Common Cyber-Risk Misconceptions
Did you know that all directors of Australian companies have a fiduciary duty to ensure a robust approach is taken towards cyber resilience? A breach of such obligations can leave directors potentially exposed to personal liability under section 180 of the Corporation Act.
Despite a wealth of information being available on cyber risks, it is still very common for businesses of all sizes to underestimate their own exposure. Don't let your business, or yourself, be caught out. Take a moment to explore some common misconceptions about cyber-risk.
| Common Misconception | Comments |
"I'm too small to be a target." | While attacks against smaller companies do not make headlines, insurers claim they are frequent and increasingly severe. As of 2018, the Australian Small Business and Family Enterprise Ombudsman (ASBFEO) reported the following statistics:
Furthermore, the Ponemon Institute 2017 study, as at June 2017, into the cost of data breach in Australia declared the average total cost to affected Australian companies at $2.51m each. It is therefore not surprising that so many small businesses shut down after a breach. |
"We don't collect sensitive data, so we have no exposure." | Data breaches are just one of the many cyber risks facing businesses. Some further examples include but are not limited to:
|
"We've invested in our networks so that they are secure." | According to ASBFEO as at 05 January 2018, 87% of small businesses believe that antivirus software alone protects their business from cyber attacks. Investing in security is paramount as this must be your first line of defence. However, claims have shown that despite significant investment in securing networks, no one can ever be 100% secure. Cyber criminals are becoming increasingly sophisticated, relentlessly finding ways in which they can infiltrate networks. Further, some cyber threats do not necessarily involve accessing third party networks. For example, social engineering fraud or the actions of a rogue employee(s). Refusing to purchase cyber insurance because you have IT security controls is akin to refusing to buy property insurance because you have physical security controls - the two should not be mutually exclusive. |
"Our third party cloud provider is responsible for our data/networks." | Incorrect in most circumstances. If the cloud service provider suffers an attack and goes down, meaning you cannot operate, it is your business that will potentially suffer first party business interruption and the additional costs incurred in attempting to continue trading. It can prove extremely difficult, potentially impossible, to recoup these losses from your IT provider. |
"If my funds are stolen, my bank will reimburse me." | If the bank was not negligent or at fault, the bank will most likely not reimburse you. You will most likely be held responsible if there was negligence on your part which allowed unauthorised access or if you or an employee were deceived into voluntary or erroneously wiring funds to a fraudster, i.e. social engineering scam. |
We note that the above misconceptions are generic and may not be accurate in relation to your specific circumstance. We further note that there may be other misconceptions relating to cybercrime that have not been included above.
The information provided in this article is of a general nature only and has been prepared without taking into account your individual objectives, financial situation or needs. If you require advice that is tailored to your specific business or individual circumstances, please contact Coverforce directly.
Contact Coverforce
Don't get caught out. Learning about cyber security and understanding common misconceptions can help you manage risks and address any vulnerabilities before it's too late.
To find out more about getting reliable insurance cover for your business, contact Coverforce and speak to one of our experienced insurance brokers today.
Find this article helpful? Click on one of the links below to share the content.
