Cybercrime is the #1 risk for the nation’s businesses, with an incident reported every seven minutes on average to the Australian Cyber Security Centre (ACSC). To quantify those risks, a University of NSW book, Cybercrime in Australia: 20 Years of inaction, estimates it cost the Australian economy $42 billion in 2021.
As well, cyber risks and business interruption are the top insurance concerns for 2023, according to a multi-national insurer’s survey of almost 3,000 risk management experts across the globe.
However, just one in four Australian businesses have invested in cyber insurance to protect against online risks.
Major Australian cyber events of 2022
Last year, Australia experienced the most severe data breaches in its history. We had the highest data breach rates per capita globally, says VPN service company, Surfshark. We had 7,387 user accounts per 100,000 breached. Russia was second at 2,568 per 100,000.
Some companies that suffered major cyber breaches included:
- Medibank (which affected 9.7 million people)
- Woolworths’ MyDeal hit 2.2 million
- Medibank, 9.7 million.
You can find out more about these and other breaches from this official report from the Federal Home Affairs office.
What an attack can cost small business
A cyber attack can increase your legal liabilities and cause major financial damage to your small business. There will also be impacts on your business productivity, employee morale, and pricing structure. Your brand may not recover, either, which means lost business.
Direct costs include handling immediate repairs and damage, dealing with ransom demands, offering free credit monitoring, and having staff take the influx of customer calls. You may need to discount your products and services or offer them for free for a time, as well as pay fines.
To address the fallout, you’ll probably need to hire experts in IT security, law, risk management, auditing, management, and public relations.
An ACSC survey of small businesses has found the latter know cyber security is important, with almost two-thirds having experienced such an incident. Typically, cyber breaches include malware, viruses, compromised emails and payments systems, data/privacy breaches and denial of service attacks.
But many small businesses face these in-house barriers to proper online security:
- They assume a limited online presence reduces their cyber risks
- Lack of dedicated staff focusing on IT security
- Underestimate the complexity of cyber security, as well as the risks and consequences of a cyber breach
- Face challenges in rolling out security measures
- Exhibit poor planning and response to cyber incidents
- Don’t see good cyber security as an opportunity to innovate and grow revenue and profit.
As well, about half of small-to-medium-sized businesses spend under $500 annually on cyber security. The ACSC says that shows a groundswell of firms are taking a DIY approach to cyber risk management. Or small businesses may avoid forewarnings not to delegate the task to Generation Z family members or staff.
Why you need cyber insurance
There’s no silver bullet to deflect all cyber risks. A good first step is to include cyber risk into your business risk management practices to build resilience. Then, evaluate what type of data you’re holding and the repercussions of losing that data, for example, privacy breaches in respect of customer's personal information.
Your cyber security framework should span these functions: identify, protect, detect, respond, and recover.
It’s also worth considering risk management, which includes cyber insurance. Such cover helps reduce specific direct and indirect financial losses to your business because of a cyber incident.
Cyber insurance can give peace of mind to business owners because the insurer assigns you an incident response specialist to manage and recover from the cyber incident. They may:
- Conduct a forensic investigation of your computer systems
- Seek legal advice for you
- Respond to regulators, such as after a privacy breach
- Secure public relations expertise to mitigate reputational damage
- Organise costs to help secure your computer system against future issues.
We’re here to help
There are two main policy types for cyber coverage: a cyber risk policy is broad and includes first and third-party liability. Meanwhile, cyber liability may only cover your liabilities to third parties because of a cyber incident. We can guide you on the coverage to suit your business.