Could your business survive a cyber-attack?
The prevalence of sophisticated and well-disguised cyber threats is a growing concern for small to medium sized business owners and managers.
In the latest Annual Cyber Threat Report from the Australian Cyber Security Centre (ACSC), cybercrime is reported on average every 7 minutes. This is a 13% increase from the previous financial year.
Globally, the collective income from cybercrime is estimated to reach $10.5 trillion USD annually by 2025. If this were a country, it would equate to being the third largest economy after the United States and China.
Small businesses are big business for cyber criminals
SMEs are considered easy targets by cyber criminals. This is because they don't always have dedicated in-house IT resources or implement the latest security updates and protocols.
The highest average reported financial losses were in the Northern Territory (over $40,000 per cybercrime report where a financial loss occurred) and Western Australia (over $29,000).
A 14% rise in the average reported loss for the financial year 2021-2022:
$39,500
for small businesses
$88,400
for medium sized businesses
Understanding the main causes of a data breach goes a long way to mitigating its impact.
Common data breach causes
A data breach can be broken down into three categories:
- Cyber Attack
- Phishing scam - email and scam messages
- Ransomware / Malware
- Online Identity Fraud - to attain Personal Identifiable Information (PII)
- Distributed Denial-of-Service (DDoS) - this floods a server with internet traffic to prevent users from accessing online services and sites.
- Human Error
- Failure to configure devices correctly - especially bring your own device (BYOD) for remote or hybrid employees
- Inadvertently opening a scam email or website
- Purposeful data breach by a disgruntled or ex-employee
- Not correctly following or updating security protocols
- Physical Attack
- Document or device theft
- Incorrect disposal of older devices
- Skimming card or device
Why cyber security is essential for SMEs
Customer data and sensitive information is just as valuable to cyber criminals as it is to your business. In addition to potential data loss there's also the cost of lost productivity and revenue due to downtime, reduced customer trust and confidence, and damage to your business reputation.
However, there are a few simple steps you can take to protect your business and reduce the risk of a cyber attack.
Here's the ACSC tips for protecting your business:
- Turn on multi-factor authentication (MFA) wherever possible, starting with your most important accounts
- Use a password manager to create and store unique passwords or passphrases for each of your important accounts
- Limit the use of shared accounts and secure any that are used in your business
- Ensure each user can access only what they need for their role. Sometimes referred to as Zero Trust Network Access (ZTNA).
To protect your devices and information:
- Turn on automatic updates for your devices and software
- Create and implement a plan to regularly back up your information
- Set up security software to complete regular scans on your devices
- Speak to an IT professional about ways to secure your network. This could include penetration testing to find and fix network vulnerabilities
- Perform a factory reset before selling or disposing of business devices
- Configure devices to automatically lock after a short time of inactivity
- Understand the data your business holds and your responsibilities to protect it.
Your Cyber Insurance solutions
As the frequency and severity of losses continues to grow, there are two (2) main policy types / extensions that Coverforce recommend for your business when looking to arrange cyber insurance:
- Cyber Crime Insurance (or Cyber Crime Policy Extension) - A typical policy will provide cover for theft of money resulting from a cybercrime event. For example, social engineering fraud, phishing, phreaking or other forms of cyber fraud involving loss of money.
- Cyber Liability and Privacy Protection Insurance - A typical policy will provide cover for the following when incurred as a result of a cyber event, or breach of privacy as defined by the insurer's policy wording: first party (own) costs and expenses. Cover for theft of money is excluded.
How Coverforce can help
As technology advances and more businesses have an online presence, it also opens a new set of liability issues and cyber risks.
Our team of experienced brokers are here to provide personalised risk advice and tailored, competitive insurance solutions that can help minimise your financial losses as a result of a cyber incident. If you haven't already, contact your local Coverforce Office today or call 13000 COVER.
The information provided in this article is of a general nature only and has been prepared without taking into account your individual objectives, financial situation or needs. If you require advice that is tailored to your specific business or individual circumstances, please contact Coverforce directly.
REFERENCES
- https://www.cyber.gov.au/about-us/news/Cyber-Security-Awareness-Month-2023
- https://cybersecurityventures.com/cybercrime-damage-costs-10-trillion-by-2025/
- https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/small-business-cyber-security/small-business-cyber-security-guide
- https://www.cyber.gov.au/about-us/reports-and-statistics/acsc-annual-cyber-threat-report-july-2021-june-2022
Find this article helpful? Click on one of the links below to share the content.