It has become common place to read about cyber security breaches in the news. This week, the Australian NDIS health data breach has been all over the news. So it is not surprising that cyber insurance has now become a frequently discussed topic. It is a well known fact that cyber crime is on the rise, with criminals becoming increasingly brazen in their attacks.
For example, the world recently watched on in shock as a large part of the USA was not able to obtain fuel because cyber hackers penetrated a utility company’s IT system and shut it down.
Locally here in Australia, hackers recently shut down the back end of the Nine Network, which is a business that owns radio stations, a TV network, and newspapers.
Obviously, attacks such as these mean small businesses in Australia can longer ignore cyber threats. Currently, the three largest cyber exposures are business email compromise, ransomware and human error.
In reaction to the intensified awareness, the Australian Governments has become increasingly active in trying to reduce cybercrime. The federal government has done this by introducing regulations to protect personal data. Government has also looking at legislation to make it mandatory for companies to disclose if they have paid money as a response to a ransomware attack.
When developing a risk management plan for cyber security in small business, begin by understanding your existing security controls.
When it comes to cyber risk, the problem for many small business owners is that the are so focused on trying to keep the business running following the pandemic, they have not had time to adequately addressed their cyber risks.
The top priority for any small business is to ensure that they are backing up data correctly. The best way to circumvent paying a ransom is if a business has diligently backed up their data on a daily basis. This means if there is a cyber attack, the business with the help of their IT service provider can wipe the system clean and restore the system from back ups without needing to pay a ransom.
It is also important to remember, not only does the data need to be backed up, but you need to ensure that it’s recoverable. You do not want to be left in a situation where the business goes to retrieve the backed-up data only to find that it has been compromised. This means the business with the help of it’s IT provider should test that back-ups work prior to an attack actually happening. Also, it is critical that the business’s anti virus software is automatically updated.
It can be challenging for a small business to know how to identify their cyber risks when they are focusing on their day-to-day operations. It is important for smaller businesses to consult with their managed IT services provider or consultant. It is important to act on their recommendations and adequately invest in your IT systems and controls.
That said, all the systems and controls in the world can not guarantee that a cyber attack will not occur. This is why Cyber insurance also plays a critical role. Cyber Insurance protects a business and allows it to transfer losses arising from a cyber incident to the insurer.
In simple terms, there are three main cyber risks an SME business can manage through insurance.
The first risk is losses to your business, for example loss of profits, business impact costs, and preventative shutdown costs.
Insurance can cover the cost of:
- third party litigation from affected clients;
- Regulatory investigations (notifiable data breaches)
- Fines and penalties
- IT forensics
- Virus extraction
- Customer notification costs
- Public relations costs
It’s important to realise insurance is effectively the last line of defence. Taking a proactive approach to your business’ cyber exposure is critical. The right IT support and staff training will play an important role in reducing the chances of an attack.
With cyber threats on the rise, now is the time to review your cyber arrangements to ensure if there is an attack, you are adequately prepared.
If you have any questions, please speak to FD Beck Insurance Brokers. We can help with arranging a cyber insurance policy that is suitable for your business.