Common Cyber-Risk Misconceptions

Published: 16/11/2018

Common Cyber-Risk Misconceptions

Did you know that all directors of Australian companies have a fiduciary duty to ensure a robust approach is taken towards cyber resilience? A breach of such obligations can leave directors potentially exposed to personal liability under section 180 of the Corporation Act.

Despite a wealth of information being available on cyber risks, it is still very common for businesses of all sizes to underestimate their own exposure. Don't let your business, or yourself, be caught out. Take a moment to explore some common misconceptions about cyber-risk.

Common Misconception Comments

"I'm too small to be a target."

While attacks against smaller companies do not make headlines, insurers claim they are frequent and increasingly severe. As of 2018, the Australian Small Business and Family Enterprise Ombudsman (ASBFEO) reported the following statistics:

  • small business is the target of 43% of all cybercrimes;
  • as a result of the 2017 Ransomware attacks, 22% of small businesses impacted could not continue operations;
  • the cost to the Australian economy in relation to cybercrime is >$1b annually.

Furthermore, the Ponemon Institute 2017 study, as at June 2017, into the cost of data breach in Australia declared the average total cost to affected Australian companies at $2.51m each. It is therefore not surprising that so many small businesses shut down after a breach.


"We don't collect sensitive data, so we have no exposure."

Data breaches are just one of the many cyber risks facing businesses. Some further examples include but are not limited to:

  • electronic funds transfers are vulnerable to funds transfer fraud;
  • social engineering scams are successfully hitting all businesses and industries;
  • first party business interruption losses do not require a business to collect sensitive data to be exposed - merely being unable to access their systems puts certain businesses at risk of financial loss, particularly where technology is increasingly utilised in day-to-day operations.

"We've invested in our networks so that they are secure."

According to ASBFEO as at 05 January 2018, 87% of small businesses believe that antivirus software alone protects their business from cyber attacks.

Investing in security is paramount as this must be your first line of defence. However, claims have shown that despite significant investment in securing networks, no one can ever be 100% secure. Cyber criminals are becoming increasingly sophisticated, relentlessly finding ways in which they can infiltrate networks. Further, some cyber threats do not necessarily involve accessing third party networks. For example, social engineering fraud or the actions of a rogue employee(s).

Refusing to purchase cyber insurance because you have IT security controls is akin to refusing to buy property insurance because you have physical security controls - the two should not be mutually exclusive.


"Our third party cloud provider is responsible for our data/networks."

Incorrect in most circumstances. If the cloud service provider suffers an attack and goes down, meaning you cannot operate, it is your business that will potentially suffer first party business interruption and the additional costs incurred in attempting to continue trading.

It can prove extremely difficult, potentially impossible, to recoup these losses from your IT provider.


"If my funds are stolen, my bank will reimburse me."

If the bank was not negligent or at fault, the bank will most likely not reimburse you.

You will most likely be held responsible if there was negligence on your part which allowed unauthorised access or if you or an employee were deceived into voluntary or erroneously wiring funds to a fraudster, i.e. social engineering scam.



We note that the above misconceptions are generic and may not be accurate in relation to your specific circumstance. We further note that there may be other misconceptions relating to cybercrime that have not been included above.

The information provided in this article is of a general nature only and has been prepared without taking into account your individual objectives, financial situation or needs. If you require advice that is tailored to your specific business or individual circumstances, please contact Coverforce directly.


Contact Coverforce

Don't get caught out. Learning about cyber security and understanding common misconceptions can help you manage risks and address any vulnerabilities before it's too late.

To find out more about getting reliable insurance cover for your business, contact Coverforce and speak to one of our experienced insurance brokers today.


Find this article helpful? Click on one of the links below to share the content.

Are you looking for expert risk advice and great value cover for your business? Call us to speak to a Coverforce insurance broker today.

Our Insurance Brokers service clients throughout Australia, with key offices in Sydney, Melbourne, Brisbane, Adelaide and Perth.

Our global insurance network

Our brokers can access more than 100 insurers across the globe to find your business quality cover at the right price.

Insurer logo AIG
Insurer logo Allianz
Insurer logo Blue Zebra
Insurer logo CGU
Insurer logo CHU
Insurer logo Chubb
Insurer logo Dual
Insurer logo GIO
Insurer logo GT
Insurer logo Hollard
Insurer logo Liberty
Insurer logo Lloyds
Insurer logo Longitude
Insurer logo Mecon
Insurer logo Miller
Insurer logo NTI
Insurer logo QBE
Insurer logo Quanta
Insurer logo SUU
Insurer logo UAA
Insurer logo Vero
Insurer logo Zurich

Terms of Use  |  Legal Notices  |  Target Market Determinations  |  Contact Us  |  Copyright © 2018 Coverforce Pty Limited. All rights reserved.