From June 2020 to June 2021, the Australian Cyber Security Centre (ACSC) received, on average, one report of a cybercrime every 8 minutes. In 2021-22, it was one report every 7 minutes. And last year, it had dropped again to one report every 6 minutes.
Perhaps even more concerning is the fact that last year the average cost per cybercrime report shot up by 14% to $46,000 for small businesses and $97,200 for medium businesses.
There are plenty of things you can do to minimise your vulnerability to attack, but every business should have a robust and well-thought-out crisis and continuity plan in place, just in case. Here’s how Cyber Liability insurance can play an important role in that plan.
Facing the financial fallout of hacks, breaches and data loss
When you’re hit by a cyber attack, the costs to your business extend beyond the money that gets stolen or syphoned away—although that alone can be financially devastating. For example, when cybercriminals hacked into a hairdresser’s VoIP telephone system and made $30,000 worth of calls to a premium number.
Coping with these initial losses is bad enough, but finding and fixing the problem is another potentially hefty expense.
For instance, after hackers stole $5,000 from a real estate agent by changing the payment information it sent out to its clients, it cost the business a further $11,756 for a forensic IT specialist to diagnose and deal with the issue.
Then there’s the obligation to notify.
“Under certain regulations, there’s an obligation to notify people when their data has been breached, and this can be quite costly,” says Jane Mason, Head of Intermediated Business at BizCover.
We actually had a claim totalling nearly $250,000 as a result of notification obligations caused by a lost laptop.”
Depending on the nature and extent of the breach, there may be more stringent obligations such as providing credit monitoring services to help prevent identity theft and/or fraud on people’s credit or banking services.
How has Cyber Liability insurance got your back?
One major benefit of Cyber policies is that they combine both first-party losses—i.e. losses to your own business—and third-party losses, Jane explains. But that’s not the only way it could help save your bacon.
“One of the biggest benefits is what we call ‘incident response services’,” Jane says. “If I’m a small business and I came into work and something had gone wrong, like a ransomware attack, I wouldn’t have a clue what to do. In these situations, time is of the essence and acting quickly can reduce the severity and extent of an attack.”
“These incident response services, which are 24/7, can help minimise the extent of the cyber breach, with immediate assistance and an appropriate response, and they often also provide assistance with recovery. So, they’re probably one of the most important services under a Cyber policy—and I personally wouldn’t purchase a policy that hasn’t got it.”
When comparing policies, Jane says other important things to look for include price, insurer reputation, and social engineering cover.
Social engineering refers to the way in which cybercriminals trick or manipulate people into revealing sensitive information or providing unauthorised access to systems and data. For example, by impersonating a trusted source via email and convincing someone to click on a malicious link or file.
“Social engineering is optional in most policies, but it’s probably the biggest threat to small businesses at the moment,” Jane says. “So, once again, I personally wouldn’t purchase a Cyber policy without it.”
Get a sense of your vulnerability
To level-up your cybersecurity awareness, Jane recommends checking out the ACSC website. It’s full of invaluable information and resources, including a small business cyber security guide and information about data breaches.
Additionally, small businesses can easily access the Cyber Wardens program funded by the Australian government and supported by the Council of Small Business Organisations Australia (COSBOA). It’s one of the best tools to help small business owners learn to be cyber-safe and recover from cyber attacks. These courses are simple, and businesses don’t have to be tech-savvy to benefit from these resources.
For a quick DIY security check-up, she suggests trying to fill out a Cyber insurance quote form, and seeing how far you get.
“An insurance company will ask you key questions around how you’ll mitigate risk,” she says. “So, employee education is one of those, as is implementing very simple practices in your business for when money is leaving the company, such as dual sign-off and multi-factor authentication.
“Backups are a big one, and obviously all the standard things, like software updates, firewalls and security software. So, if you can’t meet any of those requirements, that’s a good guide as to where you should be starting to improve your cybersecurity measures and reduce risk.”
Read now: Why you should never “set and forget” business insurance
Comments