What is the cyber risk to small and medium business?

Over the 2020–21 financial year, over 67,500 cybercrime incidents were reported to the Australia Centre for Cyber Security (ACSC). This is an increase of nearly 13 per cent from the previous financial year, and equates to one cyber attack every 8 minutes compared to one every 10 minutes last financial year.

Cyber-attacks are an extremely lucrative form of criminal activity, which is fueling a dramatic increase in the number of attacks on Australian businesses of all sizes.

• 43% of reported data breaches involve small businesses (Verizon).
• The average financial loss per incident in Australia is $6,000 (ACSC).
• Nearly 50% of businesses do not spend more than $500 on IT security annually (ACSC).

‍

Cyber-attacks & the cost to your business

Cyber-attacks on a business can involve costs that arise due to:

The cost of ceasing operations

Cyber-attacks can paralyse business systems, and cause mass loss of business records often rendering companies unable to operate. This can cause significant loss of income to your business.

‍

Ransom payments‍

Ransomware attacks often see business systems shutdown, with access only granted once the ransom payment is made. This can occur multiple times in one cyber incident, maximising the return for the perpetrator.‍

‍

Data restoration & hardware replacement

IT specialists may be required to restore data, this can be extremely costly, particularly if hardware is irreparable and requires replacement.

‍

Cost to investigate‍

Specialist forensic investigators are often engaged to ascertain what happened, if data has been stolen and to identify perpetrators. This is a costly but necessary expense.

‍

Third party damages

‍Compensation may be payable for any customers who suffer financially if their personal data is stolen in an attack.

‍

Legal defence costs‍

If a third party launches legal action for damages incurred in an attack, you may need to engage legal services to defend yourself. This can amount to tens of thousands of dollars.

‍

Statutory fines & penalties

‍Privacy laws can see businesses fined up to $1.8m and individuals $360,000 if they fail to report a data breach to the Office of the Australian Information Commissioner.

‍

Reputational repair

‍If a cyber incident becomes public knowledge, it can be highly damaging for your brand. PR professionals are often required to manage the fallout and help you support customers who feel their personal data is not secure.

‍

COULD YOUR BUSINESS WEATHER THE COST OF A CYBER-ATTACK? PREPARATION IS THE BEST FORM OF DEFENCE.

‍

What is Cyber Insurance?

Cyber Insurance is designed to help protect your business from the financial impact of a computer hacking or a data breach. This risk exposure is not covered by a traditional business insurance policy.

‍

Who needs Cyber Insurance?

Any business with a website or electronic records, or an IT system that connects to the internet is vulnerable. IT security systems are simply not enough in the digital era.

Like any vaccination, current antivirus software protects you from what is known, not what is not. That means SMEs need stronger protective measures to defend against everchanging and ever-present cyberattacks (Emergence).

‍

What can Cyber Insurance cover?

First party losses

• Business interruption losses, for the business and external suppliers
• Cyber-extortion
• Electronic data replacement

Third party losses

• Security and privacy liability
• Legal defence costs
• Regulatory breach liability
• Electronic media liability

Additional expenses

• Crisis management expenses
• Notification and monitoring expenses

‍

Who would you call if your business suffered a Cyber-attack?

Cyber Insurance can assist in coordinating a cyber-attack response and recovery, engaging specialists to help your business return to normal as soon as possible.