. All desks are to be spaced at a reasonable distance between each other to avoid person-to-person contact, as well as alternating staff in the office and at home to avoid large group gatherings.

We appreciate your ongoing support at this time and promise to deliver exceptional Advice, Solutions and Service as always. We will continue to monitor this situation and will place updates on our website as required.

We wish you all health and safety during these trying times. Please check on your loved ones, keep up to date with accurate news, practice good hygeine and above all else look after each other. We are Australian, and if nothing else we are resilient. We will get through this crisis together. We are one, but we are many.

Warm regards

A P (Tony) McCormick 
Managing Director, McCormick Harris Insurance Group

We recently became aware that the below suspicious email was sent from what appeared to be one of our staff members.

The email contains the subject line “[Invitation To Edit: Executed Contract]”, which also prompts you to login to a OneDrive account.

A copy of the email is below:

What do you need to do?

If you have received the email, please disregard and delete it.

Please do not click on the hyperlink, enter your login details or download any attachments.

If you have already clicked on the hyperlink, entered your login details or downloaded any document, you should immediately change the password to your email account and any other accounts that share the same username (email address) and/or password.

If you receive any further suspicious emails, you are unsure of their authenticity, or have any other questions, please contact your IT support for further advice.

What are we doing?

Immediately upon becoming aware of the issue, we commenced an investigation with the assistance of specialist external IT experts and cyber security consultants, driven by our Cyber Insurer.

Our external IT advisors are in the process of investigating the incident, and appropriate action is being taken.

Please contact me if you have any questions about the above.

Kind regards

A P (Tony) McCormick
QBIP – Diploma Financial Services (Broking) – CIP
Managing Director