Australian businesses are experiencing increasing incidents of cyber attacks, with reports up more than 700% since February last year (costing $7.8 billion nationwide) according to a report by research firm Security in Depth.
It’s not just large businesses and corporates that experience large scale data breaches and cyber attacks – this year we’ve seen a wide range of businesses impacted, from savvy tech start ups to banks, hospitals and transport. In 2017, over half a million Australian small businesses fell victim to cyber crime according to Norton. This is over 50% of all cyber attacks. Additionally, these attacks often have a devastating impact on small or newly established businesses, with 60% of these companies closing within half a year of an attack according to a Small Business Trends report.
What is cyber risk?
Cyber risk is any risk associated with financial loss, disruption to operations or damage to an organisation’s reputation from a negative event impacting the organisations information and/or information systems. This can include cyber crime, data breaches and system outages as examples.
Technology and the internet have have revolutionised the way businesses operate, and continue to evolve. Unfortunately, the risks accompanying these new developments evolves just as quickly, leaving businesses vulnerable to new threats they haven’t faced in the past.
Managing your cyber risk
The first part of managing your risks is understanding and identifying the risk. Finding your exposures means doing a deep dive into your business – here are a few questions to help you:
- Who can access your business data? Make sure you know which suppliers, employees or others have access to your information. Do you have good controls in place to give access when it’s needed AND remove access when it’s no longer required or when an employee leaves for example?
- What are your points of access? Review how your data is stored and what devices your data can be accessed from (and who has those devices, where do they store them, etc.)
- What controls and procedures are already in place to protect your business? Do you have a process in place to ensure people update their password regularly (and that a rigorous password is required with characters and numbers required?) Do you have a system to automatically back up your data onsite and offsite, as well as regularly update your software and plug ins?
- What education do you provide your people? A recent study by Cisco found that over 60% of employees have done things that put their company at risk. This can be things like sharing their password or walking away from their computer without logging off, losing devices like their computer or even just a USB with sensitive information on it, or opening emails that looked somewhat legit but ended up being something more sinister like spyware, malware or ransomware. Even good cyber hygiene like using strong passwords (and different ones, not the same one for everything), and changing passwords regularly can go a long ways towards protecting your data. Ensuring regular reminders and training will keep things front of mind for you and your team.
- Have you tested your cyber risk? You can pay an ‘ethical hacker’ business to run penetration testing and provide you with a clear and current view of the strength of your cyber risk management programme. Most businesses are very surprised at their current level of risk (and much of it is easily avoidable).
What role does cyber insurance play for your business?
In conjunction with the risk management steps we outlined above, your cyber insurance acts as your safety net. Given the rapidly changing online environment combined with the possibility of human error, it’s nearly impossible to perfectly manage every cyber risk. That’s where your insurance solution plays its part.
In today’s digital age, cyber insurance can provide critical protection to businesses of all sizes and industries.
Cyber insurance is intended specifically to cover the potential costs of technology, data network and cyber communications liabilities. Specific policy wordings differ, and your solution can be tailored for the needs of your business. Typically, the options include insurance for:
- Data theft or loss
- Risk assessment reviews
- Cyberterrorism
- Legal issues, including the cost of notifying customers of a data breach
- Business interruption
- Recovery measures, such as equipment repair and penalties.
While cyber insurance can’t replace your firewalls, encryption programs or IT team, this coverage can ensure that your company survives a technology-related breach or loss.
We would be happy to discuss your unique situation and needs – contact us for more information or if you would like a quote.